Overview#
Resource Action is the specific Action that may be performed on a Target Resource.Resource Actions might be used as Contextual Attributes within an Attribute Based Access Control
An Example Resource Action might be the CRUD Access Actions:
Or Example we could have Resource Actions:
- Operating System Privilege to "Read" a File.
- Physical Access Control Privilege to "Open" a Door.!! Resource Action for SQL and HTTP / REST and LDAP[1]
| Operation | SQL | HTTP/REST | LDAP |
|---|---|---|---|
| Create | INSERT | PUT / POST | Add Request |
| Read | SELECT | GET | Search Request/SearchResultEntry |
| Update | UPDATE | PUT / POST / PATCH | Modify Request |
| Delete | DELETE | DELETE | Delete Request |
Though HTTP GET and HTTP DELETE coordinate well, HTTP POST, HTTP PUT, and HTTP PATCH aren’t directly synonymous with a single CRUD operation. For example, HTTP POST doesn’t necessarily only mean “Create”. It’s actually a very versatile method — so versatile that the entire SOAP protocol is tunneled through the HTTP POST method when used with HTTP.
Since HTTP Methods don’t map cleanly to CRUD, Ulsberg argues that API providers should consider how they might describe their APIs in a different way: "Don’t limit yourself to CRUD when you design a REST API. You should read the specification and understand the semantics of each method, and use it properly." What it comes down to is that REST is an Architecture Model, not a protocol.
More Information#
There might be more information for this subject on one of the following:- Access Control
- Consent Mechanism
- Contextual Attributes
- Grant Negotiation and Authorization Protocol
- Lattice Based Access Control
- Next Generation Access Control
- OAuth Scopes
- Permission
- Policy Based Management System
- Privilege
- WIKI-Security Policy
- XACML
- [#1] - Designing a True REST State Machine
- based on information obtained 2017-02-02-