Mailing List Archive: 49091 messages
  • Home
  • Script library
  • AltME Archive
  • Mailing list
  • Articles Index
  • Site search

[REBOL] A rainy Sunday problem

From: maarten::vrijheid::net at: 23-Nov-2003 9:57

Hi All, Actually a problem for more than one Sunday.... One of my interests is authorization in general, and on of the nicest concepts I have seen is Spocp, a policy engine that is based on restricted S-Expressions. I have put the docs (5 pages) on: If you are interested in what's below make sure you read them! The idea is pretty simple: you can formulate a rule as an S-expression and aquery as well. E.g. ( allow ( maarten) ( read access )) Spocp put some restrictions on S-expressions which make life a bit easier. Basically a rule only evaluates to true if it is more permissive than the query, and to get there you more or less compare the elements in S-expressions. You can also have so-called starforms, that allow for ranges and sets. ( * range numeric 10 15) to name one. Of course this can easily implemented in REBOL using all the datatypes on board! I have two implementation strategies so far: 1) build a set of support functions that are use when comparing a rule and a query. This builds upon REBOLs block/paren manipulation capabilities and datatype support. 2) Translate every rule and query to a set of REBOL parse rules dynamically that are used to parse a spocp query. Option 1) obviously is the more "classic" approach, and option 2) feels more "REBOLesque", treating S-Expressions as a dialect, dynamically generating a parser per rule. Option 2) is a hard nut to crack though: Queries can contain sets as well as rules, and in that case the evaluation is true if any element of both sets match. Gerenate parse rules for that! This may imply that queries need to be pre-processed a little as well. So the problem is: implement all or a part of an advanced form Spocp with option 2, dynamically generating parse rules per S-expression (rule). I think that the more mathematically/theoretically oriented people here can have some fun with that! At least I do ;-) --Maarten