Closed Otto-AA closed 4 years ago
Hi @Otto-AA, you're absolutely right, this is definitely a problem developers face. In the overall Solid spec repo, we're discussing how to solve it (largely coming to the same consensus as you suggest, of tying the lifecycle of the resource + its ACL together) - https://github.com/solid/specification/issues/58
The default (without ACL file) is that everybody can access the resource? Can that default be changed? Maybe by inheriting it?
@akuckartz A folder can specify if permissions will be inherited to files without an acl. So if /foo/ says, that per default only user X has access, then for /foo/bar.ttl without /foo/bar.ttl.acl also only user X has access. The problem is if we want /foo/bar.ttl to only be accessed by user Y instead. For more infos on inheritance: https://github.com/solid/web-access-control-spec#acl-inheritance-algorithm
@dmitrizagidulin Thanks for the information. This is exactly what I referred to (and more). I will close this issue in favor of the other.
Afaik, we currently have to create a resource, then check the link header for the acl location and then create the acl file for it. If the acl file creation fails (or just takes a longer period of time), the resource will be visible to others who shouldn't be able to access it.
To prevent this, I think we would need to make the acl file before or at least at the same time as the resource. I'd suggest making them simultaneously, because then it can't happen that one succeeds and the other fails.