...
| Code Block | ||
|---|---|---|
| ||
# as strings <> acl:agent "obiwan", "yoda" . # as URI references <> acl:agent ex:obiwan, ex:yoda . |
...
| Note |
|---|
...
Fedora Implementation Note: This is a slight departure from the W3C's description of WebAC, where the object of the |
...
. |
However, listing individual users this way can get unwieldy, so you can also use the acl:agentGroup property to specify a group of users:
...
| Code Block | ||
|---|---|---|
| ||
# contents of </groups/jedi>, using strings to identify members:
<> a vcard:Group;
vcard:hasMember "obiwan";
vcard:hasMember "yoda";
vcard:hasMember "luke" .
# contents of </groups/jedi>, using URIs to identify members:
<> a vcard:Group;
vcard:hasMember ex:obiwan;
vcard:hasMember ex:yoda;
vcard:hasMember ex:luke . |
...
| Note |
|---|
Fedora Implementation Note: As currently implemented, the group resource must also be stored in Fedora; there is no support for referencing external URIs with the |
...
"What?" - Resources and Resource Types
...
Finally, an authorization states how the users or groups can interact with the resource or type of resource. This is known as the mode of access, and is specified using the acl:mode property. There are two predefined modes from the W3C's description of WebAC that Fedora understands: acl:Read and acl:Write. There are two additional access modes defined by the W3C document: acl:Control and acl:Append; however, they are not implemented in the fedora WebAC module.
Bringing it All Together
Here is a complete example of a WebAC ACL and its authorizations:
...
| language | text |
|---|
...
| Mode | Meaning | Allowed HTTP Requests |
|---|---|---|
acl:Read | read a resource |
|
acl:Write | write to a resource |
|
acl:Append | add to a resource |
|
acl:Control | read and write a resource's ACL |
|
...