...
- Review WebAC fundamentals
- Establish minimum initial Phase1 scope/use-cases
- Allow admin agent to always have full access to resources and ACLs
- Allow admin agent to CRUD ACLs
- Allow admin agent to assign ACLs to resources
- Allow a specific agent to READ a resource
- Allow a specific agent to READ and WRITE a resource
- Allow a specific agent to CREATE a resource, but not update it
- Allow a specific agent to assign an ACL
- Allow a class of agent to do the above (d - g)
- Allow a specific agent to do the above over a class of resources (d - g)
- Allow a class of agent to do the above over a class of resources (d - g)
- When access is denied return a 403 and a body (or link header) with cause
- Reconfirm commitments
- Schedule initial two sprints
- Address questions (can also happen offline)
- ACL resource is its own ACL?
- What it the algorithm for finding an ACL on a resource?
- if is ACL (rdf:type Authorization), use itself
- if incoming reference from ACL, use it
- else traverse up ldp:contains or pcdm:hasMember or custom? relationships
- How should conflicting policies be handled?
- Discuss Phase2 scope/use-cases
- ...
Related Documents
- https://www.w3.org/wiki/WebAccessControl
- https://github.com/duraspace/pcdm/wiki#webacl
- Authorization Delegates
- http://www.w3.org/ns/auth/acl
...