WebAC authorization fedora module is an implementation of the still evolving draft by the W3C that proposes a decentralized authorization mechanism. See WebAccessControl specifications at the W3C website.
W3C's definition of WebAccessControl:
WebAccessControl is a decentralized system for allowing different users and groups various forms of access to resources where users and groups are identified by HTTP URIs.
The WebAC module will enforce access control based on the Access Control List (ACL) RDF file associated with requested resource. The ACL file should specify the types of access, allowed users or groups, and applicable resources.
User/Group -> Read/Write/Append/Control -> Resource/ResourceType
Example:
1. userA can Read document foo
@prefix acl: <http://www.w3.org/ns/auth/acl>
...
</acls/write> acl:accessToClass </objecttype/news> ;
acl:mode acl:Read, acl:Write;
acl:agentClass </agents/newsEditor> .
Example Request Authorization Flow:
fedora_webac_request_authorization_flow.svg
...