solid / web-access-control-spec

Web Access Control (WAC)
https://solid.github.io/web-access-control-spec/
MIT License
122 stars 22 forks source link

Dependent resources / explicit inheritance across containers #92

Open dmitrizagidulin opened 4 years ago

dmitrizagidulin commented 4 years ago

The discussion about Auxiliary resources (and how they are tied to the life cycle of their primary resource) reminds me -- I'd love to see an addition to the Web Access Control spec that denotes "The ACL policies for this resource are fully dependent on the ACL policies of that parent resource."

Classic example: Blog posts and comments. The ACL of a blog post determines who can view the post. The post has a list of comments on it. And the access policy for the comments is determined solely by the access policy for the post. (Unless overridden/customized, dependent on the use case.)

So, something like:

bblfish commented 4 years ago

If I read it correctly this seems to follow from https://github.com/solid/authorization-panel/issues/73 "Client-Server symmetry" and also from follow your nose principles.

elf-pavlik commented 4 years ago

I would find it interesting to consider how much of the plumbing user gets exposed to. To my understanding shape trees attempt to create intuitive data boundaries. As general requirement I think we should have something in lines. "User should be able to assign existing access rules to a resource without need to change URL of that resource".

Another case that comes to my mind relates to few presets that networks like facebook offer: image

In that case each preset would need to stay immutable to avoid changing rules to all posts that preset applies by modifying the preset.

csarven commented 4 years ago

Before going further with the need, can we be clear on the use case or scenario?

The post has a list of comments on it.

I think the expectation in the Solid ecosystem is that content creator decides where to store the resource and the applicable authorization policy (whether they actively set that or not). With the commenter example, they'd normally be expected to store their comment in their own storage. In that case, article's ACLs and the comments in response to the article and other comments' ACL are potentially on different systems. Currently the resource and its ACL are expected to be under the same origin server or URI space.

Would it make sense to reframe the use case or raise a different one?

I would also add that regarding the inheritance as you describe, there may be some discrepancy between server's HTTP header referring to an ACL resource it manages meanwhile allowing clients to effectively bypass the authorization policy that would normally be assigned to it in the associated ACL resource. Related issue: inherited ACL gets deleted.

bblfish commented 4 years ago

@csarven

I think the expectation in the Solid ecosystem is that content creator decides where to store the resource and the applicable authorization policy (whether they actively set that or not). With the commenter example, they'd normally be expected to store their comment in their own storage. In that case, article's ACLs and the comments in response to the article and other comments' ACL are potentially on different systems. Currently the resource and its ACL are expected to be under the same origin server or URI space.

Both use cases make sense. It makes sense to allow posting content to a container on the same server just at it make sense to post it on one's own. In the latter case though one needs a way after posting the comment to one's own server to notify the original content of the comment. This process requires again a post (probably to a container linked to by the original post). And this notification post may well need restrictions on access to avoid spam.

Come to think of it, those two ways of doing things could make for separate and interlinked use cases. cc @justinwb

bblfish commented 4 years ago

Your point @dmitrizagidulin goes in the same direction as the high confidentiality use case I put forward https://github.com/solid/authorization-panel/pull/96

csarven commented 4 years ago

In the latter case though one needs a way after posting the comment to one's own server to notify the original content of the comment. This process requires again a post (probably to a container linked to by the original post). And this notification post may well need restrictions on access to avoid spam.

That equally applies to posting a comment about an article on the same server. To be clear, in order for an application to discover an article's comment, one of these common patterns needs to happen:

See also https://csarven.ca/linked-research-decentralised-web#linking-the-decentralised-information-space for an overview on key components and how they can be connected.

bblfish commented 3 years ago

@dmitrizagidulin wrote

I'd love to see an addition to the Web Access Control spec that denotes "The ACL policies for this resource are fully dependent on the ACL policies of that parent resource."

There are some proposals now in this direction.

  1. add :imports relation which allows an acl to import other acls. By default the acl for a resource created in a container would import the acl of the container .
  2. There is also the proposal on re-using policies that can go in that direction, but is finer grained. one way is described in issue 184. I am not yet that clear how that should work together with the imports proposal.