Add time constraints to WAC rules

[justinwb]

The current Web Access Control Spec lets you create rules to control whether an agent or group of agents can access resources, and to specify specific modes of access (read, write, append, control). However, it doesn't allow for the specification of when these accesses are permitted.

In the simplest (and perhaps most useful) use case, this would allow for expiry of a given authorization rule. For example, a user wants to grant temporary access to someone, and creates an authorization rule that expires in twenty-four hours. However, other use cases could call for the ability to specify when the rule activates, or involve the ability to limit access to a certain time window each day, etc.

[dmitrizagidulin]

👍 , would be a great feature.

[kjetilk]

Actually, I have a PR open that is related: https://github.com/solid/web-access-control-spec/pull/37 (although it was geared towards caching, we could clarify the semantics to deal with some of this)

[csarven]

Expiry sounds good. "Valid" "from/to" or "not before/after" seems fine too.

Just to add to scenarios where this can be useful from an application's perspective: going in/out of offline mode. Knowing the time-based constraints can help an application decide what to do next (eg. https://github.com/linkeddata/dokieli/issues/259#issuecomment-521947770 ) especially if it makes sense to expose that information through WAC-Allow.

[csarven]

This issue is mostly a duplicate of https://github.com/solid/web-access-control-spec/issues/10 and it'd be good to take it up around the same time with that and Kjetil's related PR: https://github.com/solid/web-access-control-spec/pull/37

The essence of this and relate issue is captured in WAC Editor's Draft: https://solid.github.io/web-access-control-spec/ . See #authorization-extensions .

Moving this issue to https://github.com/solid/web-access-control-spec for future discussion.