From 251739002c96477b373db651d12cf46214bc4f6d Mon Sep 17 00:00:00 2001
From: Henry Story <henry.story@bblfish.net>
Date: Wed, 2 Jun 2021 12:00:53 +0200
Subject: [PATCH] get closer to UCR example, use relative URLs

---
 proposals/evaluation/uc-3-inheritance.md | 28 +++++++++++++++++++-----
 1 file changed, 23 insertions(+), 5 deletions(-)

diff --git a/proposals/evaluation/uc-3-inheritance.md b/proposals/evaluation/uc-3-inheritance.md
index 5a5b78d7..3447c551 100644
--- a/proposals/evaluation/uc-3-inheritance.md
+++ b/proposals/evaluation/uc-3-inheritance.md
@@ -29,14 +29,32 @@ Note: Resources linked to a collection via `ldp:contains` will inherit policies
 
 ### WAC
 
+The Weekly status collection is an `ldp:BasicContainer`, which contains a number of `ldp:BasicContainers`, one for each weekly meeting. The advantage of having these as containers rather than plain resources is that any number of other documents can be added to the container too.
+
 ```turtle
-ex:Collection1
-  ldp:contains ex:Resource1 .
+<.> a ldp:BasicContainer;
+  ldp:contains <2021-04-28/>, <2021-05-05/>, <2021-05-12/> .
+```  
 
-ex:AccessControl1
-    acl:agent ex:Alice ;
-    acl:default ex:Collection1 ;
+
+The `<weekly-status/>` container links to an `acl:accessControl` resource located at `<.acl>` in the same container. So we have the following hierarchy of resources:
+
+```
+</work/weekly-status/>
+</work/weekly-status/.acl>
+</work/weekly-status/2021-04-28/>
+</work/weekly-status/2021-05-05/>
+</work/weekly-status/2021-05-12/>
+```
+
+This acl contains
+
+```turtle
+[]  acl:agentClass </groups/research#g1> ;
+    acl:default <.> ;
     acl:mode acl:Read .
 ```
 
 Note: A resource will use its parent container's access control `acl:default` authorization unless it has its own access control defined (parentage being defined via the `ldp:contains` predicate). Inheritance is not granular and can be cut off by adding an access control to a resource at any point in the resource hierarchy tree. If the parent container doesn't have an access control, the WAC inheritance algorithm works its way up through `ldp:contains` predicates.
+
+The downside of this is that adding an access control resource, requires all the relevant rules to be copied to the new acr, creating duplication of rules.
\ No newline at end of file