...
The first part of the authorization describes who can access a resource. There are two ways to do this. The first is simply by naming particular users using the acl:agent
property, as either strings or URIs:
Code Block | ||
---|---|---|
| ||
# as strings <> acl:agent "obiwan", "yoda" . # as URI references <> acl:agent ex:obiwan, ex:yoda . |
(Fedora Implementation Note: This is a slight departure from the W3C's description of WebAC, where the object of the acl:agent
property must be a URI. We chose to implement it this way instead to ease the integration of the WebAC authorization module with existing authentication or single-sign-on systems that identify users with string usernames.)
...
Code Block | ||
---|---|---|
| ||
# contents of </groups/jedi>, using strings to identify members: <> a foaf:Group; foaf:member "obiwan"; foaf:member "yoda"; foaf:member "luke" . # contents of </groups/jedi>, using URIs to identify members: <> a foaf:Group; foaf:member ex:obiwan; foaf:member ex:yoda; foaf:member ex:luke . |
(Fedora Implementation Note: As currently implemented, the group resource must also be stored in Fedora; there is no support for referencing external URIs with the acl:agentClass
property.)
...