Comments (6)
i would let the apps clean the acl (so acl can be more transparent and policies would be easy to renew)
from web-access-control-spec.
Note that RDF is monotonic, so if a graph is true, deleting statements leaves it true. Having an optional constraint like acl:validTill 2016-06-30 doesn't work like this. Ways to get around it are many -- have a separate class TimedAuthenticaion for example where the validTill is required. This also means old systems will fail safe.
from web-access-control-spec.
@timbl Can you explain a bit more, about monotonic? What do you mean about deleting statements? Does that mean our PATCH verb is useless?
from web-access-control-spec.
@nicola I agree the cleaning process shouldn't be part of the specs, but I believe the server is more in charge of cleaning. It can happen with every write to the resource or it can rely on server implementation. Poor applications shouldn't cause a lot of dummy triples on the pod.
@timbl does this mean in an authorization rule containing acl:validTill
, removal of acl:validTill
triple should leave the rest of the triples in the same authorization valid which is not the case here. Removal of acl:validTill
triple invalidates the whole authorization rule. I hope I got it right.
In this case, why don't we consider Authorization
is actually a TimedAuthorization
which has acl:validTill
mandatory and for unlimited authorizations, the object could be blank or a very far time in the future? does this make sense?
from web-access-control-spec.
@dmitrizagidulin do you think @timbl 's point also applies for acl:defaultForNew
as it is also optional?
from web-access-control-spec.
@ghanemabdo not sure.. I need to understand this subject better; I'll see if I can ask him about it today.
@nicola - don't forget that many (most?) apps won't have read/write access to the .acl
resource, and so won't be able to perform cleaning.
from web-access-control-spec.
Related Issues (20)
- Use WAC ontology for authorizing authentication HOT 4
- Proposed Fix to: Loss of Access with lower level ACL (Effective ACL Resource Algorithm) HOT 18
- More explicit names for `acl:accessTo` and `acl:default` predicats HOT 1
- Is N3 patch allowed for Append access? HOT 4
- Is create an append operation? HOT 8
- Bad numbering of Access Privileges section HOT 1
- More examples needed
- This document should not present itself as a "Candidate Recommendation" HOT 4
- Append mode creation of resource should work as well with PUT HOT 3
- Credential based access control (WAC + VC) HOT 11
- Client identification HOT 26
- WAC-Allow's `access-mode` parameter to allow any term HOT 5
- Access Mode Extensions HOT 3
- Use of Latin Abbreviations HOT 1
- Dependent resources / explicit inheritance across containers HOT 7
- Clarify whether ACL needs normalization
- deprecate acl:Control, replace with ... HOT 2
- Edge cases require all implementations to couple authorization and storage HOT 36
- Append to container for resources creation not reflected in current text HOT 1
- Effective ACL Resource discovery requires 2n+1 requests HOT 28
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from web-access-control-spec.