Comments (7)
The spec states where one can find acl files, but as far as I've seen it never says how the client could know where to create new acl files.
Yeah, it's like you suspected in PR #8, the implied recommended procedure is:
- Perform an OPTIONS or a HEAD request on the intended file URL (it's fine if the file does not exist yet, the resulting
.acl
link header is required to be returned). - Create that
.acl
file via a PUT - Create the corresponding file (note that the .acl should be created before the file)
Keep in mind though, that the most common use case is to have an .acl
at the container level, which all the files in the container will re-use. While it's possible that every single file will have its own individual .acl, that is a rare use case.
But I wonder how this would work if I wanted to create a new acl file with multiple accessTo values. Just choosing one file at random and then pick its proposed acl link?
Right, so... (And this should probably be clarified in the spec) Solid currently assumes that an individual .acl
resource only specifies access to a single file or container.
from web-access-control-spec.
Indeed, that's how I'm writing tests for it right now. But I'm not sure it makes sense to me, since that as you say, the .acl may reside further up the container hierarchy. The correct thing may be to make changes there rather than PUT
a new one. Something also tells me that this is something a footprint should decide.
from web-access-control-spec.
Thanks for your thoughts on it, as I'm currently writing an acl js library these are very useful to me.
I will go with checking the link header to know where it should put the new acl resource. I would appreciate it if this is clarified in the spec.
While it's possible that every single file will have its own individual .acl, that is a rare use case.
I think it is really common for file sharing and collaborating. For instance if I want to give user A write permissions on a doc, but the Public should only have read permissions. Or if I want to share a file like one can do in dropbox and co. Maybe there are not many other use cases, but here it seems essential to me.
Right, so... (And this should probably be clarified in the spec) Solid currently assumes that an individual .acl resource only specifies access to a single file or container.
From my point of view this is contrary to what the spec is currently saying: "The acl:accessTo predicate specifies which resources you're giving access to, using their exact URLs as the objects.". The plural of resource here makes me think that multiple accessTo predicates are also valid in the same acl file.
And what do you mean with footprint, @kjetilk ?
from web-access-control-spec.
And what do you mean with footprint, @kjetilk ?
Ruben has blogged about shapes and stuff, including footprints: https://ruben.verborgh.org/blog/2019/06/17/shaping-linked-data-apps/#top-dt-3
from web-access-control-spec.
Right, so... (And this should probably be clarified in the spec) Solid currently assumes that an individual .acl resource only specifies access to a single file or container.
Is this something that is commonly agreed upon to be part of the spec (but not clearly phrased imo), or do you mean that it is commonly implemented that way, but it is not sure if it will be part of the spec or not?
(I can also move this to another issue, so we have one issue per clarification request)
from web-access-control-spec.
I think that the general footprints mechanism will become a part of Solid at some point, and that it is where such things will be described. As the discussion is relatively new, I'm not sure exactly where it will fit, but I think the general idea is that it will be there.
from web-access-control-spec.
Closing this issue as consensus is deemed to be captured in WAC Editor's Draft: https://solid.github.io/web-access-control-spec/ .
See See #acl-resource-discovery #authorization-matching #reading-writing-resources .
from web-access-control-spec.
Related Issues (20)
- Use WAC ontology for authorizing authentication HOT 4
- Proposed Fix to: Loss of Access with lower level ACL (Effective ACL Resource Algorithm) HOT 18
- More explicit names for `acl:accessTo` and `acl:default` predicats HOT 1
- Is N3 patch allowed for Append access? HOT 4
- Is create an append operation? HOT 8
- Bad numbering of Access Privileges section HOT 1
- More examples needed
- Access Mode Extensions HOT 3
- Use of Latin Abbreviations HOT 1
- Add time constraints to WAC rules HOT 4
- Express what expectations users should have of acl:AuthenticatedAgent HOT 11
- Consider adding acl:originGroup HOT 3
- Security implications of ACL resources on different servers HOT 5
- Atomicity of creating a resource and its ACL HOT 2
- Dependent resources / explicit inheritance across containers HOT 7
- Clarify whether ACL needs normalization
- deprecate acl:Control, replace with ... HOT 2
- Edge cases require all implementations to couple authorization and storage HOT 36
- Append to container for resources creation not reflected in current text HOT 1
- Effective ACL Resource discovery requires 2n+1 requests HOT 28
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from web-access-control-spec.