The Permissions Sketch

Hey, Terry, Can I borrow your tags?

njr: Hi Terry

terrycojones: Hi Nick

njr: Seeing as we’re friends, could I see your, ratings please?

terrycojones: Sure. I’ve just set an exception on see for terrycojones/rating so njr can see it.

njr: Great thanks. Except, it’s odd. I can see that you have a rating on The Hitchhiker’s Guide to the Galaxy, but I can’t see its value.

terrycojones: Oh, you mean you want read permission. No problem. There I’ve set an exception for njr to be able to read terrycojones/rating too.

njr: Excellent. Yes, I can see it now. Just an 8, eh?

terrycojones: Yeah, well . . .

[A bit later]

njr: Terry, you know how we’re really good friends.

terrycojones: Sure.

njr: Well, I was wondering if it wouldn’t be useful if I couldn’t actually set ratings for you. For instance, when we were talking the other day, you were saying how maybe you didn’t even think THHGTTG deserved an 8, and you planned to take it down to a 6; only there you were working on three tickets and the net was down where you were, and basically you couldn’t be arsed?

terrycojones: Yeah, that makes sense. OK, I’ve given you `update permission on terrycojones/rating now, so you can change it.

njr: Wow, you’re really fast at that. Are you using some cool FluidDB client?

terrycojones: No, I just use curl and send the raw HTTP. The API’s so RESTful . . .

njr: [Rolls eyes]. OK, let me try that. No, not curl—changing your rating. Yeah, that worked. Cool. And I know you also wanted to give Pärt’s Tabular Rasa a 10, so I’ll just do that for you.

terrycojones: Great. Hang on, I’ll just give you permission.

njr: Eh? You’re going senile, mate: you just did. I changed your rating on Hitchhiker’s Guide to the Galaxy, remember?

terrycojones: Yes. But you only needed update permission for that. Now you want to tag a new object with terrycojones/rating. You need create permission to do that. But don’t worry, I’ve given you that too.

njr: Oh wow. These permissions are pretty-fined grained aren’t they? Yeah, I’ve done it. Except—fool!—I tagged the wrong object. I forgot the umlaut on Pärt in the about tag. I know you’re fussy about your accents, being Australian. (Mind you, Pärt might be fussy about it too.) So there I’ve put it on the right one now. Except—that’s weird, I can’t seem to untag the first one. Surely if I have update and create permission, that must allow me to remove a tag, right?

terrycojones: Of course not! Deletion is completely different! But no problem. I’ve given you delete permission on terrycojones/rating now.

njr: Right. So now I can do anything with terrycojones/rating, right? I can see it, read it, tag things with it (create), change tag values (update) and even untag things (delete). Truly, I have power over your ratings.

terrycojones: Yup. You could even make the world’s biggest Mariah Carey fan. But of course, I’d have to kill you if you did that. And you’re the only one apart from me who can set my ratings, so I’ll know.

njr: Consider it done.

But there’s more . . .

terrycojones: Of course, there are still things you can’t do with my ratings.

njr: There are?

terrycojones: Sure. You can’t do anything to the tag itself.

njr: You mean apart from see it, read it, apply it, change it and update it?

terrycojones: I said the tag itself.

njr: The tag . . . itself?

terrycojones: Yup.

njr: That sounds a bit abstract to me, Terry. I’m just a simple physicist. What are you talking about?

terrycojones: See, you change set my ratings, and change my ratings, but you can’t change terrycojones/rating itself. You can’t change what it means. And you can’t delete it.

njr: What it means?

terrycojones: Yes. If you look at the properties of the tag, you’ll find that the description of it is "terrycojones's ratings (Spinal Tap) scale".

njr: Spinal Tap scale?

terrycojones: Sure. Zero to eleven.

njr: Of course. Well, eleven’s nice, if a bit odd; and prime. What do you rate eleven?

terrycojones: Oh not much. The FluidDB permissions system. And Esteve.

njr: Esteve? Better not tell him. He’ll want a raise.

terrycojones: It’s OK; he’s on the exception list. He can’t read my ratings.

njr: But he writes the code!

terrycojones: Yeah, but you should see his principles. He’s uncorruptable.

njr: Alright, alright.

terrycojones: Anyway, the point is, you can’t change that.

njr: The incorruptable genius of Esteve?

terrycojones: Well, that too. But I meant the meaning of my ratings.

njr: Even though I have have every conceivable write permission on the tag?

terrycojones: Yeah, but not on the tag itself.

njr: (If you say itself in that meaningful tone one more time . . .)

terrycojones: Yeah, well, anyway, there’s a separate permission for updating the tag itself.

njr: [Expletives deleted.] Of course there is. And what’s that called?

terrycojones: update.

njr: No, see, you already gave me update permission, wise guy

terrycojones: On the tag. Not the tag itself.

njr: Oh, update on the tag itself. I see. And what about delete? You said I couldn’t delete the tag. But I’ve already removed that Part tag from the object without the umlaut.

terrycojones: Ah yes; but you haven’t deleted the tag itself

njr: [Further colourful expletives deleted] Right. So I can delete every terrycojones/rating you’ve ever put on anything, and indeed, any terrycojones/rating anyone else has ever put on anything for you. But I can’t delete the essence of terrycojones/rating, the meta-data about terrycojones/rating, the terrycojones/rating itself.

terrycojones: That’s right. (And it’s not meta-data; it’s data. All data is equal in FluidDB.)

njr: Whatever. So it that it? Is that really it?

terrycojones: Yup.

njr: So let me see if I have this straight. There are permissions for seeing, creating, reading, updating and deleting tags. And then there are some special administrative permissions for updating and deleting the tag itself.

terrycojones: That’s right.

njr: And that’s absolutely it? If you gave me those, I really would own you. I’d have complete control of terrycojones/rating.

terrycojones: Ah, well, it’s funny you should say that.

njr: There’s more isn’t there?

terrycojones: Well, there’s control.

njr: There’s control.

terrycojones: Yes, there’s control.

njr: Meaning . . .?

terrycojones: Well, who do you think’s been giving you all these permissions to tell the world about my secret infatuation with Mariah Carey?

njr: Ah, yes, Of course. There’s control of tags. Kind of like ownership of files. But surely, you own all the ``terrycojones tags, don’t you?

terrycojones: Sure I do. But I could given them to you if I wanted to. Or I could even let us share them: so we both controlled them.

njr: And that’s called control?

terrycojones: Right.

njr: And that works the same way? With an open/closed policy and an exception list?

terrycojones: Sure does.

njr: Wow. So you could you set it to be closed and not have any exceptions?

terrycojones: Yup.

njr: And then no one would be able to change it?

terrycojones: Not even God.

njr: Really? Is God subject to the FluidDB permissions system.

terrycojones: Well, not yet. She doesn’t have an account. But if she ever gets on, it’s the same rules for her as you, and me, and FluidDB. No exceptions.

njr: Wow, so you if you closed off all the permissions on your ratings and then took away control, your ratings would be like digital tatoos. No one could ever change them.

terrycojones: That’s right. I’m going to rate my mum 10 and then do that.

njr: Aaahhh . . .

Some months later

terrycojones: Hi Nick

njr: Hi Terry

terrycojones: You know how we’re great friends and all that shit?

njr: Sure

terrycojones: And how I trusted you with my ratings, and you mostly didn’t abuse except for that whole rating-Mariah-Carey-11 business.

njr: You love her really.

terrycojones: Whatever. The thing is, I thought it would be good if you have me permission on your njr/guardian-1000 namespace, so I can add some stuff and fix all the unicode you screwed up.

njr: Ah, unicode, yes. OK, what do I need to do.

terrycojones: Well, you could just give me control of it; then I could do anything.

njr: Control of njr/guardian-1000? So I guess control on a namespace is like control on a tag?

terrycojones: On a tag itself, right.

njr: Well, you know, Terry, I trust you and everything, but . . .

terrycojones: Yeah, OK. I don’t really need control. But create permission would be useful.

njr: OK, done. Is that it?

terrycojones: Well, actually, update would be useful too. Since you screwed its description.

njr: So update permission on a namespace is like the administrative update permission on a tag?

terrycojones: On the tag itself. Right. It lets you change the data about the namespace. Like the description.

njr: OK, I’ve done that too. Anything else.

terrycojones: Well you have an open policy on list, so I can see what’s there. But there seems to be some junk. I mean you have a sub-namespace njr/guardian-1000/best-FluidDB-UUIDs. I don’t think the Guardian has published its list of all-time best FluidDB-UUIDs yet. And even if it did, I think you’d want a tag not a namespace for that. So I think we could lose it. You know how I love deleting things.

njr: So delete it!

terrycojones: I will. But you need to give me delete permission on the namespace for that

njr: Right, so that would be another administrative permission on the namespace. Like delete on the abstract tag itself.

terrycojones: You’re finally getting this.

njr: Slowly, slowly, the egg walks, (as they say in Addis Ababa).

terrycojones: You ever been to Addis Ababa?

njr: No. But I know a woman who rates it an 11.

terrycojones: OK. It’s in the njr/guardian-1000/cities now too.

njr: It is?

terrycojones: It is!

njr: OK, Ciao, Terry. I’ll let you get back to your Mariah Carey records.

terrycojones: [Expletives I’ve never even heard before deleted.]