search

solid / web-access-control-spec

Web Access Control (WAC)
https://solid.github.io/web-access-control-spec/
MIT License
120 stars 25 forks source link

Clarify matching conditions #96

Closed RubenVerborgh closed 2 years ago

RubenVerborgh commented 2 years ago

Following the discussion at https://github.com/solid/web-access-control-spec/pull/95#issuecomment-899087663, I am hereby suggesting language clarifications for authorization matches.

Issues with the existing text

The existing language reads:

When an operation requests […], the server MUST match an Authorization […]

  1. If taken literally (as we would with a spec), this means the following. If a request comes in, and the server does not match an Authorization, then the server is not compliant with the spec (because it MUST match).
  2. It is unclear whether this is a necessary or sufficient condition (which gave rise to #95).

Proposed solution

By rephrasing the relevant sentences to:

A request for an operation to […] MUST be denied if the server cannot match an Authorization […]

This phrasing:

  1. Is correct when taken literally.
  2. Is a necessary condition, but not sufficient (there can be other reasons to deny).
RubenVerborgh commented 2 years ago

Okay, thanks for reviewing. Please close if no one else considers this an improvement.

kjetilk commented 2 years ago

I don't know. I tend to think that if something causes confusion in one person, it is because it is confusing, but I'm not sure the patch improved the language. Are there some others we could test it towards?

RubenVerborgh commented 2 years ago

Thanks. Then in any case this PR does not seem to be the right text, so closing.