Brain on Fire Tim McCormack, distilled.

When a GET hits your server, your RESTful webapp should not alter the database. Why not enforce this at the permissions level?

In my quest to bring the features of Livejournal (and other proprietary social networks) to the open, public internet, I'm stuck on how to properly implements friend groups. Friend groups determine which users are allowed to see your more sensitive blog entries. I've pulled together a description of several alternative models, and I'd like some input.