Comments (7)
RubenVerborgh
commented on August 11, 2024
* `acl:Write` means you can do 'DELETE' on that container
Correction: means DELETE on resource inside of that container.
from web-access-control-spec.
michielbdejong
commented on August 11, 2024
DELETE on resource inside of that container.
Oh, that's not how I read the current spec text. Where is that documented and/or implemented?
from web-access-control-spec.
RubenVerborgh
commented on August 11, 2024
- nodeSolidServer/node-solid-server#729
- solid-contrib/solid-permissions#28
- nodeSolidServer/node-solid-server#1014
from web-access-control-spec.
michielbdejong
commented on August 11, 2024
Thanks for the link, slightly shocking that that remark from @dmitrizagidulin about "this should be a spec-level discussion" was just ignored there. I created #47 about it now, so we can discuss that there.
That does bring me back to the original two points of this issue - when deleting a container, should the ACL doc be deleted, and should members and sub-members be deleted?
from web-access-control-spec.
RubenVerborgh
commented on August 11, 2024
"this should be a spec-level discussion" was just ignored there
Told you, the spec has massively been neglected, cfr. https://lists.w3.org/Archives/Public/public-solid/2019May/0015.html:
The "Solid spec" (however we frame it) wasn't intended to be above and beyond documenting a rough understanding and expectations to enabling the Solid ecosystem. So, nothing was written in stone and it only reflected what we arrived at with part implementations.
So definitely something that needs to be adjusted indeed.
That does bring me back to the original two points of this issue - when deleting a container, should the ACL doc be deleted, and should members and sub-members be deleted
The intention was to not do an rm -rf. In principle, if we are really strict with Cool URIs, a container deletion should result in a tombstone such that the same container can never be created again. But that obviously goes way too far for practical purposes.
I would argue that all deletions need to be manual. This does require visibility of the .acl file though.
In no circumstance should a user without Control permissions be able to cause the deletion of an .acl file, in whatever way.
from web-access-control-spec.
michielbdejong
commented on August 11, 2024
OK, so conclusion:
acl:Writeon a container means you can do 'DELETE' on that container- see also a proposed spec change in #47
- if the container contains anything other than a .meta, the delete operation will fail
- so that includes, if a .acl document exists in a container, the delete operation will fail
- we should document this
from web-access-control-spec.
michielbdejong
commented on August 11, 2024
Resolved, created #48 for the last point.
from web-access-control-spec.
Related Issues (20)
- Use WAC ontology for authorizing authentication HOT 4
- Proposed Fix to: Loss of Access with lower level ACL (Effective ACL Resource Algorithm) HOT 18
- More explicit names for `acl:accessTo` and `acl:default` predicats HOT 1
- Is N3 patch allowed for Append access? HOT 4
- Is create an append operation? HOT 8
- Bad numbering of Access Privileges section HOT 1
- More examples needed
- This document should not present itself as a "Candidate Recommendation" HOT 4
- Append mode creation of resource should work as well with PUT HOT 3
- Credential based access control (WAC + VC) HOT 11
- Client identification HOT 26
- WAC-Allow's `access-mode` parameter to allow any term HOT 5
- Access Mode Extensions HOT 3
- Use of Latin Abbreviations HOT 1
- Dependent resources / explicit inheritance across containers HOT 7
- Clarify whether ACL needs normalization
- deprecate acl:Control, replace with ... HOT 2
- Edge cases require all implementations to couple authorization and storage HOT 36
- Append to container for resources creation not reflected in current text HOT 1
- Effective ACL Resource discovery requires 2n+1 requests HOT 28
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from web-access-control-spec.