Open csarven opened 1 year ago
Maybe worth linking to those related authorization issues as well:
From the perspective of the ACP domain model, the approach and solution to such concerns could be quite generic because any resource can have an access control resource. The following, for example, is perfectly valid:
ex:resource1 acp:accessControlResource ex:acr1 .
ex:auxiliaryresource1 acp:accessControlResource ex:acr2 .
Generally, given that:
I don't think there is a lot of interest in implementing a system where auxiliary resources link to their own rel=acl
resource.
I think I would be in favour of:
This is already the case for ACL that express access to themselves via the acl:Control
mode. It would be possible to devise a new mode for specific types of auxiliaries... but that would be quite inconvenient because it would require new modes for each new type of auxiliary resource.
I think it would be preferable to express access to auxiliaries resources via their relation to the primary. In other words, I would rather express control over the thing that describes the primary resource rather than control over the description auxiliary resource itself. For example, ammending my first ACP example in that optic:
ex:resource1 acp:accessControlResource ex:acr1 .
[]
rel:describes ex:resource1 ;
acp:accessControlResource ex:acr2 .
https://solidproject.org/ED/protocol#auxiliary-resources does not specify access controls on auxiliary resources themselves.
Raising this as an issue as it its essence was brought up by different people over time, e.g.:
Related issues:
Notes: