[REBOL] A rainy Sunday problem
From: maarten::vrijheid::net at: 23-Nov-2003 9:57
Actually a problem for more than one Sunday....
One of my interests is authorization in general, and on of the nicest
concepts I have seen is Spocp, a policy engine that is based on
restricted S-Expressions. I have put the docs (5 pages) on:
If you are interested in what's below make sure you read them!
The idea is pretty simple: you can formulate a rule as an S-expression
and aquery as well. E.g. ( allow ( maarten) ( read access ))
Spocp put some restrictions on S-expressions which make life a bit
easier. Basically a rule only evaluates to true if it is more permissive
than the query, and to get there you more or less compare the elements
You can also have so-called starforms, that allow for ranges and sets.
( * range numeric 10 15) to name one.
Of course this can easily implemented in REBOL using all the datatypes
on board! I have two implementation strategies so far:
1) build a set of support functions that are use when comparing a rule
and a query. This builds upon REBOLs block/paren manipulation
capabilities and datatype support.
2) Translate every rule and query to a set of REBOL parse rules
dynamically that are used to parse a spocp query.
Option 1) obviously is the more "classic" approach, and option 2) feels
more "REBOLesque", treating S-Expressions as a dialect, dynamically
generating a parser per rule. Option 2) is a hard nut to crack though:
Queries can contain sets as well as rules, and in that case the
evaluation is true if any element of both sets match. Gerenate parse
rules for that! This may imply that queries need to be pre-processed a
little as well.
So the problem is: implement all or a part of an advanced form Spocp
with option 2, dynamically generating parse rules per S-expression
(rule). I think that the more mathematically/theoretically oriented
people here can have some fun with that!
At least I do ;-)