Versions Compared

Old Version 28

changes.mady.by.user Jared Whiklo

Saved on

compared with

New Version 29

changes.mady.by.user Andrew Woods

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Given these multiple ways of inferring which ACLs apply to a given resource (via collection, class, or other metadata), there must be clear rules for determining the precedence of policies and for resolving conflicts between policies.
    1. See Finding the effective policy set below.
  2. In the interest of security, the absence of an applicable ACL should result in denial of Create, Update, and Delete requests (and possibly also Read requests?) to non-admin users, but should allow all CRUD operations to admin users.
    1. the absence of an applicable ACL will result in denial of all requests.

Proposed Requirements (Phase 1)

  1. F4 MUST allow assertions about authorization to be modeled in RDF in accordance with the WebAccessControl specification.
    1. Access assertions to be implemented are 
      1. READ -> GET a resource
      2. WRITE -> PUT/POST/PATCH/DELETE a resource
      3. APPEND -> PATCH a resource, restricted to Insert statements only.
    2. as well as extending for:
      1. DELETE -> DELETE a resource
      2. UPDATE -> PUT/POST a resource
    3. The implementation assumes an ACL is it's own ACL, therefore CONTROL will not be implemented at this time.
    4. Optional extensions (ie. regex matching) will not be implemented in Phase 1.
  2. F4 MUST be able to enforce authorization based on WebAC when a resource is requested via the REST-API
  3. F4 MUST allow authorization policies to apply to a group of resources which consists of:
    1. Resources sharing a rdf:type attribute matching an acl:accessToClass rule in an ACL in the preconfigured location.
    2. Resources (without their own specific policy) share the policy of their container (defined as the resource which ldp:contains the target).
  4. F4 MUST honor the most permissive authorization policy when multiple policies apply to a request.
    1. See the section Finding the effective policy set, for more clarity.
  5. F4 MUST provide a way for external services such as Solr to enforce the authorization rules defined in the repository.
    1. Would one method of achieving this be to create separate solr cores for public users vs. admin users and publish only the public resources to the former and everything to the latter, or does the use case dictate more granular distinctions?
  6. Each request for a Web Resource returns an HTTP document containing a Link header (Link: <>; rel=acl) to an ACL resource which describes access to the given resource and potentially others.
  7. Servers are required to recognize the class foaf:Agent as the class of all agents (i.e. foaf:Agent is synonymous with "everyone")

Removed requirements

  1. F4 resources that are open for public read should not challenge the client to authenticate
    1. What if a resource has no ACL? Should there be a default behavior? (for example allow all to admin user; deny all to non-admin?)
    2. This requirement specifies public *read*. Do we also want to allow a public write? While use cases for the latter are admittedly going to be rare, it would seem better not to be opinionated here if public write is what an implementer wants.

...