-
Notifications
You must be signed in to change notification settings - Fork 15
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Removing support for acl:accessToClass? #165
Comments
If we consider SOLID to be our base, then I feel we're bound to remove it. |
I agree. What is the impact on existing users of removing current support? |
The use of |
Discussion on editors' call yesterday was that we don't know of implementations using |
Raised on 2017-07-27 Fedora Tech Call - nobody present expressed concern about removing or said they use |
We (UMD) are interested in it for the purpose of simplifying our ACL structure, but we have not implemented it in any of our ACLs yet. |
To add on to what @peichman-umd said, we had/have a vision for maintaining a few access control policies as resources in Fedora, and having assets point to those policies rather than minting an ACL for each asset. As with so many things, however, the devil is in the details. With the current Modeshape implementation's limitations around objects with many members and the WebAC implementation's security-driven requirement that assets point to ACLs and ACLs point back to objects (in order to close the loop and thereby to prevent any user with write permission on an object also being able to change its access policy) -- we currently have a hard time seeing how it will ever be practicable to implement our original vision for repository-managed access controls. All that having been said, currently it would not present a problem for us if the feature were to be removed. |
@jwestgard -- this issue is just about binding inherited policies via a resource's semantic (RDF) type. With WAC inheritance and/or explicit association of many resources with a single ACL I think your use-case could be supported by the current WAC proposal, and would not use |
Thanks, @zimeon. I agree this removal wouldn't present a problem for us. The main blockers to implementation of our original vision are the lack of a configuarable access-control membership predicate and the many members issue. Sorry if I muddied the waters with the earlier spiel. |
Based on discussion in the 8/16: we should add a normative block saying:
|
@acoburn FWIW, the I certainly don't expect implementations to support inferencing for resolving acl:accessToClass, and would be happy to include language that says this explicitly and details some of the scenarios you have outlined. I also think that the use case that's been discussed in mailing list messages should probably be documented. But briefly the use case is:
This is functionality that is working in the Modeshape impl , and being used right now. Absent an alternative proposal to address this use case, we'll move forward with allowing implementations to support acl:accessToClass. |
Containment was our original plan for this, but currently Fedora WAC implementation does not support setting different membership predicates (other than ldp:contains) for inheritance purposes, or at least that is my understanding. We don't want to insert semantics into the arrangement of resources in our repository by relying on ldp:contains here (i.e. our repository has a flat structure). Just to be clear, we have not yet implemented this because our current content is able to be made public and so we use a single ACL at the repository root that allows public read of everything. We will very soon have assets that we need to restrict, and we are looking at any options that would allow us to avoid setting an ACL for each resource (which AFAIK is the current Samvera approach). |
@jwestgard The spec continues to insist that only ldp:contains be used for walking up the hierarchy to find the appropriate ACL to use, so I think the new implementations will continue to have this issue of requiring you to put all of your resources that want to share an ACL into a single container. So I think acl:accessToClass is a reasonable way to do that. This is really a tangent, but I have been in favor of keeping semantics out of URIs, in large part because the repository path and the URIs of the resources being described must be the same in Fedora 4. I think other implementations will allow you to describe other resources, so |
@escowles We agree that keeping access semantics out of URIs is a good idea. Cool URIs don't change, but access restrictions do over time. The worst case scenario is that we'll end up with an ACL for each resource, but we want to explore every alternative before we go there. |
Another option for the @jwestgard use case might be to use the root (or defaultForNew) to describe the read-only resource, and create a restricted container to put the more specialized policy in place there - presuming the flat URIs are a retroactive concern? |
Thanks, @barmintor for this. We are in fact using the root/default policy for publicly readable resources. We considered grouping resources under either collection containers or access-policy containers to accommodate more restricted resources, but in both cases we are worried that we'd be attaching semantics to the location of the resource in a way that could bite us later. In the former case we have items that are in multiple collections and in the latter we envision restrictions changing over time. |
Discussion on 2017-09-14 API Spec meeting suggestion that we should add wording:
|
where I think that the second bullet in above means:
|
The Solid spec does not support acl:accessToClass as a design decision. We currently do and acl:accessToClass is part of the original specification. Does Solid become our base and we remove support for acl:accessToClass?
Extracted from: #145
The text was updated successfully, but these errors were encountered: