From 65f43f550b5ad71062355ddf39acebc019423930 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Wed, 9 Dec 2020 09:56:56 -0500 Subject: [PATCH 01/34] add basic resource access reqs --- proposals/wac-ucr/index.bs | 60 ++++++++++++++++++++++++++++++++++---- 1 file changed, 54 insertions(+), 6 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index ae9aa721..2b5d2adf 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1126,13 +1126,61 @@ and the presentation goes off perfectly. Requirements {#requirements} ================================================================================ -Issue: Populate requirements based on established use cases. +## Functional Requirements ## {#req-functional} + +1. The system shall limit an [=agent's=] ability to access a + [=resource=] or [=collection=]. [[#uc-basic]], [[#uc-collections]] + +1. The system shall allow access to be limited to an [=agent=] + based on the [=identity=] of the [=agent=]. [[#uc-basic]], + [[#uc-collections]] + +1. The system shall allow access to be limited to an [=agent=] + based on the [=agent's=] membership in a certain group of [=agents=]. + [[#basic-group]] + +1. The system shall allow access to be limited to an [=agent=] + based on the [=application=] in use by the [=agent=]. + [[#uc-trusted-applications]] + +1. The system shall allow access to a certain resource to be limited to + the [=agent=] that created that resource. + [[#collection-readappendwrite]] + +1. The system shall allow access to be limited to an [=agent=] + based on the [=agent's=] possession of a certain verifiable credential. + [[#capabilities-vc]] (Future) + +1. The system shall allow access to be limited to any + unauthenticated [=agent=]. + [[#basic-public]] + +1. The system shall allow access to be limited to any + authenticated [=agent=]. + [[#basic-authenticated]] + +1. The system shall limit the ability to read the access permissions + associated with a certain resource. + [[#basic-control]] + +1. The system shall limit the ability to change the access permissions + associated with a certain resource. + [[#basic-control]] + +1. The system shall limit the ability to read a certain [=resource=]. + [[#basic-readonly]], [[#basic-write]], [[#basic-readappend]] + +1. The system shall limit the ability to change any of the contents of a + certain [=resource=]. + [[#basic-write]] + +1. The system shall limit the ability to delete a certain [=resource=]. + Corresponding use case needs to be added + +1. The system shall limit the ability to change existing data in a + certain [=resource=], such that only new data can be added to it. + [[#basic-appendonly]] -## Example Category ## {#example-category} - -### This is an example requirement ### {#example-requirement} - -Assert: Related Use Cases: [[#uc-basic]] Limitations of Legacy Web Access Control {#limitations} ================================================================================ From 646b5f6758369c3544de8e79e6e311ff007eac6f Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Wed, 9 Dec 2020 10:48:52 -0500 Subject: [PATCH 02/34] reflect panel feedback --- proposals/wac-ucr/index.bs | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 2b5d2adf..2540d17d 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1128,56 +1128,57 @@ Requirements {#requirements} ## Functional Requirements ## {#req-functional} -1. The system shall limit an [=agent's=] ability to access a +1. The system MUST limit an [=agent's=] ability to access a [=resource=] or [=collection=]. [[#uc-basic]], [[#uc-collections]] -1. The system shall allow access to be limited to an [=agent=] +1. The system MUST allow access to be limited to an [=agent=] based on the [=identity=] of the [=agent=]. [[#uc-basic]], [[#uc-collections]] -1. The system shall allow access to be limited to an [=agent=] +1. The system MUST allow access to be limited to an [=agent=] based on the [=agent's=] membership in a certain group of [=agents=]. [[#basic-group]] -1. The system shall allow access to be limited to an [=agent=] +1. The system MUST allow access to be limited to an [=agent=] based on the [=application=] in use by the [=agent=]. [[#uc-trusted-applications]] -1. The system shall allow access to a certain resource to be limited to +1. The system MUST allow access to a certain resource to be limited to the [=agent=] that created that resource. [[#collection-readappendwrite]] -1. The system shall allow access to be limited to an [=agent=] - based on the [=agent's=] possession of a certain verifiable credential. - [[#capabilities-vc]] (Future) +1. The system MAY allow access to be limited to an [=agent=] + based on the [=agent's=] possession of a certain verifiable credential + or capability. FUTURE. + [[#capabilities-vc]], [[#capabilities-link]] -1. The system shall allow access to be limited to any +1. The system MUST allow access to be limited to any unauthenticated [=agent=]. [[#basic-public]] -1. The system shall allow access to be limited to any +1. The system MUST allow access to be limited to any authenticated [=agent=]. [[#basic-authenticated]] -1. The system shall limit the ability to read the access permissions +1. The system MUST limit the ability to read the access permissions associated with a certain resource. [[#basic-control]] -1. The system shall limit the ability to change the access permissions +1. The system MUST limit the ability to change the access permissions associated with a certain resource. [[#basic-control]] -1. The system shall limit the ability to read a certain [=resource=]. +1. The system MUST limit the ability to read a certain [=resource=]. [[#basic-readonly]], [[#basic-write]], [[#basic-readappend]] -1. The system shall limit the ability to change any of the contents of a +1. The system MUST limit the ability to change any of the contents of a certain [=resource=]. [[#basic-write]] -1. The system shall limit the ability to delete a certain [=resource=]. +1. The system MUST limit the ability to delete a certain [=resource=]. Corresponding use case needs to be added -1. The system shall limit the ability to change existing data in a +1. The system MUST limit the ability to change existing data in a certain [=resource=], such that only new data can be added to it. [[#basic-appendonly]] From 0ec312ec958d626d05449fb9c6fb61251b30db36 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Thu, 10 Dec 2020 15:26:41 -0500 Subject: [PATCH 03/34] fill out initial set of requirements --- proposals/wac-ucr/index.bs | 138 ++++++++++++++++++++++++++++++++++--- 1 file changed, 127 insertions(+), 11 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 2540d17d..f17d349b 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1128,29 +1128,29 @@ Requirements {#requirements} ## Functional Requirements ## {#req-functional} -1. The system MUST limit an [=agent's=] ability to access a - [=resource=] or [=collection=]. [[#uc-basic]], [[#uc-collections]] +1. The system MUST permit or restrict an [=agent's=] ability to access a + [=resource=] or [=collection=]. [[#uc-basic]], + [[#uc-collections]], [[#uc-blockagents]] -1. The system MUST allow access to be limited to an [=agent=] - based on the [=identity=] of the [=agent=]. [[#uc-basic]], - [[#uc-collections]] +1. The system MUST allow access to be limited based on the [=identity=] of + the [=agent=]. [[#uc-basic]], [[#uc-collections]] 1. The system MUST allow access to be limited to an [=agent=] based on the [=agent's=] membership in a certain group of [=agents=]. [[#basic-group]] 1. The system MUST allow access to be limited to an [=agent=] - based on the [=application=] in use by the [=agent=]. + based on the client [=application=] in use by the [=agent=]. [[#uc-trusted-applications]] -1. The system MUST allow access to a certain resource to be limited to +1. The system MUST allow for access to a certain resource to be limited to the [=agent=] that created that resource. [[#collection-readappendwrite]] 1. The system MAY allow access to be limited to an [=agent=] based on the [=agent's=] possession of a certain verifiable credential or capability. FUTURE. - [[#capabilities-vc]], [[#capabilities-link]] + [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]] 1. The system MUST allow access to be limited to any unauthenticated [=agent=]. @@ -1161,13 +1161,18 @@ Requirements {#requirements} [[#basic-authenticated]] 1. The system MUST limit the ability to read the access permissions - associated with a certain resource. - [[#basic-control]] + associated with a certain [=resource=]. + [[#basic-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]] 1. The system MUST limit the ability to change the access permissions - associated with a certain resource. + associated with a certain [=resource=]. [[#basic-control]] +1. The system MUST furnish the effective access permission modes on a certain + [=resource=] as they relate to the [=agent=] making the request, + in the request response. + [[#uc-client-determine-access-privileges]] + 1. The system MUST limit the ability to read a certain [=resource=]. [[#basic-readonly]], [[#basic-write]], [[#basic-readappend]] @@ -1181,7 +1186,118 @@ Requirements {#requirements} 1. The system MUST limit the ability to change existing data in a certain [=resource=], such that only new data can be added to it. [[#basic-appendonly]] + +1. The system MUST limit the ability to read a certain [=collection=], + exposing only the data from the [=collection=] resource itself, and a + listing of its members. + [[#collection-readonly]], [[#collection-readwrite]], [[#collection-readappend]], + [[#collection-readappendwrite]] + +1. The system MUST limit the ability to create a [=resource=] in a + certain [=collection=]. + [[#collection-readwrite]], [[#collection-readappend]], + [[#collection-readappendwrite]] + +1. The system MUST limit the ability to delete a [=resource=] in a + certain [=collection=]. + Corresponding use case needs to be added + +1. The system MUST allow for the creator of a [=resource=] in a certain + [=collection=] to be granted access to the created [=resource=]. + [[#collection-readappendwrite]] + +1. The system MUST limit the ability to read the access permissions + associated with a certain [=collection=]. + [[#collection-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]] + +1. The system MUST limit the ability to change the access permissions + associated with a certain [=collection=]. + [[#collection-control]] +1. The system MUST furnish the effective access permission modes on a certain + [=collection=] as they relate to the [=agent=] making the request, + in the request response. + [[#uc-client-determine-access-privileges]]. + +1. The system MUST limit the ability to access a certain [=resource=] by + a given start and/or end data and time. + [[#conditional-time]] + +1. The system MUST limit the ability to access a certain [=resource=] by + a tag associated with that resource. + [[#conditional-tag]] + +1. The system MUST limit the ability to access a certain [=resource=] based + on the existence of a specific relationship with another [=resource=]. + [[#conditional-relationship]] + +1. The system MUST allow for a certain [=collection=] to specify access + permissions that are inherited by its members. + [[#uc-inheritance]] + +1. The system MUST allow for the members of a certain [=collection=] to + extend or augment the permissions inherited from that [=collection=]. + [[#inheritance-adding]], [[#inheritance-modifying]] + +1. The system MUST allow for a certain [=collection=] to specify access + permissions that are inherited by its members and cannot be augmented. + [[#inheritance-forcing]] + +1. The system MUST allow for a certain resource to be read if + the [=agent=] has inherited that permission from the [=collection=] the + [=resource=] is a member of. + [[#inheritance-readonly]] + +1. The system MUST allow for a new resource to be created if the + [=agent=] has inherited that permission from the [=collection=] the + [=resource=] is a member of. + [[#inheritance-readappend]] + +1. The system MUST allow for a new resource to be created if the + [=agent=] has inherited that permission from the [=collection=] the + [=resource=] is a member of. + [[#inheritance-readappend]] + +1. The system MUST allow for the default permissions of a newly created + [=resources=] to be inherited from the [=collection=] the + [=resource=] is a member of. + [[#inheritance-defaultcreated]], [[#inheritance-extended]] + +1. The system MUST allow for a resource to be changed if + the [=agent=] has inherited that permission from the [=collection=] the + [=resource=] is a member of. + [[#inheritance-readwrite]] + +1. The system MUST allow for a resource to be deleted if + the [=agent=] has inherited that permission from the [=collection=] the + [=resource=] is a member of. + Corresponding use case needs to be added + +1. The system MUST allow for new data to be added to a [=resource=], without + being able to change existing data in that [=resource=], if + the [=agent=] has inherited that permission from the [=collection=] the + [=resource=] is a member of. + Corresponding use case needs to be added + +1. The system MUST allow for the access permissions + associated with a certain resource to be read + if the [=agent=] has inherited that permission from the [=collection=] the + [=resource=] is a member of. + [[#inheritance-control]] + +1. The system MUST allow for the access permissions + associated with a certain resource to be changed + if the [=agent=] has inherited that permission from the [=collection=] the + [=resource=] is a member of. + [[#inheritance-control]] + +### Omitted ### {#requirements-omitted} + +* [[#conditional-filter]] +* [[#conditional-control]] +* [[#conditional-action]] +* [[#conditional-payment]] +* [[#uc-client-constraints]] Limitations of Legacy Web Access Control {#limitations} ================================================================================ From e1e8e0e6eb539d4a2b8169886b76bb7e1c6d50e5 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Tue, 15 Dec 2020 22:22:49 -0500 Subject: [PATCH 04/34] MUST back to shall --- proposals/wac-ucr/index.bs | 74 +++++++++++++++++++------------------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index f17d349b..66177db0 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1128,164 +1128,164 @@ Requirements {#requirements} ## Functional Requirements ## {#req-functional} -1. The system MUST permit or restrict an [=agent's=] ability to access a +1. The system shall permit or restrict an [=agent's=] ability to access a [=resource=] or [=collection=]. [[#uc-basic]], [[#uc-collections]], [[#uc-blockagents]] -1. The system MUST allow access to be limited based on the [=identity=] of +1. The system shall allow access to be limited based on the [=identity=] of the [=agent=]. [[#uc-basic]], [[#uc-collections]] -1. The system MUST allow access to be limited to an [=agent=] +1. The system shall allow access to be limited to an [=agent=] based on the [=agent's=] membership in a certain group of [=agents=]. [[#basic-group]] -1. The system MUST allow access to be limited to an [=agent=] +1. The system shall allow access to be limited to an [=agent=] based on the client [=application=] in use by the [=agent=]. [[#uc-trusted-applications]] -1. The system MUST allow for access to a certain resource to be limited to +1. The system shall allow for access to a certain resource to be limited to the [=agent=] that created that resource. [[#collection-readappendwrite]] -1. The system MAY allow access to be limited to an [=agent=] +1. The system shall allow access to be limited to an [=agent=] based on the [=agent's=] possession of a certain verifiable credential or capability. FUTURE. [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]] -1. The system MUST allow access to be limited to any +1. The system shall allow access to be limited to any unauthenticated [=agent=]. [[#basic-public]] -1. The system MUST allow access to be limited to any +1. The system shall allow access to be limited to any authenticated [=agent=]. [[#basic-authenticated]] -1. The system MUST limit the ability to read the access permissions +1. The system shall limit the ability to read the access permissions associated with a certain [=resource=]. [[#basic-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]] -1. The system MUST limit the ability to change the access permissions +1. The system shall limit the ability to change the access permissions associated with a certain [=resource=]. [[#basic-control]] -1. The system MUST furnish the effective access permission modes on a certain +1. The system shall furnish the effective access permission modes on a certain [=resource=] as they relate to the [=agent=] making the request, in the request response. [[#uc-client-determine-access-privileges]] -1. The system MUST limit the ability to read a certain [=resource=]. +1. The system shall limit the ability to read a certain [=resource=]. [[#basic-readonly]], [[#basic-write]], [[#basic-readappend]] -1. The system MUST limit the ability to change any of the contents of a +1. The system shall limit the ability to change any of the contents of a certain [=resource=]. [[#basic-write]] -1. The system MUST limit the ability to delete a certain [=resource=]. +1. The system shall limit the ability to delete a certain [=resource=]. Corresponding use case needs to be added -1. The system MUST limit the ability to change existing data in a +1. The system shall limit the ability to change existing data in a certain [=resource=], such that only new data can be added to it. [[#basic-appendonly]] -1. The system MUST limit the ability to read a certain [=collection=], +1. The system shall limit the ability to read a certain [=collection=], exposing only the data from the [=collection=] resource itself, and a listing of its members. [[#collection-readonly]], [[#collection-readwrite]], [[#collection-readappend]], [[#collection-readappendwrite]] -1. The system MUST limit the ability to create a [=resource=] in a +1. The system shall limit the ability to create a [=resource=] in a certain [=collection=]. [[#collection-readwrite]], [[#collection-readappend]], [[#collection-readappendwrite]] -1. The system MUST limit the ability to delete a [=resource=] in a +1. The system shall limit the ability to delete a [=resource=] in a certain [=collection=]. Corresponding use case needs to be added -1. The system MUST allow for the creator of a [=resource=] in a certain +1. The system shall allow for the creator of a [=resource=] in a certain [=collection=] to be granted access to the created [=resource=]. [[#collection-readappendwrite]] -1. The system MUST limit the ability to read the access permissions +1. The system shall limit the ability to read the access permissions associated with a certain [=collection=]. [[#collection-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]] -1. The system MUST limit the ability to change the access permissions +1. The system shall limit the ability to change the access permissions associated with a certain [=collection=]. [[#collection-control]] -1. The system MUST furnish the effective access permission modes on a certain +1. The system shall furnish the effective access permission modes on a certain [=collection=] as they relate to the [=agent=] making the request, in the request response. [[#uc-client-determine-access-privileges]]. -1. The system MUST limit the ability to access a certain [=resource=] by +1. The system shall limit the ability to access a certain [=resource=] by a given start and/or end data and time. [[#conditional-time]] -1. The system MUST limit the ability to access a certain [=resource=] by +1. The system shall limit the ability to access a certain [=resource=] by a tag associated with that resource. [[#conditional-tag]] -1. The system MUST limit the ability to access a certain [=resource=] based +1. The system shall limit the ability to access a certain [=resource=] based on the existence of a specific relationship with another [=resource=]. [[#conditional-relationship]] -1. The system MUST allow for a certain [=collection=] to specify access +1. The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members. [[#uc-inheritance]] -1. The system MUST allow for the members of a certain [=collection=] to +1. The system shall allow for the members of a certain [=collection=] to extend or augment the permissions inherited from that [=collection=]. [[#inheritance-adding]], [[#inheritance-modifying]] -1. The system MUST allow for a certain [=collection=] to specify access +1. The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members and cannot be augmented. [[#inheritance-forcing]] -1. The system MUST allow for a certain resource to be read if +1. The system shall allow for a certain resource to be read if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. [[#inheritance-readonly]] -1. The system MUST allow for a new resource to be created if the +1. The system shall allow for a new resource to be created if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. [[#inheritance-readappend]] -1. The system MUST allow for a new resource to be created if the +1. The system shall allow for a new resource to be created if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. [[#inheritance-readappend]] -1. The system MUST allow for the default permissions of a newly created +1. The system shall allow for the default permissions of a newly created [=resources=] to be inherited from the [=collection=] the [=resource=] is a member of. [[#inheritance-defaultcreated]], [[#inheritance-extended]] -1. The system MUST allow for a resource to be changed if +1. The system shall allow for a resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. [[#inheritance-readwrite]] -1. The system MUST allow for a resource to be deleted if +1. The system shall allow for a resource to be deleted if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. Corresponding use case needs to be added -1. The system MUST allow for new data to be added to a [=resource=], without +1. The system shall allow for new data to be added to a [=resource=], without being able to change existing data in that [=resource=], if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. Corresponding use case needs to be added -1. The system MUST allow for the access permissions +1. The system shall allow for the access permissions associated with a certain resource to be read if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. [[#inheritance-control]] -1. The system MUST allow for the access permissions +1. The system shall allow for the access permissions associated with a certain resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. From 5ddeaf7fbd7b89f4703cdbde3f7d960b144b98c7 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Tue, 19 Jan 2021 21:40:19 -0500 Subject: [PATCH 05/34] Combine duplicate case. Remove future reference. --- proposals/wac-ucr/index.bs | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 66177db0..be93d8ea 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1149,7 +1149,7 @@ Requirements {#requirements} 1. The system shall allow access to be limited to an [=agent=] based on the [=agent's=] possession of a certain verifiable credential - or capability. FUTURE. + or capability. [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]] 1. The system shall allow access to be limited to any @@ -1168,9 +1168,9 @@ Requirements {#requirements} associated with a certain [=resource=]. [[#basic-control]] -1. The system shall furnish the effective access permission modes on a certain - [=resource=] as they relate to the [=agent=] making the request, - in the request response. +1. The system shall provide the effective access permission modes on a certain + [=resource=] or [=collection=] as they relate to the [=agent=] making the + request, in the request response. [[#uc-client-determine-access-privileges]] 1. The system shall limit the ability to read a certain [=resource=]. @@ -1214,11 +1214,6 @@ Requirements {#requirements} associated with a certain [=collection=]. [[#collection-control]] -1. The system shall furnish the effective access permission modes on a certain - [=collection=] as they relate to the [=agent=] making the request, - in the request response. - [[#uc-client-determine-access-privileges]]. - 1. The system shall limit the ability to access a certain [=resource=] by a given start and/or end data and time. [[#conditional-time]] From 0405e8a59e3822cf295a39c4a426946aad5685f8 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Tue, 19 Jan 2021 21:54:28 -0500 Subject: [PATCH 06/34] Refine creator assignment --- proposals/wac-ucr/index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index be93d8ea..03643bd3 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1143,8 +1143,8 @@ Requirements {#requirements} based on the client [=application=] in use by the [=agent=]. [[#uc-trusted-applications]] -1. The system shall allow for access to a certain resource to be limited to - the [=agent=] that created that resource. +1. The system shall allow for access to a [=resource=] or + [=collection=] to be limited to the [=agent=] that created it. [[#collection-readappendwrite]] 1. The system shall allow access to be limited to an [=agent=] From 30cc7e3091bdcd50b44439d19f061c948759691c Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Wed, 27 Jan 2021 21:50:58 -0500 Subject: [PATCH 07/34] Clarify public access. --- proposals/wac-ucr/.on-save.json | 10 +++++ proposals/wac-ucr/index.bs | 4 +- proposals/wac-ucr/invitation.ttl | 70 ++++++++++++++++++++++++++++++++ proposals/wac-ucr/scratch.md | 11 +++++ 4 files changed, 93 insertions(+), 2 deletions(-) create mode 100644 proposals/wac-ucr/.on-save.json create mode 100644 proposals/wac-ucr/invitation.ttl create mode 100644 proposals/wac-ucr/scratch.md diff --git a/proposals/wac-ucr/.on-save.json b/proposals/wac-ucr/.on-save.json new file mode 100644 index 00000000..4656cc31 --- /dev/null +++ b/proposals/wac-ucr/.on-save.json @@ -0,0 +1,10 @@ +[ + { + "srcDir": ".", + "destDir": ".", + "showOutput": "true", + "showError": "true", + "files": "index.bs", + "command": "bikeshed spec index.bs" + } +] diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 03643bd3..e67586d1 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1152,8 +1152,8 @@ Requirements {#requirements} or capability. [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]] -1. The system shall allow access to be limited to any - unauthenticated [=agent=]. +1. The system shall allow access to be permitted for any + unauthenticated or authenticated [=agent=]. [[#basic-public]] 1. The system shall allow access to be limited to any diff --git a/proposals/wac-ucr/invitation.ttl b/proposals/wac-ucr/invitation.ttl new file mode 100644 index 00000000..aeebcb46 --- /dev/null +++ b/proposals/wac-ucr/invitation.ttl @@ -0,0 +1,70 @@ +@prefix eco: +@prefix xsd: + +<#invitation> + a eco:AccessInvitation ; + eco:registeredBy https://alice.pod.example/profile/id#me ; + eco:registeredWith https://trusted.example/id#agent ; + eco:registeredAt "2020-09-13T19:32:52Z"^^xsd:dateTime ; + eco:updatedAt "2020-09-13T19:32:52Z"^^xsd:dateTime ; + eco:expiresAt "2020-09-20T19:32:52Z"^^xsd:dateTime ; + eco:hasPreparedAccessNeedGroup <#pag-notebook-group> ; + eco:hasDataGrant <#notebook-grant>, <#note-grant> ; + eco:hasAccessInvitationChannel <#phone-channel>, <#email-channel> . + + <#phone-channel> + a eco:PhoneInvitationChannel ; + eco:channelTarget "(555) 555-1212" ; + eco:channelCode "654345" ; + eco:isValidated false ; + eco:remainingAttempts 3 . + + <#email-channel> + a eco:EmailInvitationChannel ; + eco:channelTarget "bob@example.com" ; + eco:channelCode "434567" ; + eco:isValidated true ; + eco:remainingAttempts 3 . + + <#notebook-grant> + a eco:DataGrant ; + eco:hasRegistration data:notebook-tree ; + eco:registeredShapeTree note:notebook-tree ; + eco:satisfiesPreparedAccessNeed <#pan-notebook> ; + eco:accessMode acl:Read, acl:Write ; + eco:scopeOfDataGrant eco:AllInstances ; + + <#note-grant> + a eco:DataGrant ; + eco:hasRegistration data:note-tree ; + eco:registeredShapeTree note:note-tree ; + eco:satisfiesPreparedAccessNeed <#pan-note> ; + eco:accessMode acl:Read, acl:Write ; + eco:scopeOfDataGrant eco:AllInstances ; + + <#pag-notebook-group> + a eco:PreparedAccessNeedGroup ; + eco:fromAccessNeedGroup ex:accessNotebookGroup ; + eco:hasAccessNeedGroupDecorator ex:accessNotebookGroupDecorator ; + eco:accessNecessity eco:AccessRequired ; + eco:authenticatesAs eco:Pilot ; + eco:hasPreparedAccessNeed <#pan-notebook> . + + <#pan-notebook> + a eco:PreparedAccessNeed ; + eco:registeredShapeTree note:notebook-tree ; + eco:accessMode acl:Read, acl:Write ; + eco:accessNecessity eco:AccessRequired ; + eco:hasAccessNeedDecorator ex:notebookAccessDecorator ; + eco:hasShapeTreeDecorator note:notebookDecorator ; + eco:referencesPreparedAccessNeed <#pan-notes> ; + eco:hasDataGrant <#notebook-grant> . + + <#pan-note> + a eco:PreparedAccessNeed ; + eco:registeredShapeTree note:note-tree ; + eco:accessMode acl:Read, acl:Write ; + eco:accessNecessity eco:AccessRequired ; + eco:hasAccessNeedDecorator ex:noteAccessDecorator ; + eco:hasShapeTreeDecorator note:noteDecorator ; + eco:hasDataGrant <#note-grant> . diff --git a/proposals/wac-ucr/scratch.md b/proposals/wac-ucr/scratch.md new file mode 100644 index 00000000..602d00da --- /dev/null +++ b/proposals/wac-ucr/scratch.md @@ -0,0 +1,11 @@ +# Use Cases to Create + +Write use cases for: + +- Conditional Filter +- Conditional Control +- Conditional Action +- Conditional Payment +- UC Client Constraints + +DONE - Change VC requirement from FUTURE From 7cfafa26eef38fa49f183a11dc3a3c6264caade7 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Wed, 27 Jan 2021 21:58:55 -0500 Subject: [PATCH 08/34] Clarify basic write use case --- proposals/wac-ucr/index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index e67586d1..29ec1198 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1176,8 +1176,8 @@ Requirements {#requirements} 1. The system shall limit the ability to read a certain [=resource=]. [[#basic-readonly]], [[#basic-write]], [[#basic-readappend]] -1. The system shall limit the ability to change any of the contents of a - certain [=resource=]. +1. The system shall limit the ability to change any of the existing contents + of a certain [=resource=]. [[#basic-write]] 1. The system shall limit the ability to delete a certain [=resource=]. From 9d41715747ee24ad3381774ea19062107cabf8da Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Thu, 28 Jan 2021 15:26:43 -0500 Subject: [PATCH 09/34] Clarify creator requirements --- proposals/wac-ucr/index.bs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 29ec1198..5f76db9b 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -349,8 +349,7 @@ permissions: * Inherited [=read access=] to the `comments` [=collection=] so they can list and read existing comments (including their own). * [=Append access=] to the `comments` [=collection=], which allows them to - add their own comments, but not change anyone else's including their - own after the comments have been submitted. + add their own comments, but not change anyone else's. * Ability to write (edit or delete) any resources in `comments` that they have created themselves, but none created by anyone else. @@ -1202,8 +1201,9 @@ Requirements {#requirements} certain [=collection=]. Corresponding use case needs to be added -1. The system shall allow for the creator of a [=resource=] in a certain - [=collection=] to be granted access to the created [=resource=]. +1. The system shall allow for the creator of a [=resource=] or [=collection=] + in a certain [=collection=] to be automatically granted access to the + created [=resource=] or [=collection=]. [[#collection-readappendwrite]] 1. The system shall limit the ability to read the access permissions From 205781d4812f68b6e20e3119a6275f4bcf00e408 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Thu, 28 Jan 2021 16:55:57 -0500 Subject: [PATCH 10/34] Add requirements for previously omitted ucs. Clear reqs without use cases. --- proposals/wac-ucr/index.bs | 48 +++++++++++++++++++++----------------- 1 file changed, 27 insertions(+), 21 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 5f76db9b..9c8d2e5f 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1142,6 +1142,12 @@ Requirements {#requirements} based on the client [=application=] in use by the [=agent=]. [[#uc-trusted-applications]] +1. The system shall allow an [=agent=] to limit modes + and/or conditions of access for a given client [=application=] in + their use for a [=resource=] or [=collection=] that they have + been granted access to. + [[#uc-client-constraints=]] + 1. The system shall allow for access to a [=resource=] or [=collection=] to be limited to the [=agent=] that created it. [[#collection-readappendwrite]] @@ -1179,8 +1185,6 @@ Requirements {#requirements} of a certain [=resource=]. [[#basic-write]] -1. The system shall limit the ability to delete a certain [=resource=]. - Corresponding use case needs to be added 1. The system shall limit the ability to change existing data in a certain [=resource=], such that only new data can be added to it. @@ -1197,10 +1201,6 @@ Requirements {#requirements} [[#collection-readwrite]], [[#collection-readappend]], [[#collection-readappendwrite]] -1. The system shall limit the ability to delete a [=resource=] in a - certain [=collection=]. - Corresponding use case needs to be added - 1. The system shall allow for the creator of a [=resource=] or [=collection=] in a certain [=collection=] to be automatically granted access to the created [=resource=] or [=collection=]. @@ -1225,6 +1225,25 @@ Requirements {#requirements} 1. The system shall limit the ability to access a certain [=resource=] based on the existence of a specific relationship with another [=resource=]. [[#conditional-relationship]] + +1. The system shall limit access to only a subset of data in a certain + [=resource=] based on supplied filter criteria. + [[#conditional-filter]] + +1. The system shall allow the [=access modes=] and/or conditions of a given + access permission for + a certain [=resource=] or [=collection=] to change after other specified + conditions have been satisfied. + [[#conditional-action]] + +1. The system shall limit the ability to read, create, or change only those + access permissions for a given [=resource=] or [=collection=] that apply + to a specified group of [=agents=]. + [[#conditional-control]] + +1. The system shall limit the ability to read, create, or change + access permissions for [=resources=] associated with a particular tag. + [[#conditional-control]] 1. The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members. @@ -1263,16 +1282,11 @@ Requirements {#requirements} [=resource=] is a member of. [[#inheritance-readwrite]] -1. The system shall allow for a resource to be deleted if - the [=agent=] has inherited that permission from the [=collection=] the - [=resource=] is a member of. - Corresponding use case needs to be added - 1. The system shall allow for new data to be added to a [=resource=], without being able to change existing data in that [=resource=], if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. - Corresponding use case needs to be added + [[#inheritance-appendonly]] 1. The system shall allow for the access permissions associated with a certain resource to be read @@ -1284,15 +1298,7 @@ Requirements {#requirements} associated with a certain resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. - [[#inheritance-control]] - -### Omitted ### {#requirements-omitted} - -* [[#conditional-filter]] -* [[#conditional-control]] -* [[#conditional-action]] -* [[#conditional-payment]] -* [[#uc-client-constraints]] + [[#inheritance-control]] Limitations of Legacy Web Access Control {#limitations} ================================================================================ From ef9c4f386a37958be9765f35845014045a9b9f20 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Thu, 28 Jan 2021 20:34:37 -0500 Subject: [PATCH 11/34] Note on shorthand use of allowing or limiting access --- proposals/wac-ucr/index.bs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 9c8d2e5f..9b706f86 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1127,9 +1127,9 @@ Requirements {#requirements} ## Functional Requirements ## {#req-functional} -1. The system shall permit or restrict an [=agent's=] ability to access a - [=resource=] or [=collection=]. [[#uc-basic]], - [[#uc-collections]], [[#uc-blockagents]] +Note: Unless otherwise specified, *allowing or limiting access* in the +subsequent requirements should be interpreted in the context of allowing +or limiting access to a [=resource=] or [=collection=] by an [=agent=]. 1. The system shall allow access to be limited based on the [=identity=] of the [=agent=]. [[#uc-basic]], [[#uc-collections]] From 2b2dd89fdc1b52d8ba74f4978b35a547797afae4 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Sat, 30 Jan 2021 22:17:29 -0500 Subject: [PATCH 12/34] Change requirements to autolinked headers --- proposals/wac-ucr/index.bs | 346 +++++++++++++++++++++---------------- 1 file changed, 198 insertions(+), 148 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 9b706f86..431fa4cf 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1131,174 +1131,224 @@ Note: Unless otherwise specified, *allowing or limiting access* in the subsequent requirements should be interpreted in the context of allowing or limiting access to a [=resource=] or [=collection=] by an [=agent=]. -1. The system shall allow access to be limited based on the [=identity=] of - the [=agent=]. [[#uc-basic]], [[#uc-collections]] +### The system shall allow access to be limited based on the [=identity=] of the [=agent=]. ### {#req-access-identity} -1. The system shall allow access to be limited to an [=agent=] - based on the [=agent's=] membership in a certain group of [=agents=]. - [[#basic-group]] +
+Related use cases: [[#uc-basic]], [[#uc-collections]] +
+ +### The system shall allow access to be limited to an [=agent=] based on the [=agent's=] membership in a certain group of [=agents=]. ### {#req-agent-group} + +
+ Related use cases: [[#basic-group]] +
+ +### The system shall allow access to be limited to an [=agent=] based on the client [=application=] in use by the [=agent=]. ### {#req-application} + +
+ Related use cases: [[#uc-trusted-applications]] +
+ +### The system shall allow an [=agent=] to limit modes and/or conditions of access for a given client [=application=] in their use for a [=resource=] or [=collection=] that they have been granted access to. ### {#req-client-constrained} + +
+ Related use cases: [[#uc-client-constraints]] +
+ +### The system shall allow for access to a [=resource=] or [=collection=] to be limited to the [=agent=] that created it. ### {#req-creator} + +
+ Related use cases: [[#collection-readappendwrite]] +
+ +### The system shall allow access to be limited to an [=agent=] based on the [=agent's=] possession of a certain verifiable credential or capability. ### {#req-vc} + +
+ Related use cases: [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]] +
+ +### The system shall allow access to be permitted for any unauthenticated or authenticated [=agent=]. ### {#req-public} + +
+ Related use cases: [[#basic-public]] +
-1. The system shall allow access to be limited to an [=agent=] - based on the client [=application=] in use by the [=agent=]. - [[#uc-trusted-applications]] - -1. The system shall allow an [=agent=] to limit modes - and/or conditions of access for a given client [=application=] in - their use for a [=resource=] or [=collection=] that they have - been granted access to. - [[#uc-client-constraints=]] - -1. The system shall allow for access to a [=resource=] or - [=collection=] to be limited to the [=agent=] that created it. - [[#collection-readappendwrite]] - -1. The system shall allow access to be limited to an [=agent=] - based on the [=agent's=] possession of a certain verifiable credential - or capability. - [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]] +### The system shall allow access to be limited to any authenticated [=agent=]. ### {#req-authenticated} -1. The system shall allow access to be permitted for any - unauthenticated or authenticated [=agent=]. - [[#basic-public]] +
+ Related use cases: [[#basic-authenticated]] +
-1. The system shall allow access to be limited to any - authenticated [=agent=]. - [[#basic-authenticated]] +### The system shall limit the ability to read the access permissions associated with a certain [=resource=]. ### {#req-read-permissions} -1. The system shall limit the ability to read the access permissions - associated with a certain [=resource=]. - [[#basic-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]] +
+ Related use cases: [[#basic-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]] +
-1. The system shall limit the ability to change the access permissions - associated with a certain [=resource=]. - [[#basic-control]] +### The system shall limit the ability to change the access permissions associated with a certain [=resource=]. ### {#req-change-permissions} -1. The system shall provide the effective access permission modes on a certain - [=resource=] or [=collection=] as they relate to the [=agent=] making the - request, in the request response. - [[#uc-client-determine-access-privileges]] +
+ Related use cases: [[#basic-control]] +
-1. The system shall limit the ability to read a certain [=resource=]. - [[#basic-readonly]], [[#basic-write]], [[#basic-readappend]] +### The system shall provide the effective access permission modes on a certain [=resource=] or [=collection=] as they relate to the [=agent=] making the request, in the request response. ### {#req-effective-modes} -1. The system shall limit the ability to change any of the existing contents - of a certain [=resource=]. - [[#basic-write]] +
+ Related use cases: [[#uc-client-determine-access-privileges]] +
+### The system shall limit the ability to read a certain [=resource=].### {#req-read} -1. The system shall limit the ability to change existing data in a - certain [=resource=], such that only new data can be added to it. - [[#basic-appendonly]] - -1. The system shall limit the ability to read a certain [=collection=], - exposing only the data from the [=collection=] resource itself, and a - listing of its members. - [[#collection-readonly]], [[#collection-readwrite]], [[#collection-readappend]], - [[#collection-readappendwrite]] - -1. The system shall limit the ability to create a [=resource=] in a - certain [=collection=]. - [[#collection-readwrite]], [[#collection-readappend]], - [[#collection-readappendwrite]] - -1. The system shall allow for the creator of a [=resource=] or [=collection=] - in a certain [=collection=] to be automatically granted access to the - created [=resource=] or [=collection=]. - [[#collection-readappendwrite]] - -1. The system shall limit the ability to read the access permissions - associated with a certain [=collection=]. - [[#collection-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]] +
+ Related use cases: [[#basic-readonly]], [[#basic-write]], [[#basic-readappend]] +
+ +### The system shall limit the ability to change any of the existing contents of a certain [=resource=].### {#req-write} + +
+ Related use cases: [[#basic-write]] +
+ +### The system shall limit the ability to change existing data in a certain [=resource=], such that only new data can be added to it.### {#req-append} + +
+ Related use cases: [[#basic-appendonly]] +
-1. The system shall limit the ability to change the access permissions - associated with a certain [=collection=]. - [[#collection-control]] +### The system shall limit the ability to read a certain [=collection=], exposing only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-read} + +
+ Related use cases: [[#collection-readonly]], [[#collection-readwrite]], + [[#collection-readappend]], [[#collection-readappendwrite]] +
+ +### The system shall limit the ability to create a [=resource=] in a certain [=collection=].### {#req-collection-create} + +
+ Related use cases: [[#collection-readwrite]], [[#collection-readappend]], + [[#collection-readappendwrite]] +
+ +### The system shall allow for the creator of a [=resource=] or [=collection=] in a certain [=collection=] to be automatically granted access to the created [=resource=] or [=collection=].### {#req-collection-creator} -1. The system shall limit the ability to access a certain [=resource=] by - a given start and/or end data and time. - [[#conditional-time]] +
+ Related use cases: [[#collection-readappendwrite]] +
-1. The system shall limit the ability to access a certain [=resource=] by - a tag associated with that resource. - [[#conditional-tag]] +### The system shall limit the ability to read the access permissions associated with a certain [=collection=].### {#req-collection-read-permissions} + +
+ Related use cases: [[#collection-control]], [[#uc-whopermitted]], + [[#uc-historyofchanges]] +
+ +### The system shall limit the ability to change the access permissions associated with a certain [=collection=].### {#req-collection-change-permissions} + +
+ Related use cases: [[#collection-control]] +
+ +### The system shall limit the ability to access a certain [=resource=] by a given start and/or end data and time.### {#req-conditional-time} + +
+ Related use cases: [[#conditional-time]] +
+ +### The system shall limit the ability to access a certain [=resource=] by a tag associated with that resource.### {#req-conditional-tag} + +
+ Related use cases: [[#conditional-tag]] +
-1. The system shall limit the ability to access a certain [=resource=] based - on the existence of a specific relationship with another [=resource=]. - [[#conditional-relationship]] +### The system shall limit the ability to access a certain [=resource=] based on the existence of a specific relationship with another [=resource=].### {#req-conditional-relationship} + +
+ Related use cases: [[#conditional-relationship]] +
-1. The system shall limit access to only a subset of data in a certain - [=resource=] based on supplied filter criteria. - [[#conditional-filter]] - -1. The system shall allow the [=access modes=] and/or conditions of a given - access permission for - a certain [=resource=] or [=collection=] to change after other specified - conditions have been satisfied. - [[#conditional-action]] +### The system shall limit access to only a subset of data in a certain [=resource=] based on supplied filter criteria.### {#req-conditional-filter} + +
+ Related use cases: [[#conditional-filter]] +
+ +### The system shall allow the [=access modes=] and/or conditions of a given access permission for a certain [=resource=] or [=collection=] to change after other specified conditions have been satisfied.### {#req-conditional-action} + +
+ Related use cases: [[#conditional-action]] +
+ +### The system shall limit the ability to read, create, or change only those access permissions for a given [=resource=] or [=collection=] that apply to a specified group of [=agents=].### {#req-conditional-control} + +
+ Related use cases: [[#conditional-control]] +
+ +### The system shall limit the ability to read, create, or change access permissions for [=resources=] associated with a particular tag.### {#req-conditional-control-tag} + +
+ Related use cases: [[#conditional-control]] +
+ +### The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members.### {#req-collection-inheritance} + +
+ Related use cases: [[#uc-inheritance]] +
+ +### The system shall allow for the members of a certain [=collection=] to extend or augment the permissions inherited from that [=collection=].### {#req-inheritance-modify} + +
+ Related use cases: [[#inheritance-adding]], [[#inheritance-modifying]] +
+ +### The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members and cannot be augmented. ### {#req-inheritance-forcing} + +
+ Related use cases: [[#inheritance-forcing]] +
+ +### The system shall allow for a certain resource to be read if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-readonly} -1. The system shall limit the ability to read, create, or change only those - access permissions for a given [=resource=] or [=collection=] that apply - to a specified group of [=agents=]. - [[#conditional-control]] - -1. The system shall limit the ability to read, create, or change - access permissions for [=resources=] associated with a particular tag. - [[#conditional-control]] - -1. The system shall allow for a certain [=collection=] to specify access - permissions that are inherited by its members. - [[#uc-inheritance]] +
+ Related use cases: [[#inheritance-readonly]] +
+ +### The system shall allow for a new resource to be created if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-create} + +
+ Related use cases: [[#inheritance-readappend]] +
+ +### The system shall allow for the default permissions of a newly created [=resources=] to be inherited from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-default-permissions} + +
+ Related use cases: [[#inheritance-defaultcreated]], [[#inheritance-extended]] +
-1. The system shall allow for the members of a certain [=collection=] to - extend or augment the permissions inherited from that [=collection=]. - [[#inheritance-adding]], [[#inheritance-modifying]] - -1. The system shall allow for a certain [=collection=] to specify access - permissions that are inherited by its members and cannot be augmented. - [[#inheritance-forcing]] - -1. The system shall allow for a certain resource to be read if - the [=agent=] has inherited that permission from the [=collection=] the - [=resource=] is a member of. - [[#inheritance-readonly]] +### The system shall allow for a resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-change} + +
+ Related use cases: [[#inheritance-readwrite]] +
+ +### The system shall allow for new data to be added to a [=resource=], without being able to change existing data in that [=resource=], if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-appendonly} + +
+ Related use cases: [[#inheritance-appendonly]] +
-1. The system shall allow for a new resource to be created if the - [=agent=] has inherited that permission from the [=collection=] the - [=resource=] is a member of. - [[#inheritance-readappend]] - -1. The system shall allow for a new resource to be created if the - [=agent=] has inherited that permission from the [=collection=] the - [=resource=] is a member of. - [[#inheritance-readappend]] - -1. The system shall allow for the default permissions of a newly created - [=resources=] to be inherited from the [=collection=] the - [=resource=] is a member of. - [[#inheritance-defaultcreated]], [[#inheritance-extended]] +### The system shall allow for the access permissions associated with a certain resource to be read if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-read-permissions} + +
+ Related use cases: [[#inheritance-control]] +
-1. The system shall allow for a resource to be changed if - the [=agent=] has inherited that permission from the [=collection=] the - [=resource=] is a member of. - [[#inheritance-readwrite]] - -1. The system shall allow for new data to be added to a [=resource=], without - being able to change existing data in that [=resource=], if - the [=agent=] has inherited that permission from the [=collection=] the - [=resource=] is a member of. - [[#inheritance-appendonly]] - -1. The system shall allow for the access permissions - associated with a certain resource to be read - if the [=agent=] has inherited that permission from the [=collection=] the - [=resource=] is a member of. - [[#inheritance-control]] - -1. The system shall allow for the access permissions - associated with a certain resource to be changed - if the [=agent=] has inherited that permission from the [=collection=] the - [=resource=] is a member of. - [[#inheritance-control]] +### The system shall allow for the access permissions associated with a certain resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inhertiance-change-permissions} + +
+ Related use cases: [[#inheritance-control]] +
Limitations of Legacy Web Access Control {#limitations} ================================================================================ From 12091cb8e13d1ad6083c0af314bf8e1134a1211e Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Wed, 3 Feb 2021 20:59:59 -0500 Subject: [PATCH 13/34] Link from use cases to requirements --- proposals/wac-ucr/index.bs | 407 +++++++++++++++++++++++++++++++++++-- 1 file changed, 391 insertions(+), 16 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 431fa4cf..1dfcc00b 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -42,6 +42,10 @@ Abstract: color: #000000; } + .assertion { + font-size: small; + } + @media (prefers-color-scheme: dark) { a[data-link-type=dfn] { color: #FFFFFF; @@ -117,11 +121,25 @@ permission to do this, because `resume` is not a public resource, and as the [=resource controller=] Alice is the only one who can manage permissions for it. +
+ +* [[#req-read-permissions]] +* [[#req-change-permissions]] + +
+ ### Read-write access ### {#basic-write} Alice gives Bob [=read access=] so that he can read the `resume` resource, and [=write access=] so that he can make changes to it, which he does. +
+ +* [[#req-read]] +* [[#req-write]] + +
+ ### Read-append access ### {#basic-readappend} #### Alice stores Danielle's recommendation #### {#basic-readappend-single-storage} @@ -132,6 +150,13 @@ in the references section of `resume`. Alice gives Danielle [=read access=] to to `resume`, and cannot change any existing data within it. Danielle adds a glowing reference for Alice to `resume`. +
+ +* [[#req-read]] +* [[#req-append]] + +
+ #### Danielle stores their own recommendation #### {#basic-readappend-multi-storage} Danielle agrees to give Alice a personal reference, which Alice will link to @@ -141,6 +166,13 @@ recommendation that she creates and hosts on her own [=resource server=] at `https://danielle.example/recommendation`. Danielle is the [=resource controller=] for that resource and gives it public [=read access=]. +
+ +* [[#req-read]] +* [[#req-append]] + +
+ ### Append-only access ### {#basic-appendonly} Alice is interested in seeing whether any of her other contacts might @@ -151,20 +183,39 @@ She creates a `recommendations` resource, and grants [=append access=] to the `contacts` [=authorization group=], which represents every professional contact in her virtual rolodex. She sends a mass-mail to `contacts`, with a link to an app they can use to submit a recommendation, which will be appended -to `recommendations`. Since they only have [=append access=] and not [=read -access=], they can add to `recommendations` but they cannot see +to `recommendations`. Since they only have [=append access=] and not [=read access=], +they can add to `recommendations` but they cannot see recommendations that have already been added. +
+ +* [[#req-append]] + +
+ ### Removing access ### {#basic-removing} Alice removes Bob and Danielle's access to `resume`, since they've both finished contributing to it. They can no longer read or make changes to it. +
+ +* [[#req-read-permissions]] +* [[#req-change-permissions]] + +
+ ### Read-only access ### {#basic-readonly} Alice has a job interview with Carol. Alice gives Carol [=read access=] to `resume` ahead of the interview. +
+ +* [[#req-read]] + +
+ ### Group access ### {#basic-group} Alice has additional interest, and is now interviewing with people from @@ -182,11 +233,28 @@ Now Alice can add new people she's interviewing with to the `interviewing` [=authorization group=], and remove them when the opportunity is no longer active. This is much more intuitive and easy for Alice. +
+ +* [[#req-agent-group]] +* [[#req-read-permissions]] +* [[#req-change-permissions]] +* [[#req-read]] + +
+ ### Public access ### {#basic-public} -Alice decides `resume` is ready to share with everyone, so she gives [=read -access=] to the public (everyone), and shares a link to it on several job -boards. +Alice decides `resume` is ready to share with everyone, so she gives +[=read access=] to the public (everyone), and shares a link to it on +several job boards. + +
+ +* [[#req-change-permissions]] +* [[#req-read]] +* [[#req-public]] + +
### Logged in access ### {#basic-authenticated} @@ -207,6 +275,15 @@ in, or if necessary to make a new solid account and then log in. After the workshop is over, she changes the access on the materials to explicitly be that group. +
+ +* [[#req-change-permissions]] +* [[#req-read]] +* [[#req-write]] +* [[#req-authenticated]] +* [[#req-agent-group]] + +
## Basic collection access ## {#uc-collections} @@ -300,17 +377,27 @@ She only wants them to see detail about the `portfolio` [=collection=] itself, along with a listing of its contents, but not the contents of the [=resources=] included in that [=collection=] just yet. -Alice wants know which of them are really interested based on who asks her for +Alice wants to know which of them are really interested based on who asks her for more access to the contents of `portfolio`. +
+ +* [[#req-change-permissions]] +* [[#req-read]] +* [[#req-collection-change-permissions]] +* [[#req-collection-read]] + +
+ ### Read-write access to a Collection ### {#collection-readwrite} Alice worked with Milo in the past, where they produced a deliverable (`document1`) that she has included in her `portfolio` [=collection=]. -Alice realized that she doesn't have the most up-to-date version `document1`, -and needs Milo to replace it. She gives Milo [=read access=] and [=write -access=] to the `portfolio` [=collection=] itself, which allows him to see the +Alice realized that she doesn't have the most up-to-date version of `document1`, +and needs Milo to replace it. She gives Milo [=read access=] and +[=write access=] to the `portfolio` [=collection=] itself, which allows him +to see the listing of its contents, as well as add and remove items from the [=collection=]. @@ -320,6 +407,14 @@ he's replacing. Milo updates the contents of `document1` to the most recent version. +
+ +* [[#req-collection-change-permissions]] +* [[#req-collection-read]] +* [[#req-collection-write]] + +
+ ### Read-append access to a Collection ### {#collection-readappend} Alice worked with Bob in the past on a project, and she has included the @@ -334,6 +429,14 @@ He can't see the contents of the [=resources=], or remove anything in the list. That's fine because he only needs to add the [=resources=] that aren't included. +
+ +* [[#req-collection-change-permissions]] +* [[#req-collection-read]] +* [[#req-collection-create]] + +
+ ### Read-append-write access to a Collection ### {#collection-readappendwrite} Note: Despite this section's focus on permissions specific to the collection @@ -353,6 +456,16 @@ permissions: * Ability to write (edit or delete) any resources in `comments` that they have created themselves, but none created by anyone else. +
+ +* [[#req-collection-change-permissions]] +* [[#req-collection-inheritance]] +* [[#req-inheritance-readonly]] +* [[#req-collection-create]] +* [[#req-collection-creator]] + +
+ ### Append-only access to a Collection ### {#collection-appendonly} Alice realizes it would be helpful if Carol, Oscar, and Frank could provide @@ -365,6 +478,13 @@ She provides them with [=append access=] to the `opportunities` in the [=collection=], or modify them. This means that they can each add opportunities, but none of the others will see them. +
+ +* [[#req-collection-change-permissions]] +* [[#req-collection-create]] + +
+ ### Control access to a Collection ### {#collection-control} Bob reminds Alice that some of the other people who worked on `project1` may @@ -376,6 +496,13 @@ the output of their shared work. She gives him [=control access=] to `project1` so that he can help her invite other colleagues from the past to add [=resources=] to it. +
+ +* [[#req-collection-read-permissions]] +* [[#req-collection-change-permissions]] + +
+ ## Inheritance ## {#uc-inheritance} Bob is leading a group of colleagues doing field research. This group @@ -539,17 +666,34 @@ Because Bob grants inherited [=read access=] at the `weekly-status` [=collection=], it will apply to everything already in the [=collection=], as well as anything that will be added in the future. +
+ +* [[#req-agent-group]] +* [[#req-collection-change-permissions]] +* [[#req-inheritance-readonly]] + +
+ ### Read-append access to collection resources ### {#inheritance-readappend} Every day, someone in the group is responsible for recording data from devices in the field, and storing those metrics in `daily-metrics`. -Bob gives the `research` [=authorization group=] inherited [=append access=] -to the `daily-metrics` [=collection=]. This allows anyone in the -[=authorization group=] to see the contents of the [=collection=], and add new +Bob gives the `research` [=authorization group=] [=append access=] and inherited +[=read access=] to the `daily-metrics` [=collection=]. This allows anyone +in the [=authorization group=] to see the contents of the [=collection=], and add new readings. They cannot modify readings after they are recorded. This provides confidence that readings are not manipulated after the fact. +
+ +* [[#req-agent-group]] +* [[#req-collection-change-permissions]] +* [[#req-collection-create]] +* [[#req-inheritance-readonly]] + +
+ ### Read-write access to collection resources ### {#inheritance-readwrite} The members of the `research` [=authorization group=] collaborate on a daily @@ -562,6 +706,15 @@ in the [=authorization group=] to see the contents of the [=collection=] and collaborate on a given day's summary. They can update the contents together until they're satisfied with the results. +
+ +* [[#req-agent-group]] +* [[#req-collection-change-permissions]] +* [[#req-inheritance-readonly]] +* [[#req-inheritance-change]] + +
+ ### Append-only access to collection resources ### {#inheritance-appendonly} Bob purchases a new field device that is able to automatically push daily @@ -573,6 +726,15 @@ Bob gives the new field device [=read access=] on the `daily-metrics` daily-metric resource if it already exists, or create a new one if a member of the `research` [=authorization group=] hasn't made one for that day yet. +
+ +* [[#req-collection-change-permissions]] +* [[#req-collection-read]] +* [[#req-collection-create]] +* [[#req-inheritance-appendonly]] + +
+ ### Control access to collection resources ### {#inheritance-control} Bob realizes that he needs some help administering `https://research.example`. @@ -580,6 +742,15 @@ He provides Carol with inherited [=read access=] and [=control access=] to `https://research.example/`, allowing her to read and manage permissions for all of the [=resources=] and [=collections=] included within it. +
+ +* [[#req-collection-change-permissions]] +* [[#req-collection-read-permissions]] +* [[#req-collection-read]] +* [[#req-inheritance-readonly]] + +
+ ### Default permissions on created resources ### {#inheritance-defaultcreated} Bob is granting inherited permissions to the `research` [=authorization @@ -597,6 +768,13 @@ Bob prefers to specify in granular fashion the default permissions of created resources that should be assigned to any [=authorizations=] with [=write access=] or [=append access=] on a given [=collection=]. +
+ +* [[#req-inheritance-default-permissions]] +* [[#req-collection-creator]] + +
+ ### Default permissions for extended network ### {#inheritance-extended} Alice has a blog and allows comments on her posts. Ideally, everyone's @@ -607,6 +785,14 @@ be immediately visible. Other posts should only be visible and editable to those who wrote them. They can then be viewable to the world when they get reviewed. +
+ +* [[#req-inheritance-default-permissions]] +* [[#req-agent-group]] + +
+ + ### Adding new subjects to inherited permissions ### {#inheritance-adding} Note: Adding a new subject means we are adding a new [=agent=], @@ -633,6 +819,14 @@ Celeste has no other access to other resources in the `weekly-status` [=collection=], nor any that will be created later. The access for the `research` [=authorization group=] doesn't change. +
+ +* [[#req-collection-change-permissions]] +* [[#req-inheritance-readonly]] +* [[#req-inheritance-modify]] + +
+ ### Modifying inherited permissions for existing subjects ### {#inheritance-modifying} On the January 6th weekly status meeting, Bob and the `research` @@ -655,6 +849,14 @@ resources included in the `weekly-status` collection, and any new resources added to it. Inherited [=read access=] for others in the `research` [=authorization group=] is unchanged. +
+ +* [[#req-collection-change-permissions]] +* [[#req-inheritance-readonly]] +* [[#req-inheritance-modify]] + +
+ ### Forcing inherited permissions ### {#inheritance-forcing} As the primary administrator and [=resource controller=] of @@ -667,6 +869,16 @@ wants to always maintain a minimum of [=read access=] and [=control access=] to all of the resources in `https://resource.example`. This allows him to have visibility into everything, and change their permissions as needed. +
+ +* [[#req-collection-change-permissions]] +* [[#req-inheritance-change-permissions]] +* [[#req-inheritance-read-permissions]] +* [[#req-inheritance-readonly]] +* [[#req-inheritance-force]] + +
+ ## Conditional access ## {#uc-conditional} Felicia works for an organization that conducts clinical trials, and leads a @@ -771,6 +983,17 @@ Felicia adds a time-based condition for Erin which states that her access to Erin will have no access to `measurements` after June 30th, 2020. +
+ +* [[#req-access-identity]] +* [[#req-collection-read]] +* [[#req-collection-write]] +* [[#req-inheritance-readonly]] +* [[#req-inheritance-change]] +* [[#req-conditional-time]] + +
+ ### Conditional access by tag ### {#conditional-tag} As a research intern, Erin is responsible for processing all unprocessed @@ -792,6 +1015,16 @@ This allows Erin to work with new measurements for the `Acme` trial without being exposed to measurements from other trials, or already processed measurements from the `Acme` trial. +
+ +* [[#req-access-identity]] +* [[#req-collection-read]] +* [[#req-inheritance-readonly]] +* [[#req-inheritance-change]] +* [[#req-conditional-tag]] + +
+ ### Conditional access by relationship ### {#conditional-relationship} Felicia is responsible for preparing and sharing internal reports for senior @@ -815,6 +1048,14 @@ This ensures that the senior research team members will be able to read measurements referenced by `/reports/report-1`, or any references added to it later, but no others. +
+ +* [[#req-agent-group]] +* [[#req-inheritance-readonly]] +* [[#req-conditional-relationship]] + +
+ ### Conditional access by filter ### {#conditional-filter} Felicia has been able to limit the scope of the [=resources=] that Erin can @@ -828,6 +1069,17 @@ Felicia authorizes Erin to access a reduced set of fields within the measurement [=resources=]. When Erin retrieves a measurement, the response will exclude the fields containing PII. +
+ +* [[#req-access-identity]] +* [[#req-collection-read]] +* [[#req-inheritance-readonly]] +* [[#req-inheritance-change]] +* [[#req-conditional-tag]] +* [[#req-conditional-filter]] + +
+ ### Conditional control boundaries ### {#conditional-control} Megan works on Felicia's team. Felicia would like Megan to be responsible for @@ -845,6 +1097,17 @@ conditions that stipulate: [=agents=] are included in the `interns` [=authorization group=]. * she can't grant [=control access=] to anyone else. +
+ +* [[#req-access-identity]] +* [[#req-collection-read]] +* [[#req-inheritance-read-permissions]] +* [[#req-inheritance-change-permissions]] +* [[#req-conditional-control]] +* [[#req-conditional-control-tag]] + +
+ ### Conditional access by action ### {#conditional-action} The University has a widely used blog for discussion with research teams @@ -855,6 +1118,16 @@ policy: their authors can edit comments for a minimum of 5 minutes and only until these are themselves commented. After that point, the post will be in read-only access mode. +
+ +* [[#req-agent-group]] +* [[#req-collection-creator]] +* [[#req-inheritance-change]] +* [[#req-inheritance-readonly]] +* [[#req-conditional-action]] + +
+ ### Conditional access by payment ### {#conditional-payment} A musician would like to self publish her music to take advantage of a Solid @@ -868,6 +1141,15 @@ payment for small enough sums. Users of the Solid Music App would thus have one more song to choose from amongst the large number made available by musicians worldwide. +
+ +* [[#req-read]] +* [[#req-conditional-action]] +* [[#req-conditional-relationship]] +* [[#req-vc]] + +
+ ## Permissioning Applications ## {#uc-applications} ### Limiting access to trusted applications ### {#uc-trusted-applications} @@ -899,6 +1181,22 @@ for the `health` [=collection=] to include `healthapp`: `healthapp` has [=read access=], [=write access=], and [=control access=] to the `health` [=collection=] +
+ +* [[#req-access-identity]] +* [[#req-application]] +* [[#req-collection-read]] +* [[#req-collection-write]] +* [[#req-collection-read-permissions]] +* [[#req-collection-change-permissions]] +* [[#req-inheritance-change]] +* [[#req-inheritance-readonly]] +* [[#req-inheritance-read-permissions]] +* [[#req-inheritance-change-permissions]] +* [[#req-inheritance-modify]] + +
+ ### Limiting application access while not acting as resource controller ### {#uc-client-constraints} Alice uses application *PerformChart* to visualize her work performance across @@ -909,6 +1207,17 @@ projects, she also has read-write access to many other projects. Since write access. Alice grants *PerformChart* read only access to all the projects that she can access. +
+ +* [[#req-access-identity]] +* [[#req-application]] +* [[#req-client-constrained]] +* [[#req-collection-read]] +* [[#req-collection-write]] +* [[#req-inheritance-change]] +* [[#req-inheritance-readonly]] + +
### Application determining access privileges ### {#uc-client-determine-access-privileges} @@ -924,6 +1233,15 @@ interface can disable the "Save" button in the menu. Guinan also wants to know if the public is granted [=read access=] on the content they are updating, and thus if it can be, for example, liked, bookmarked, archived by everyone. +
+ +* [[#req-access-identity]] +* [[#req-public]] +* [[#req-effective-modes]] +* [[#req-read]] +* [[#req-write]] + +
## Privacy ## {#uc-privacy} @@ -938,6 +1256,14 @@ Neither Carol or Oscar would appreciate knowing that Alice is interviewing with both of them, so it's important neither Carol or Oscar know who else Alice has shared her `resume` with, despite having [=read access=] to it. +
+ +* [[#req-access-identity]] +* [[#req-read-permissions]] +* [[#req-read]] + +
+ ### Limiting access to other authorization conditions ### {#uc-historyofchanges} As an extension of [[#uc-whopermitted]], it is also important to Alice that @@ -949,6 +1275,13 @@ For example, if the data Carol and Oscar saw in the resume was background, she wouldn't want them to know that they were only seeing a filtered view. +
+ +* [[#req-access-identity]] +* [[#req-read-permissions]] + +
+ ### Minimal Credential Disclosure ### {#uc-minimalcredentials} Following a link on a blog post, Alice comes to a resource that requires @@ -961,6 +1294,12 @@ over 18. Her client's credential manager should see this and select the credential revealing the least amount of information needed to access the resource. +
+ +* [[#req-vc]] + +
+ ### Limit information disclosure through URI ### {#uc-limituri} A service with very high security and confidentiality requirements must @@ -1049,6 +1388,13 @@ Carol has a blog, and allows any [=authenticated agent=] (e.g. [[WEBID]], Unfortunately, anyone can setup an identity provider, so Carol would like to be able to recognize credentials issued from trustworthy identity providers. +
+ +* [[#req-access-identity]] +* [[#req-trusted-identity]] + +
+ ### Block access to agents ### {#uc-blockagents} A nonpartisan group provides a public annotation service, and allows any @@ -1059,6 +1405,12 @@ disinformation through the annotation service. The trusted moderators of the service would like to be able to block bad actors from sharing content in the future. +
+ +* [[#req-access-identity]] + +
+ ## Validation ## {#uc-validation} Juan likes to manage his [=authorizations=] manually. Every once in a while, @@ -1102,6 +1454,13 @@ someone in possession of a verifiable medical credential to have inherited [=read access=] to the contents. This gives them just enough background on his condition to treat him properly. +
+ +* [[#req-vc]] +* [[#req-inheritance-readonly]] + +
+ ### Possession of a link ### {#capabilities-link} Bob is about to give a confidential presentation to a group of his colleagues. @@ -1122,6 +1481,10 @@ specially generated link to access the document with [=read access=]. He sets it to [[#conditional-time|expire]] in three hours. Bob gives the link to Anne and the presentation goes off perfectly. +* [[#req-vc]] +* [[#req-read]] +* [[#req-conditional-time]] + Requirements {#requirements} ================================================================================ @@ -1134,7 +1497,13 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. ### The system shall allow access to be limited based on the [=identity=] of the [=agent=]. ### {#req-access-identity}
-Related use cases: [[#uc-basic]], [[#uc-collections]] + Related use cases: [[#uc-basic]], [[#uc-collections]] +
+ +### The system shall allow access to be limited based on the [=identity=] of the [=agent=], only when that identity is issued by a trusted identity provider. ### {#req-trusted-identity} + +
+ Related use cases: [[#uc-trustedissuers]]
### The system shall allow access to be limited to an [=agent=] based on the [=agent's=] membership in a certain group of [=agents=]. ### {#req-agent-group} @@ -1212,7 +1581,7 @@ Related use cases: [[#uc-basic]], [[#uc-collections]] ### The system shall limit the ability to change existing data in a certain [=resource=], such that only new data can be added to it.### {#req-append}
- Related use cases: [[#basic-appendonly]] + Related use cases: [[#basic-appendonly]], [[#basic-readappend]]
### The system shall limit the ability to read a certain [=collection=], exposing only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-read} @@ -1222,6 +1591,12 @@ Related use cases: [[#uc-basic]], [[#uc-collections]] [[#collection-readappend]], [[#collection-readappendwrite]] +### The system shall limit the ability to change data specific to a certain [=collection=], including only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-write} + +
+ Related use cases: [[#collection-readwrite]] +
+ ### The system shall limit the ability to create a [=resource=] in a certain [=collection=].### {#req-collection-create}
@@ -1302,7 +1677,7 @@ Related use cases: [[#uc-basic]], [[#uc-collections]] Related use cases: [[#inheritance-adding]], [[#inheritance-modifying]]
-### The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members and cannot be augmented. ### {#req-inheritance-forcing} +### The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members and cannot be augmented. ### {#req-inheritance-force}
Related use cases: [[#inheritance-forcing]] @@ -1344,7 +1719,7 @@ Related use cases: [[#uc-basic]], [[#uc-collections]] Related use cases: [[#inheritance-control]]
-### The system shall allow for the access permissions associated with a certain resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inhertiance-change-permissions} +### The system shall allow for the access permissions associated with a certain resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-change-permissions}
Related use cases: [[#inheritance-control]] From 80834ff8035512c04ce6ae4cc5ee77978c58756c Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Thu, 4 Feb 2021 08:42:17 -0500 Subject: [PATCH 14/34] remove extraneous files --- proposals/wac-ucr/invitation.ttl | 70 -------------------------------- proposals/wac-ucr/scratch.md | 11 ----- 2 files changed, 81 deletions(-) delete mode 100644 proposals/wac-ucr/invitation.ttl delete mode 100644 proposals/wac-ucr/scratch.md diff --git a/proposals/wac-ucr/invitation.ttl b/proposals/wac-ucr/invitation.ttl deleted file mode 100644 index aeebcb46..00000000 --- a/proposals/wac-ucr/invitation.ttl +++ /dev/null @@ -1,70 +0,0 @@ -@prefix eco: -@prefix xsd: - -<#invitation> - a eco:AccessInvitation ; - eco:registeredBy https://alice.pod.example/profile/id#me ; - eco:registeredWith https://trusted.example/id#agent ; - eco:registeredAt "2020-09-13T19:32:52Z"^^xsd:dateTime ; - eco:updatedAt "2020-09-13T19:32:52Z"^^xsd:dateTime ; - eco:expiresAt "2020-09-20T19:32:52Z"^^xsd:dateTime ; - eco:hasPreparedAccessNeedGroup <#pag-notebook-group> ; - eco:hasDataGrant <#notebook-grant>, <#note-grant> ; - eco:hasAccessInvitationChannel <#phone-channel>, <#email-channel> . - - <#phone-channel> - a eco:PhoneInvitationChannel ; - eco:channelTarget "(555) 555-1212" ; - eco:channelCode "654345" ; - eco:isValidated false ; - eco:remainingAttempts 3 . - - <#email-channel> - a eco:EmailInvitationChannel ; - eco:channelTarget "bob@example.com" ; - eco:channelCode "434567" ; - eco:isValidated true ; - eco:remainingAttempts 3 . - - <#notebook-grant> - a eco:DataGrant ; - eco:hasRegistration data:notebook-tree ; - eco:registeredShapeTree note:notebook-tree ; - eco:satisfiesPreparedAccessNeed <#pan-notebook> ; - eco:accessMode acl:Read, acl:Write ; - eco:scopeOfDataGrant eco:AllInstances ; - - <#note-grant> - a eco:DataGrant ; - eco:hasRegistration data:note-tree ; - eco:registeredShapeTree note:note-tree ; - eco:satisfiesPreparedAccessNeed <#pan-note> ; - eco:accessMode acl:Read, acl:Write ; - eco:scopeOfDataGrant eco:AllInstances ; - - <#pag-notebook-group> - a eco:PreparedAccessNeedGroup ; - eco:fromAccessNeedGroup ex:accessNotebookGroup ; - eco:hasAccessNeedGroupDecorator ex:accessNotebookGroupDecorator ; - eco:accessNecessity eco:AccessRequired ; - eco:authenticatesAs eco:Pilot ; - eco:hasPreparedAccessNeed <#pan-notebook> . - - <#pan-notebook> - a eco:PreparedAccessNeed ; - eco:registeredShapeTree note:notebook-tree ; - eco:accessMode acl:Read, acl:Write ; - eco:accessNecessity eco:AccessRequired ; - eco:hasAccessNeedDecorator ex:notebookAccessDecorator ; - eco:hasShapeTreeDecorator note:notebookDecorator ; - eco:referencesPreparedAccessNeed <#pan-notes> ; - eco:hasDataGrant <#notebook-grant> . - - <#pan-note> - a eco:PreparedAccessNeed ; - eco:registeredShapeTree note:note-tree ; - eco:accessMode acl:Read, acl:Write ; - eco:accessNecessity eco:AccessRequired ; - eco:hasAccessNeedDecorator ex:noteAccessDecorator ; - eco:hasShapeTreeDecorator note:noteDecorator ; - eco:hasDataGrant <#note-grant> . diff --git a/proposals/wac-ucr/scratch.md b/proposals/wac-ucr/scratch.md deleted file mode 100644 index 602d00da..00000000 --- a/proposals/wac-ucr/scratch.md +++ /dev/null @@ -1,11 +0,0 @@ -# Use Cases to Create - -Write use cases for: - -- Conditional Filter -- Conditional Control -- Conditional Action -- Conditional Payment -- UC Client Constraints - -DONE - Change VC requirement from FUTURE From 3b008ec6b2f0225d137286605e28e60d5ad44d33 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Thu, 4 Feb 2021 16:37:21 -0500 Subject: [PATCH 15/34] Additional refinements and cleanup --- proposals/wac-ucr/index.bs | 249 +++++++++++++++++++++++-------------- 1 file changed, 157 insertions(+), 92 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 1dfcc00b..7f99e208 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -65,8 +65,8 @@ Introduction {#intro} The [[#usecases]] in this document represent real-world scenarios that Web Access Control can and should support. The [[#requirements]] in this -document are derived from those use cases, and inform the contents of the -Web Access Control specification. +document are derived from those use cases, and req- the contents of the +next Web Access Control specification. [[#limitations]] highlights the [[#usecases]] that [Legacy Web Access Control](https://github.com/solid/web-access-control-spec) @@ -80,7 +80,23 @@ individuals (i.e. Alice, Bob, Carol, etc.) are already [=authenticated agents=], and their corresponding [=identities=] are known by the [=resource controller=] when they are granted access. -## Basic resource access ## {#uc-basic} +Additionally, since the vast majority of these use cases involve a +[=resource controller=] reviewing and modifying permissions as an +[=authenticated agent=], the following requirements are not listed explicitly +in every use case, but should be assumed when permissions are assigned. +They may appear in certain use cases (such as [[#basic-change-permissions]]) when +relevant. + +
+ +* [[#req-read-permissions]] +* [[#req-change-permissions]] +* [[#req-collection-read-permissions]] +* [[#req-collection-change-permissions]] + +
+ +## Resource access ## {#uc-basic} Alice has a private draft of her resume stored on her [=resource server=] at `https://alice.example/resume`. Alice is the [=resource controller=] @@ -114,7 +130,7 @@ for that resource. -### Control access ### {#basic-control} +### Change permissions ### {#basic-change-permissions} Alice asks Bob to help make her resume more presentable. Alice must give Bob permission to do this, because `resume` is not a public resource, and as the @@ -123,11 +139,24 @@ it.
-* [[#req-read-permissions]] +* [[#req-agent-identity]] * [[#req-change-permissions]]
+### Read permissions ### {#basic-read-permissions} + +Jasmine is a recruiter that has been helping Alice with job placement. Alice +gives Jasmine the ability to read the permissions on `resume`, so that +she can see who else Alice has shared her resume with. + +
+ +* [[#req-agent-identity]] +* [[#req-read-permissions]] + +
+ ### Read-write access ### {#basic-write} Alice gives Bob [=read access=] so that he can read the `resume` resource, and @@ -135,6 +164,7 @@ Alice gives Bob [=read access=] so that he can read the `resume` resource, and
+* [[#req-agent-identity]] * [[#req-read]] * [[#req-write]] @@ -152,6 +182,7 @@ glowing reference for Alice to `resume`.
+* [[#req-agent-identity]] * [[#req-read]] * [[#req-append]] @@ -168,6 +199,7 @@ controller=] for that resource and gives it public [=read access=].
+* [[#req-agent-identity]] * [[#req-read]] * [[#req-append]] @@ -189,6 +221,7 @@ recommendations that have already been added.
+* [[#req-agent-group]] * [[#req-append]]
@@ -200,7 +233,7 @@ finished contributing to it. They can no longer read or make changes to it.
-* [[#req-read-permissions]] +* [[#req-agent-identity]] * [[#req-change-permissions]]
@@ -212,6 +245,7 @@ Alice has a job interview with Carol. Alice gives Carol [=read access=] to
+* [[#req-agent-identity]] * [[#req-read]]
@@ -236,8 +270,6 @@ active. This is much more intuitive and easy for Alice.
* [[#req-agent-group]] -* [[#req-read-permissions]] -* [[#req-change-permissions]] * [[#req-read]]
@@ -250,9 +282,8 @@ several job boards.
-* [[#req-change-permissions]] -* [[#req-read]] * [[#req-public]] +* [[#req-read]]
@@ -277,15 +308,14 @@ explicitly be that group.
-* [[#req-change-permissions]] +* [[#req-authenticated]] * [[#req-read]] * [[#req-write]] -* [[#req-authenticated]] * [[#req-agent-group]]
-## Basic collection access ## {#uc-collections} +## Collection access ## {#uc-collections} Note: These use cases are focused on access to a [=collection=] itself. Use cases that focus on permissions related to [=resources=] included in that @@ -375,16 +405,15 @@ which allows them to read its contents fully. Alice has also granted them [=read access=] to the `portfolio` [=collection=]. She only wants them to see detail about the `portfolio` [=collection=] itself, along with a listing of its contents, but not the contents of the -[=resources=] included in that [=collection=] just yet. +[=resources=] included in that [=collection=]. Alice wants to know which of them are really interested based on who asks her for -more access to the contents of `portfolio`. +more access to the contents of the resources in `portfolio`.
-* [[#req-change-permissions]] +* [[#req-agent-identity]] * [[#req-read]] -* [[#req-collection-change-permissions]] * [[#req-collection-read]]
@@ -409,7 +438,7 @@ Milo updates the contents of `document1` to the most recent version.
-* [[#req-collection-change-permissions]] +* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-collection-write]] @@ -431,7 +460,7 @@ included.
-* [[#req-collection-change-permissions]] +* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-collection-create]] @@ -449,17 +478,19 @@ which are stored in the `comments` [=collection=]. When she asks a colleague to leave a comment, she gives them the following permissions: +* [=Read access=] to the `comments` [=collection=] + so they can list existing comments (including their own). * Inherited [=read access=] to the `comments` [=collection=] - so they can list and read existing comments (including their own). + so they can read the contents of existing comments (including their own). * [=Append access=] to the `comments` [=collection=], which allows them to - add their own comments, but not change anyone else's. + add their own comments, but not change any that exist already. * Ability to write (edit or delete) any resources in `comments` that they have created themselves, but none created by anyone else.
-* [[#req-collection-change-permissions]] -* [[#req-collection-inheritance]] +* [[#req-agent-identity]] +* [[#req-collection-read]] * [[#req-inheritance-readonly]] * [[#req-collection-create]] * [[#req-collection-creator]] @@ -480,30 +511,31 @@ opportunities, but none of the others will see them.
-* [[#req-collection-change-permissions]] +* [[#req-agent-identity]] * [[#req-collection-create]]
-### Control access to a Collection ### {#collection-control} +### Manage permissions for a Collection ### {#collection-control} Bob reminds Alice that some of the other people who worked on `project1` may also have materials they can add to the `portfolio`, but he needs to lookup their information. Alice trusts Bob with the contents of the `project1` collection, since it's -the output of their shared work. She gives him [=control access=] to -`project1` so that he can help her invite other colleagues from the past to -add [=resources=] to it. +the output of their shared work. She gives him [=read permission access=] +and [=write permission access=] to `project1` so that he can help her +invite other colleagues from the past to add [=resources=] to it.
+* [[#req-agent-identity]] * [[#req-collection-read-permissions]] * [[#req-collection-change-permissions]]
-## Inheritance ## {#uc-inheritance} +## Resource access inherited from Collection ## {#uc-inheritance} Bob is leading a group of colleagues doing field research. This group includes Charles, Felicia, Juan, and Irene. @@ -641,7 +673,7 @@ https://research.example/ -### Read-only access to collection of resources ### {#inheritance-readonly} +### Read-only access to collection resources ### {#inheritance-readonly} Bob has a weekly status meeting with the members of the `research` [=authorization group=]. @@ -654,22 +686,25 @@ them permissions every week to each newly created note. Bob stores his notes from the weekly status meeting in the `weekly-status` [=collection=]. -He grants the `research` [=authorization group=] inherited [=read access=] to +He grants the `research` [=authorization group=] [=read access=] to the `weekly-status` [=collection=], which means they can read specific details -about the [=collection=], see a listing of the resource included in it (e.g. -Bob's notes), and read the contents of each note. This is especially important +about the [=collection=] and see a listing of the resources included in it (e.g. +Bob's notes). He also grants them inherited [=read access=] to the members +of the [=collection=], which allows them to read the contents of each note. + +This is especially important because in this case each of Bob's notes are actually a [=collection=] themselves, capable of storing inline data or attachments, like pictures or videos. -Because Bob grants inherited [=read access=] at the `weekly-status` -[=collection=], it will apply to everything already in the [=collection=], as -well as anything that will be added in the future. +Because Bob sets inherited [=read access=] at the `weekly-status` +[=collection=], it applies to all of the members already in the [=collection=], as +well as any that will be added in the future.
* [[#req-agent-group]] -* [[#req-collection-change-permissions]] +* [[#req-collection-read]] * [[#req-inheritance-readonly]]
@@ -679,18 +714,23 @@ well as anything that will be added in the future. Every day, someone in the group is responsible for recording data from devices in the field, and storing those metrics in `daily-metrics`. -Bob gives the `research` [=authorization group=] [=append access=] and inherited -[=read access=] to the `daily-metrics` [=collection=]. This allows anyone -in the [=authorization group=] to see the contents of the [=collection=], and add new -readings. They cannot modify readings after they are recorded. This provides -confidence that readings are not manipulated after the fact. +Bob sets the following permissions on the `daily-metrics` [=collection=] for +the `research` [=authorization group=]: + +* [=Read access=] so they can see the current list of [=resources=] in + the [=collection=]. +* Inherited [=read access=] so that they can read the contents of those + [=resources=]. +* [=Append access=] so that they can add new readings. They cannot modify + readings after they are recorded. This provides confidence that readings + are not manipulated after the fact.
* [[#req-agent-group]] -* [[#req-collection-change-permissions]] -* [[#req-collection-create]] +* [[#req-collection-read]] * [[#req-inheritance-readonly]] +* [[#req-collection-create]]
@@ -700,16 +740,22 @@ The members of the `research` [=authorization group=] collaborate on a daily summary, where they analyze the day's field readings stored in `daily-summaries`, detailing any new, validated, or invalidated hypotheses. -Bob gives the `research` [=authorization group=] inherited [=read access=] and -[=write access=] to the `daily-summaries` [=collection=]. This allows anyone -in the [=authorization group=] to see the contents of the [=collection=] and -collaborate on a given day's summary. They can update the contents together -until they're satisfied with the results. +Bob sets the following permissions on the `daily-summaries` [=collection=] +for the `research` [=authorization group=]: + +* [=Read access=] so they can see the current list of [=resources=] in + the [=collection=]. +* [=Write access=] so they can change the contents and members of the + [=collection=] +* Inherited [=read access=] and [=write access=] so they can read the + contents of the summaries in the [=collection=], author new ones, + and update the contents together until they're satisfied with the results.
* [[#req-agent-group]] -* [[#req-collection-change-permissions]] +* [[#req-collection-read]] +* [[#req-collection-write]] * [[#req-inheritance-readonly]] * [[#req-inheritance-change]] @@ -720,34 +766,47 @@ until they're satisfied with the results. Bob purchases a new field device that is able to automatically push daily metric readings in `daily-metrics`. -Bob gives the new field device [=read access=] on the `daily-metrics` -[=collection=] so it can access the list of resources inside, and inherited -[=append access=] access to `daily-metrics`, which allows it to add to a -daily-metric resource if it already exists, or create a new one if a member of -the `research` [=authorization group=] hasn't made one for that day yet. +Bob gives the new field device the following permissions on the +`daily-metrics` [=collection=]: + +* [=Read access=] so it can access the list of resources in the collection +* Inherited [=read access=] so it can read the contents of existing metric readings +* [=Append access=] so it can create a new daily metric resource if a member of + the `research` [=authorization group=] hasn't made one for that day yet. +* Inherited [=append access=] so it can add metric readings to daily-metric + resource that already exists.
-* [[#req-collection-change-permissions]] +* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-collection-create]] +* [[#req-inheritance-readonly]] * [[#req-inheritance-appendonly]]
-### Control access to collection resources ### {#inheritance-control} +### Manage permissions for collection resources ### {#inheritance-control} Bob realizes that he needs some help administering `https://research.example`. -He provides Carol with inherited [=read access=] and [=control access=] to -`https://research.example/`, allowing her to read and manage permissions for -all of the [=resources=] and [=collections=] included within it. +He provides Carol with the following permissions on the +`https://research.example` collection: + +* [=Read access=] so she can see the current list of [=resources=] in + the [=collection=]. +* Inherited [=read access=] so she can read the + contents of the resources in the [=collection=] +* [=Read permission access=] and [=write permission access=] allowing her + to read and manage permissions for all of the [=resources=] and + included within it.
-* [[#req-collection-change-permissions]] -* [[#req-collection-read-permissions]] +* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-inheritance-readonly]] +* [[#req-collection-read-permissions]] +* [[#req-collection-change-permissions]]
@@ -771,7 +830,6 @@ access=] or [=append access=] on a given [=collection=].
* [[#req-inheritance-default-permissions]] -* [[#req-collection-creator]]
@@ -807,7 +865,7 @@ to the `weekly-status` [=collection=] (detailed in [[#inheritance-readonly]]). Celeste isn't a regular member of the `research` [=authorization group=], but happened to attend the weekly status meeting on December 30th, 2019. -Bob would like to give Celeste inherited [=read access=] to **only** the note +Bob would like to give Celeste [=read access=] to **only** the note for the meeting she attended (`12-30-2019.note`), without affecting the access that he's given to the `research` [=authorization group=]. `research` has inherited [=read access=] on everything in the `weekly-status` [=collection=], @@ -821,7 +879,7 @@ Celeste has no other access to other resources in the `weekly-status`
-* [[#req-collection-change-permissions]] +* [[#req-agent-identity]] * [[#req-inheritance-readonly]] * [[#req-inheritance-modify]] @@ -851,7 +909,7 @@ added to it. Inherited [=read access=] for others in the `research`
-* [[#req-collection-change-permissions]] +* [[#req-agent-identity]] * [[#req-inheritance-readonly]] * [[#req-inheritance-modify]] @@ -865,12 +923,14 @@ control over the data inside. Even though he's given Carol permission to help him administer the [=resource server=], he wants to ensure that she's not able to cut out his access. He -wants to always maintain a minimum of [=read access=] and [=control access=] -to all of the resources in `https://resource.example`. This allows him to have +wants to always maintain a minimum of [=read access=], [=read permission access=], +and [=write permission access=] to all of the resources in +`https://resource.example`. This allows him to have visibility into everything, and change their permissions as needed.
+* [[#req-agent-identity]] * [[#req-collection-change-permissions]] * [[#req-inheritance-change-permissions]] * [[#req-inheritance-read-permissions]] @@ -985,7 +1045,7 @@ Erin will have no access to `measurements` after June 30th, 2020.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-collection-write]] * [[#req-inheritance-readonly]] @@ -1017,7 +1077,7 @@ measurements from the `Acme` trial.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-inheritance-readonly]] * [[#req-inheritance-change]] @@ -1071,7 +1131,7 @@ will exclude the fields containing PII.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-inheritance-readonly]] * [[#req-inheritance-change]] @@ -1087,19 +1147,22 @@ managing access to trial data for the research interns assigned to the `Acme` project. Felicia doesn't want to give Megan more permission than she needs to do that work. -Felicia grants Megan inherited [=control access=] to `measurements`, with +Felicia grants Megan inherited [=read permission access=] +and [=write permission access=] to `measurements`, with conditions that stipulate: -* she only has effective [=control access=] of [=resources=] that include +* she only has effective [=read permission access=] and + [=write permission access=] of [=resources=] that include the `Acme` [=tag=] within the `measurements` [=collection=]. * she can only create or change [=authorizations=] targeting the `measurements` [=collection=] where [=agents=] are included in the `interns` [=authorization group=]. -* she can't grant [=control access=] to anyone else. +* she can't grant [=read permission access=] and/or [=write permission access=] + to anyone else.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-inheritance-read-permissions]] * [[#req-inheritance-change-permissions]] @@ -1171,19 +1234,19 @@ For example, to constrain Oscar's access to `https://oscar.example` to only cases where an application he trusts is involved: * Oscar **with the** `trusted-applications` [=authorization group=] has - [=read access=], [=write access=], and [=control access=] to - `https://oscar.example` + [=read access=], [=write access=], [=read permission access=], + and [=write permission access=] to `https://oscar.example` Following that, per [[#inheritance-modifying]], he could extend this default for the `health` [=collection=] to include `healthapp`: * Oscar **with the** `trusted-applications` [=authorization group=] AND - `healthapp` has [=read access=], [=write access=], and [=control access=] - to the `health` [=collection=] + `healthapp` has [=read access=], [=write access=], [=read permission access=], + and [=write permission access=] to the `health` [=collection=]
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-application]] * [[#req-collection-read]] * [[#req-collection-write]] @@ -1209,7 +1272,7 @@ that she can access.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-application]] * [[#req-client-constrained]] * [[#req-collection-read]] @@ -1235,7 +1298,7 @@ thus if it can be, for example, liked, bookmarked, archived by everyone.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-public]] * [[#req-effective-modes]] * [[#req-read]] @@ -1258,7 +1321,7 @@ Alice has shared her `resume` with, despite having [=read access=] to it.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-read-permissions]] * [[#req-read]] @@ -1277,7 +1340,7 @@ filtered view.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-read-permissions]]
@@ -1390,7 +1453,7 @@ be able to recognize credentials issued from trustworthy identity providers.
-* [[#req-access-identity]] +* [[#req-agent-identity]] * [[#req-trusted-identity]]
@@ -1407,7 +1470,7 @@ future.
-* [[#req-access-identity]] +* [[#req-agent-identity]]
@@ -1494,7 +1557,7 @@ Note: Unless otherwise specified, *allowing or limiting access* in the subsequent requirements should be interpreted in the context of allowing or limiting access to a [=resource=] or [=collection=] by an [=agent=]. -### The system shall allow access to be limited based on the [=identity=] of the [=agent=]. ### {#req-access-identity} +### The system shall allow access to be limited based on the [=identity=] of the [=agent=]. ### {#req-agent-identity}
Related use cases: [[#uc-basic]], [[#uc-collections]] @@ -1551,13 +1614,13 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. ### The system shall limit the ability to read the access permissions associated with a certain [=resource=]. ### {#req-read-permissions}
- Related use cases: [[#basic-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]] + Related use cases: [[#basic-read-permissions]], [[#uc-whopermitted]], [[#uc-historyofchanges]]
### The system shall limit the ability to change the access permissions associated with a certain [=resource=]. ### {#req-change-permissions}
- Related use cases: [[#basic-control]] + Related use cases: [[#basic-change-permissions]]
### The system shall provide the effective access permission modes on a certain [=resource=] or [=collection=] as they relate to the [=agent=] making the request, in the request response. ### {#req-effective-modes} @@ -1805,9 +1868,11 @@ and/or [=application=] can perform on one or more [=resources=]. [=applications=] to add data to a resource, but not modify any data that already exists. -Control access is an [=access mode=] that allows [=agents=] and/or -[=applications=] to view and modify [=authorizations=] associated with a -[=resource=]. +Read permission access is an [=access mode=] that allows [=agents=] and/or +[=applications=] to view [=authorizations=] associated with a [=resource=]. + +Write permission access is an [=access mode=] that allows [=agents=] and/or +[=applications=] to modify [=authorizations=] associated with a [=resource=]. 
 {

From 15c718defd59aa841b304989d43a400af429436d Mon Sep 17 00:00:00 2001
From: Justin Bingham 
Date: Fri, 5 Feb 2021 07:57:59 -0500
Subject: [PATCH 16/34] Cleanup table of contents

---
 proposals/wac-ucr/index.bs | 126 ++++++++++++++++++++-----------------
 1 file changed, 68 insertions(+), 58 deletions(-)

diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs
index 7f99e208..3f2b9819 100644
--- a/proposals/wac-ucr/index.bs
+++ b/proposals/wac-ucr/index.bs
@@ -2,7 +2,7 @@
 Title: Use Cases and Requirements for Web Access Control
 Shortname: wac-ucr
 Level: 1
-Max ToC Depth: 3
+Max ToC Depth: 2
 Status: w3c/ED
 Group: solid-cg
 URL: https://solid.github.io/authorization-panel/wac-ucr/
@@ -1548,15 +1548,15 @@ and the presentation goes off perfectly.
 * [[#req-read]]
 * [[#req-conditional-time]]
 
-Requirements {#requirements}
+Functional Requirements {#requirements}
 ================================================================================
 
-## Functional Requirements ## {#req-functional}
-
 Note: Unless otherwise specified, *allowing or limiting access* in the 
 subsequent requirements should be interpreted in the context of allowing
 or limiting access to a [=resource=] or [=collection=] by an [=agent=].
 
+## Access by subject ## {#req-as}
+
 ### The system shall allow access to be limited based on the [=identity=] of the [=agent=]. ### {#req-agent-identity}
 
 
    
@@ -1587,18 +1587,6 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=].
   Related use cases: [[#uc-client-constraints]]
 

 
-### The system shall allow for access to a [=resource=] or [=collection=] to be limited to the [=agent=] that created it. ### {#req-creator}
-
-
    
-  Related use cases: [[#collection-readappendwrite]]
-

-
-### The system shall allow access to be limited to an [=agent=] based on the [=agent's=] possession of a certain verifiable credential or capability. ### {#req-vc}
-
-
    
-  Related use cases: [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]]
-

-
 ### The system shall allow access to be permitted for any unauthenticated or authenticated [=agent=]. ### {#req-public}
 
 
    
@@ -1610,7 +1598,17 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=].
 
    
   Related use cases: [[#basic-authenticated]]
 

-    
+
+## Access by capability ## {#req-capabilities}
+
+### The system shall allow access to be limited to an [=agent=] based on the [=agent's=] possession of a certain verifiable credential or capability. ### {#req-vc}
+
+
    
+  Related use cases: [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]]
+

+
+## Access to resources ## {#req-resources}
+
 ### The system shall limit the ability to read the access permissions associated with a certain [=resource=]. ### {#req-read-permissions}
 
 
    
@@ -1646,6 +1644,14 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=].
 
    
   Related use cases: [[#basic-appendonly]], [[#basic-readappend]]
 

+
+### The system shall allow for access to a [=resource=] or [=collection=] to be limited to the [=agent=] that created it. ### {#req-creator}
+
+
    
+  Related use cases: [[#collection-readappendwrite]]
+

+
+## Access to collections ## {#req-collections}
     
 ### The system shall limit the ability to read a certain [=collection=], exposing only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-read}
 
@@ -1686,47 +1692,7 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=].
   Related use cases: [[#collection-control]]
 

 
-### The system shall limit the ability to access a certain [=resource=] by a given start and/or end data and time.### {#req-conditional-time}
-
-
    
-  Related use cases: [[#conditional-time]]
-

-
-### The system shall limit the ability to access a certain [=resource=] by a tag associated with that resource.### {#req-conditional-tag}
-
-
    
-  Related use cases: [[#conditional-tag]]
-

-    
-### The system shall limit the ability to access a certain [=resource=] based on the existence of a specific relationship with another [=resource=].### {#req-conditional-relationship}
-
-
    
-  Related use cases: [[#conditional-relationship]]
-

-    
-### The system shall limit access to only a subset of data in a certain [=resource=] based on supplied filter criteria.### {#req-conditional-filter}
-
-
    
-  Related use cases: [[#conditional-filter]]
-

-
-### The system shall allow the [=access modes=] and/or conditions of a given access permission for a certain [=resource=] or [=collection=] to change after other specified conditions have been satisfied.### {#req-conditional-action}
-
-
    
-  Related use cases: [[#conditional-action]]
-

-  
-### The system shall limit the ability to read, create, or change only those access permissions for a given [=resource=] or [=collection=] that apply to a specified group of [=agents=].### {#req-conditional-control}
-
-
    
-  Related use cases: [[#conditional-control]]
-

-
-### The system shall limit the ability to read, create, or change access permissions for [=resources=] associated with a particular tag.### {#req-conditional-control-tag}
-
-
    
-  Related use cases: [[#conditional-control]]
-

+## Inherited access to collection resources ## {#req-inherited}
 
 ### The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members.### {#req-collection-inheritance}
 
@@ -1788,6 +1754,50 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=].
   Related use cases: [[#inheritance-control]]
 

 
+## Conditional access ## {#req-conditional}
+
+### The system shall limit the ability to access a certain [=resource=] by a given start and/or end data and time.### {#req-conditional-time}
+
+
    
+  Related use cases: [[#conditional-time]]
+

+
+### The system shall limit the ability to access a certain [=resource=] by a tag associated with that resource.### {#req-conditional-tag}
+
+
    
+  Related use cases: [[#conditional-tag]]
+

+    
+### The system shall limit the ability to access a certain [=resource=] based on the existence of a specific relationship with another [=resource=].### {#req-conditional-relationship}
+
+
    
+  Related use cases: [[#conditional-relationship]]
+

+    
+### The system shall limit access to only a subset of data in a certain [=resource=] based on supplied filter criteria.### {#req-conditional-filter}
+
+
    
+  Related use cases: [[#conditional-filter]]
+

+
+### The system shall allow the [=access modes=] and/or conditions of a given access permission for a certain [=resource=] or [=collection=] to change after other specified conditions have been satisfied.### {#req-conditional-action}
+
+
    
+  Related use cases: [[#conditional-action]]
+

+  
+### The system shall limit the ability to read, create, or change only those access permissions for a given [=resource=] or [=collection=] that apply to a specified group of [=agents=].### {#req-conditional-control}
+
+
    
+  Related use cases: [[#conditional-control]]
+

+
+### The system shall limit the ability to read, create, or change access permissions for [=resources=] associated with a particular tag.### {#req-conditional-control-tag}
+
+
    
+  Related use cases: [[#conditional-control]]
+

+
 Limitations of Legacy Web Access Control {#limitations}
 ================================================================================
 

From 5ddf9f6a63a1f327383692a4b2f680d05b873339 Mon Sep 17 00:00:00 2001
From: Justin Bingham 
Date: Fri, 5 Feb 2021 08:16:43 -0500
Subject: [PATCH 17/34] Change header name

---
 proposals/wac-ucr/index.bs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs
index 3f2b9819..34dddfe6 100644
--- a/proposals/wac-ucr/index.bs
+++ b/proposals/wac-ucr/index.bs
@@ -535,7 +535,7 @@ invite other colleagues from the past to add [=resources=] to it.
-## Resource access inherited from Collection ## {#uc-inheritance} +## Collection resource inherited access ## {#uc-inheritance} Bob is leading a group of colleagues doing field research. This group includes Charles, Felicia, Juan, and Irene. From 830638845ee6c2e8a48d9634995916c79ef1a1d3 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Fri, 5 Feb 2021 08:51:57 -0500 Subject: [PATCH 18/34] Minor grammar Co-authored-by: Ted Thibodeau Jr --- proposals/wac-ucr/index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 34dddfe6..b9f05c7b 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -65,7 +65,7 @@ Introduction {#intro} The [[#usecases]] in this document represent real-world scenarios that Web Access Control can and should support. The [[#requirements]] in this -document are derived from those use cases, and req- the contents of the +document are derived from those use cases, and support the contents of the next Web Access Control specification. [[#limitations]] highlights the [[#usecases]] that From 65eee4c4c32e1a1828d9951cd8d53da7c5f20ddb Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Fri, 5 Feb 2021 08:56:46 -0500 Subject: [PATCH 19/34] Minor grammar Co-authored-by: Ted Thibodeau Jr --- proposals/wac-ucr/index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index b9f05c7b..38e9d50b 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -688,7 +688,7 @@ Bob stores his notes from the weekly status meeting in the `weekly-status` He grants the `research` [=authorization group=] [=read access=] to the `weekly-status` [=collection=], which means they can read specific details -about the [=collection=] and see a listing of the resources included in it (e.g. +about the [=collection=] and see a listing of the resources included in it (e.g., Bob's notes). He also grants them inherited [=read access=] to the members of the [=collection=], which allows them to read the contents of each note. From ba7eccd3ee5efcebb2d5b74d51323d845e898251 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Fri, 5 Feb 2021 08:57:09 -0500 Subject: [PATCH 20/34] Minor grammar Co-authored-by: Ted Thibodeau Jr --- proposals/wac-ucr/index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 38e9d50b..7cd20afb 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -699,7 +699,7 @@ videos. Because Bob sets inherited [=read access=] at the `weekly-status` [=collection=], it applies to all of the members already in the [=collection=], as -well as any that will be added in the future. +well as any that are added in the future.
From f3a636936623033bad279d3cea53dc35c2d398cc Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 8 Feb 2021 15:27:04 -0500 Subject: [PATCH 21/34] Add requirement for client credential determination --- proposals/wac-ucr/index.bs | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 7cd20afb..c245581b 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1210,6 +1210,7 @@ musicians worldwide. * [[#req-conditional-action]] * [[#req-conditional-relationship]] * [[#req-vc]] +* [[#req-vc-determine]]
@@ -1360,6 +1361,7 @@ resource.
* [[#req-vc]] +* [[#req-vc-determine]]
@@ -1521,7 +1523,8 @@ condition to treat him properly. * [[#req-vc]] * [[#req-inheritance-readonly]] - +* [[#req-vc-determine]] +
### Possession of a link ### {#capabilities-link} @@ -1607,6 +1610,12 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#capabilities-vc]], [[#capabilities-link]], [[#uc-minimalcredentials]]
+### The system shall ensure that there are practical and efficient mechanism available for the client to determine an appropriate credential to present for access to a given [=resource=]. ### {#req-vc-determine} + +
+ Related use cases: [[#capabilities-vc]], [[#uc-minimalcredentials]], [[#conditional-payment]] +
+ ## Access to resources ## {#req-resources} ### The system shall limit the ability to read the access permissions associated with a certain [=resource=]. ### {#req-read-permissions} From 1f8be9cdc004c154d597bc3c0f11067eb6219758 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 8 Feb 2021 15:39:11 -0500 Subject: [PATCH 22/34] Remove extraneous explanation --- proposals/wac-ucr/index.bs | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index c245581b..b5ab9346 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -80,22 +80,6 @@ individuals (i.e. Alice, Bob, Carol, etc.) are already [=authenticated agents=], and their corresponding [=identities=] are known by the [=resource controller=] when they are granted access. -Additionally, since the vast majority of these use cases involve a -[=resource controller=] reviewing and modifying permissions as an -[=authenticated agent=], the following requirements are not listed explicitly -in every use case, but should be assumed when permissions are assigned. -They may appear in certain use cases (such as [[#basic-change-permissions]]) when -relevant. - -
- -* [[#req-read-permissions]] -* [[#req-change-permissions]] -* [[#req-collection-read-permissions]] -* [[#req-collection-change-permissions]] - -
- ## Resource access ## {#uc-basic} Alice has a private draft of her resume stored on her [=resource server=] at From 691e677fb30249fd00b4d3a547899a98a7713f51 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 8 Feb 2021 15:49:45 -0500 Subject: [PATCH 23/34] Adjust requirement phrasing --- proposals/wac-ucr/index.bs | 32 ++++++++++++++++---------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index b5ab9346..9d247e75 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1602,13 +1602,13 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. ## Access to resources ## {#req-resources} -### The system shall limit the ability to read the access permissions associated with a certain [=resource=]. ### {#req-read-permissions} +### The system shall allow the ability to read the access permissions associated with a certain [=resource=] to be limited. ### {#req-read-permissions}
Related use cases: [[#basic-read-permissions]], [[#uc-whopermitted]], [[#uc-historyofchanges]]
-### The system shall limit the ability to change the access permissions associated with a certain [=resource=]. ### {#req-change-permissions} +### The system shall allow the ability to change the access permissions associated with a certain [=resource=] to be limited. ### {#req-change-permissions}
Related use cases: [[#basic-change-permissions]] @@ -1620,19 +1620,19 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#uc-client-determine-access-privileges]]
-### The system shall limit the ability to read a certain [=resource=].### {#req-read} +### The system shall allow the ability to read a certain [=resource=] to be limited.### {#req-read}
Related use cases: [[#basic-readonly]], [[#basic-write]], [[#basic-readappend]]
-### The system shall limit the ability to change any of the existing contents of a certain [=resource=].### {#req-write} +### The system shall allow the ability to change any of the existing contents of a certain [=resource=] to be limited.### {#req-write}
Related use cases: [[#basic-write]]
-### The system shall limit the ability to change existing data in a certain [=resource=], such that only new data can be added to it.### {#req-append} +### The system shall allow the ability to change existing data in a certain [=resource=] to be limited, such that only new data can be added to it.### {#req-append}
Related use cases: [[#basic-appendonly]], [[#basic-readappend]] @@ -1646,20 +1646,20 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. ## Access to collections ## {#req-collections} -### The system shall limit the ability to read a certain [=collection=], exposing only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-read} +### The system shall allow the ability to read a certain [=collection=] to be limited, exposing only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-read}
Related use cases: [[#collection-readonly]], [[#collection-readwrite]], [[#collection-readappend]], [[#collection-readappendwrite]]
-### The system shall limit the ability to change data specific to a certain [=collection=], including only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-write} +### The system shall allow the ability to change data specific to a certain [=collection=] to be limited, including only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-write}
Related use cases: [[#collection-readwrite]]
-### The system shall limit the ability to create a [=resource=] in a certain [=collection=].### {#req-collection-create} +### The system shall allow the ability to create a [=resource=] in a certain [=collection=] to be limited.### {#req-collection-create}
Related use cases: [[#collection-readwrite]], [[#collection-readappend]], @@ -1672,14 +1672,14 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#collection-readappendwrite]]
-### The system shall limit the ability to read the access permissions associated with a certain [=collection=].### {#req-collection-read-permissions} +### The system shall allow the ability to read the access permissions associated with a certain [=collection=] to be limited.### {#req-collection-read-permissions}
Related use cases: [[#collection-control]], [[#uc-whopermitted]], [[#uc-historyofchanges]]
-### The system shall limit the ability to change the access permissions associated with a certain [=collection=].### {#req-collection-change-permissions} +### The system shall allow the ability to change the access permissions associated with a certain [=collection=] to be limited.### {#req-collection-change-permissions}
Related use cases: [[#collection-control]] @@ -1749,25 +1749,25 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. ## Conditional access ## {#req-conditional} -### The system shall limit the ability to access a certain [=resource=] by a given start and/or end data and time.### {#req-conditional-time} +### The system shall allow the ability to limit access to a certain [=resource=] by a given start and/or end data and time.### {#req-conditional-time}
Related use cases: [[#conditional-time]]
-### The system shall limit the ability to access a certain [=resource=] by a tag associated with that resource.### {#req-conditional-tag} +### The system shall allow the ability to limit access a certain [=resource=] by a tag associated with that resource.### {#req-conditional-tag}
Related use cases: [[#conditional-tag]]
-### The system shall limit the ability to access a certain [=resource=] based on the existence of a specific relationship with another [=resource=].### {#req-conditional-relationship} +### The system shall allow the ability to limit access a certain [=resource=] based on the existence of a specific relationship with another [=resource=].### {#req-conditional-relationship}
Related use cases: [[#conditional-relationship]]
-### The system shall limit access to only a subset of data in a certain [=resource=] based on supplied filter criteria.### {#req-conditional-filter} +### The system shall allow access to be limited to only a subset of data in a certain [=resource=] based on supplied filter criteria.### {#req-conditional-filter}
Related use cases: [[#conditional-filter]] @@ -1779,13 +1779,13 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#conditional-action]]
-### The system shall limit the ability to read, create, or change only those access permissions for a given [=resource=] or [=collection=] that apply to a specified group of [=agents=].### {#req-conditional-control} +### The system shall allow the ability to read, create, or change only those access permissions for a given [=resource=] or [=collection=] that apply to a specified group of [=agents=] to be limited.### {#req-conditional-control}
Related use cases: [[#conditional-control]]
-### The system shall limit the ability to read, create, or change access permissions for [=resources=] associated with a particular tag.### {#req-conditional-control-tag} +### The system shall allow the ability to read, create, or change access permissions for [=resources=] associated with a particular tag to be limited.### {#req-conditional-control-tag}
Related use cases: [[#conditional-control]] From e373f12626693444b060908f8426959fc9a5c490 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 8 Feb 2021 15:53:52 -0500 Subject: [PATCH 24/34] Add conditional req to extended network use case --- proposals/wac-ucr/index.bs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 9d247e75..97008ee4 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -831,6 +831,7 @@ reviewed. * [[#req-inheritance-default-permissions]] * [[#req-agent-group]] +* [[#req-conditional-relationship]]
@@ -1764,7 +1765,7 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. ### The system shall allow the ability to limit access a certain [=resource=] based on the existence of a specific relationship with another [=resource=].### {#req-conditional-relationship}
- Related use cases: [[#conditional-relationship]] + Related use cases: [[#conditional-relationship]], [[#inheritance-extended]]
### The system shall allow access to be limited to only a subset of data in a certain [=resource=] based on supplied filter criteria.### {#req-conditional-filter} From d19b15051cccbcf6b9165b24d572ff4074bc214b Mon Sep 17 00:00:00 2001 From: Henry Story Date: Mon, 8 Feb 2021 22:43:54 +0100 Subject: [PATCH 25/34] minor gramatical fix --- proposals/wac-ucr/index.bs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 97008ee4..f6baf3dd 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1756,13 +1756,13 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#conditional-time]]
-### The system shall allow the ability to limit access a certain [=resource=] by a tag associated with that resource.### {#req-conditional-tag} +### The system shall allow the ability to limit access to a certain [=resource=] by a tag associated with that resource.### {#req-conditional-tag}
Related use cases: [[#conditional-tag]]
-### The system shall allow the ability to limit access a certain [=resource=] based on the existence of a specific relationship with another [=resource=].### {#req-conditional-relationship} +### The system shall allow the ability to limit access to a certain [=resource=] based on the existence of a specific relationship with another [=resource=].### {#req-conditional-relationship}
Related use cases: [[#conditional-relationship]], [[#inheritance-extended]] From 7086b9921b09ca04c5380a3dfb740403c3e0b667 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 8 Feb 2021 19:02:59 -0500 Subject: [PATCH 26/34] Add use cases to limitations --- proposals/wac-ucr/index.bs | 3 +++ 1 file changed, 3 insertions(+) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index f6baf3dd..0bdb4b68 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1801,16 +1801,19 @@ does not satisfy the following use cases: * [[#inheritance-adding]] * [[#inheritance-modifying]] * [[#inheritance-forcing]] +* [[#inheritance-extended]] * [[#collection-readappendwrite]] * [[#conditional-time]] * [[#conditional-tag]] * [[#conditional-filter]] * [[#conditional-control]] +* [[#conditional-payment]] * [[#uc-applications]] * [[#uc-trustedissuers]] * [[#uc-validation]] * [[#capabilities-vc]] * [[#capabilities-link]] +* [[#uc-minimalcredentials]] Definitions {#definitions} ================================================================================ From 1150c90f4aade028dce93821a2a47e3bb6a43e57 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Tue, 9 Feb 2021 08:06:30 -0500 Subject: [PATCH 27/34] Add requirement on uri path reliance --- proposals/wac-ucr/index.bs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 0bdb4b68..adf7932c 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1417,7 +1417,6 @@ scheme. - Some of the UUID resources represent collections and others various types of content. Collections can contain other collections as usual, but this cannot be deduced from the name. Only clients that are authorized can tell from the @@ -1428,6 +1427,14 @@ The service would like to be able to use the same applications on those resources as it does on its public facing Solid Web site, where it uses humanly readable and memorable names for its resources. +
+ +* [[#req-uripath]] + +
+ + + ## Trust ## {#uc-trust} ### Only trust certain issuers of identity ### {#uc-trustedissuers} @@ -1645,6 +1652,12 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#collection-readappendwrite]]
+### The system shall not rely on the URI path to identity [=resources=] or [=collections=] ### {#req-uripath} + +
+ Related use cases: [[#uc-limituri]] +
+ ## Access to collections ## {#req-collections} ### The system shall allow the ability to read a certain [=collection=] to be limited, exposing only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-read} From 83644fc68adde83270fcec85e6574974dffd0888 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Tue, 9 Feb 2021 08:08:04 -0500 Subject: [PATCH 28/34] Add use case to limitations --- proposals/wac-ucr/index.bs | 1 + 1 file changed, 1 insertion(+) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index adf7932c..f3e9ec92 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -1827,6 +1827,7 @@ does not satisfy the following use cases: * [[#capabilities-vc]] * [[#capabilities-link]] * [[#uc-minimalcredentials]] +* [[#uc-limituri]] Definitions {#definitions} ================================================================================ From 7745ae4b9d77699789232b576568095c32761342 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Fri, 12 Feb 2021 22:33:15 -0500 Subject: [PATCH 29/34] Add create and delete modes (#166) * Update requirements for create and delete modes * Update use cases with create / delete modes * "2.6.3. Minimal Credential Disclosure" does not assume that named individuals are authentiated. * minor grammatical fixes * very minor fix * fix links in UC-Survey * updated my answers in Survey given PR 166 * Minor grammar Co-authored-by: Ted Thibodeau Jr * Update proposals/wac-ucr/index.bs Co-authored-by: Ted Thibodeau Jr Co-authored-by: Henry Story Co-authored-by: Ted Thibodeau Jr --- proposals/wac-ucr/index.bs | 271 +++++++++++++++++++++------------ proposals/wac-ucr/uc-survey.md | 77 ++++++---- 2 files changed, 215 insertions(+), 133 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index f3e9ec92..69ccb359 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -75,7 +75,7 @@ fails to satisfy. Use Cases {#usecases} ================================================================================ -For the purposes of simplicity, the use cases herein assume that named +Unless stated otherwise, the use cases herein assume that named individuals (i.e. Alice, Bob, Carol, etc.) are already [=authenticated agents=], and their corresponding [=identities=] are known by the [=resource controller=] when they are granted access. @@ -310,10 +310,14 @@ Alice has a portfolio [=collection=] stored on her [=resource server=] at for. She provides access to the `portfolio` to potential employers as she moves through a job interview process. -The `portfolio` includes [=resources=] representing individual deliverables -she's produced throughout her career, along with [=collections=] of +The `portfolio` [=collection=] includes [=resources=] representing individual +deliverables she's produced throughout her career, along with [=collections=] of deliverables from larger scale projects that she's worked on. +The `portfolio` [=resource=] itself includes summary information about the +portfolio as a whole. For example, Alice details why she chose to include +the items together as a representation of her work. +
Alice's portfolio and opportunities [=collections=] at https://alice.example/
@@ -332,8 +336,9 @@ https://alice.example/ `portfolio/` [=Collection=] - Individual documents she's produced, and collections - of deliverables from projects she's worked on. + Resource includes summary information about the portfolio as a + whole. Member [=resources=] include individual documents she's produced, + and collections of deliverables from projects she's worked on. `-- document1` @@ -387,8 +392,8 @@ Alice has granted Carol, Oscar, and Frank [=read access=] to her `resume` which allows them to read its contents fully. Alice has also granted them [=read access=] to the `portfolio` [=collection=]. -She only wants them to see detail about the `portfolio` [=collection=] itself, -along with a listing of its contents, but not the contents of the +She only wants them to see summary detail about the `portfolio` [=collection=] +itself, along with a listing of its contents, but not the contents of the [=resources=] included in that [=collection=]. Alice wants to know which of them are really interested based on who asks her for @@ -404,22 +409,16 @@ more access to the contents of the resources in `portfolio`. ### Read-write access to a Collection ### {#collection-readwrite} -Alice worked with Milo in the past, where they produced a deliverable -(`document1`) that she has included in her `portfolio` [=collection=]. - -Alice realized that she doesn't have the most up-to-date version of `document1`, -and needs Milo to replace it. She gives Milo [=read access=] and -[=write access=] to the `portfolio` [=collection=] itself, which allows him -to see the -listing of its contents, as well as add and remove items from the -[=collection=]. - -He cannot read the contents of any of the [=resources=] included in the -[=collection=], but this is fine, since he knows the name of the [=resource=] -he's replacing. +Alice is revising the summary description of her `portfolio`, which is +stored in the [=resource=] for the `portfolio` [=collection=]. -Milo updates the contents of `document1` to the most recent version. +Milo is Alice's friend, and she enlists his help in reviewing and revising +her summary. +Alice gives Milo [=read access=] and [=write access=] to the `portfolio` +[=collection=] itself, which allows him read and modify the existing summary +in the `portfolio` [=resource=]. +
* [[#req-agent-identity]] @@ -428,19 +427,21 @@ Milo updates the contents of `document1` to the most recent version.
-### Read-append access to a Collection ### {#collection-readappend} +### Read-create access to a Collection ### {#collection-readcreate} -Alice worked with Bob in the past on a project, and she has included the -project deliverables she could find in the `project1` [=collection=]. She's -sure that she's missing some, and that Bob would have the missing items. +Alice worked with Bob in the past on a project, and she has added a +partial set of the final project deliverables into the `project1` +[=collection=]. She knows that Bob has the rest, and he agrees to provide +them. -Alice grants Bob [=read access=] and [=append access=] to the `project1` -[=collection=], which allows him to see the list of what is there, and add new -[=resources=] to it. +Alice grants Bob the following access on the `project1` [=collection=]: -He can't see the contents of the [=resources=], or remove anything in the -list. That's fine because he only needs to add the [=resources=] that aren't -included. +* [=Read access=] which allows him to see the summary detail of `project1` + stored in the `project` [=resource=] itself, as well as + a list of the [=resources=] in the [=collection=], which lets him confirm + whether his uploads are stored successfully. +* [=Create access=] on `project1`, which allows him to add new [=resources=] + to it.
@@ -450,7 +451,7 @@ included.
-### Read-append-write access to a Collection ### {#collection-readappendwrite} +### Read-create-delete access to a Collection ### {#collection-readcreatedelete} Note: Despite this section's focus on permissions specific to the collection resource itself, this use case also incorporates inherited read access to @@ -464,30 +465,32 @@ permissions: * [=Read access=] to the `comments` [=collection=] so they can list existing comments (including their own). -* Inherited [=read access=] to the `comments` [=collection=] +* Inherited [=read access=] to the [=resources=] in the `comments` [=collection=], so they can read the contents of existing comments (including their own). -* [=Append access=] to the `comments` [=collection=], which allows them to - add their own comments, but not change any that exist already. -* Ability to write (edit or delete) any resources in `comments` that they - have created themselves, but none created by anyone else. +* [=Create access=] to the `comments` [=collection=], which allows them to + add new comments, but not change any that exist already. +* Default permissions on new [=resources=] in `comments` that stipulate: + * [=Delete access=] for the creator of a [=resource=] - so they can delete + their own comments if they like, but no one else's.
* [[#req-agent-identity]] * [[#req-collection-read]] * [[#req-inheritance-readonly]] -* [[#req-collection-create]] * [[#req-collection-creator]] +* [[#req-collection-create]] +* [[#req-collection-delete]]
-### Append-only access to a Collection ### {#collection-appendonly} +### Create-only access to a Collection ### {#collection-createonly} Alice realizes it would be helpful if Carol, Oscar, and Frank could provide her with job opportunities that they think she would be a fit for at their respective organizations. -She provides them with [=append access=] to the `opportunities` +She provides them with [=create access=] to the `opportunities` [=collection=]. This allows each of them to add new [=resources=] to `opportunities`, without the ability to see the listing of other [=resources=] in the [=collection=], or modify them. This means that they can each add @@ -635,7 +638,7 @@ https://research.example/ Daily reading - `daily-analysis/` + `daily-summaries/` Collection Daily analysis for group research @@ -693,7 +696,7 @@ well as any that are added in the future.
-### Read-append access to collection resources ### {#inheritance-readappend} +### Read-create access to collection resources ### {#inheritance-readcreate} Every day, someone in the group is responsible for recording data from devices in the field, and storing those metrics in `daily-metrics`. @@ -705,8 +708,10 @@ the `research` [=authorization group=]: the [=collection=]. * Inherited [=read access=] so that they can read the contents of those [=resources=]. -* [=Append access=] so that they can add new readings. They cannot modify - readings after they are recorded. This provides confidence that readings +* [=Create access=] so that they can add new readings. They cannot modify + readings after they are recorded, because they do not have [=write access=], + and they cannot remove them, because they do not have [=delete access=]. + This provides confidence that readings are not manipulated after the fact.
@@ -718,7 +723,7 @@ the `research` [=authorization group=]:
-### Read-write access to collection resources ### {#inheritance-readwrite} +### Manage a hierarchy of collection resources ### {#inheritance-manage} The members of the `research` [=authorization group=] collaborate on a daily summary, where they analyze the day's field readings stored in @@ -728,24 +733,31 @@ Bob sets the following permissions on the `daily-summaries` [=collection=] for the `research` [=authorization group=]: * [=Read access=] so they can see the current list of [=resources=] in - the [=collection=]. -* [=Write access=] so they can change the contents and members of the - [=collection=] -* Inherited [=read access=] and [=write access=] so they can read the - contents of the summaries in the [=collection=], author new ones, - and update the contents together until they're satisfied with the results. + the `daily-summaries`. +* [=Create access=] so they can add new summary [=resources=] to `daily-summaries` +* [=Delete access=] so they can remove summary [=resources=] from `daily-summaries` +* Inherited [=read access=] so they can read the + contents of the summaries in the [=collection=] +* Inherited [=write access=] so they can modify their contents +* Inherited [=create access=] so they can add [=resources=] to any [=collections=] + that might be added to `daily-summaries` +* Inherited [=delete access=] so they can remove [=resources=] from any + [=collections=] that might be added to `daily-summaries`
* [[#req-agent-group]] * [[#req-collection-read]] -* [[#req-collection-write]] +* [[#req-collection-create]] +* [[#req-collection-delete]] * [[#req-inheritance-readonly]] * [[#req-inheritance-change]] +* [[#req-inheritance-create]] +* [[#req-inheritance-delete]]
-### Append-only access to collection resources ### {#inheritance-appendonly} +### Create-append access to collection resources ### {#inheritance-createappend} Bob purchases a new field device that is able to automatically push daily metric readings in `daily-metrics`. @@ -755,10 +767,10 @@ Bob gives the new field device the following permissions on the * [=Read access=] so it can access the list of resources in the collection * Inherited [=read access=] so it can read the contents of existing metric readings -* [=Append access=] so it can create a new daily metric resource if a member of +* [=Create access=] so it can create a new daily metric resource if a member of the `research` [=authorization group=] hasn't made one for that day yet. * Inherited [=append access=] so it can add metric readings to daily-metric - resource that already exists. + resources that already exist.
@@ -1019,12 +1031,14 @@ Erin is a research intern that will be assisting Felicia's team in processing and synthesizing data for the `Acme` trial. She will remain on the team until the end of her current academic term on June 30th, 2020. -Felicia has granted Erin inherited [=read access=] and [=write access=] to the -`measurements` [=collection=], which contains measurements for all trial +The `measurements` [=collection=] contains measurements for all trial participants, across all trials. -Felicia adds a time-based condition for Erin which states that her access to -`measurements` is only valid through June 30th, 2020. +Felicia has granted Erin [=read access=] to the `measurements` [=collection=], +and inherited [=read access=] and [=write access=] to the +[=resources=] in the `measurements` [=collection=]. Felicia adds a +time-based condition for Erin which states that this access +is only valid through June 30th, 2020. Erin will have no access to `measurements` after June 30th, 2020. @@ -1032,7 +1046,6 @@ Erin will have no access to `measurements` after June 30th, 2020. * [[#req-agent-identity]] * [[#req-collection-read]] -* [[#req-collection-write]] * [[#req-inheritance-readonly]] * [[#req-inheritance-change]] * [[#req-conditional-time]] @@ -1050,7 +1063,8 @@ measurements that have already been processed. * All measurements for the `Acme` trial are tagged with `Acme` * When a new measurement is processed, it is tagged as `processed` -Felicia authorizes Erin to have inherited [=read access=] and [=write access=] +Felicia authorizes Erin to have [=read access=] to the `measurements` +[=collection=], and inherited [=read access=] and [=write access=] to `measurements`, with a condition that the [=resources=] must: * **include** the `Acme` [=tag=] @@ -1085,7 +1099,8 @@ over time. When Felicia prepares a new report `/reports/report-1`, she authorizes only the senior research team members receiving the report to have inherited [=read -access=] to `measurements`, with a condition that a given measurement must be +access=] to [=resources=] in `measurements`, with a condition that a given +measurement must be related to `/reports/report-1` by an `ex:hasMeasurement` predicate for that access to be permitted. @@ -1220,15 +1235,32 @@ For example, to constrain Oscar's access to `https://oscar.example` to only cases where an application he trusts is involved: * Oscar **with the** `trusted-applications` [=authorization group=] has - [=read access=], [=write access=], [=read permission access=], - and [=write permission access=] to `https://oscar.example` + the following permissions on `https://oscar.example`: + * [=Read access=] so that he can read summary data for the + `https://oscar.example` [=resource=], and list its contents. Inherited + [=read access=] to all member resources so he can read and/or list their + contents. + * [=Write access=] so that he can change summary data for the + `https://oscar.example` [=resource=]. Inherited [=write access=] to + all member [=resources=] so he can change their contents. + * [=read permission access=] and [=write permission access=] so that + he can read and manage permissions. Inherited [=read permission access=] + and [=write permission access=] so that he can manage permissions + for all member resources. + * [=Create access=] and [=Delete access=] so that + he can add and remove resources. Inherited [=create access=] and + [=delete access=] so that he can add resources to member [=collections=] + and delete resources from them. Following that, per [[#inheritance-modifying]], he could extend this default for the `health` [=collection=] to include `healthapp`: * Oscar **with the** `trusted-applications` [=authorization group=] AND - `healthapp` has [=read access=], [=write access=], [=read permission access=], - and [=write permission access=] to the `health` [=collection=] + `healthapp` has [=read access=], [=write access=], [=create access=], + [=delete access=], [=read permission access=], + and [=write permission access=] to the `health` [=collection=], along + with corresponding inherited permissions for [=collection=] member + [=resources=].
@@ -1236,10 +1268,14 @@ for the `health` [=collection=] to include `healthapp`: * [[#req-application]] * [[#req-collection-read]] * [[#req-collection-write]] +* [[#req-collection-create]] +* [[#req-collection-delete]] * [[#req-collection-read-permissions]] * [[#req-collection-change-permissions]] * [[#req-inheritance-change]] * [[#req-inheritance-readonly]] +* [[#req-inheritance-create]] +* [[#req-inheritance-delete]] * [[#req-inheritance-read-permissions]] * [[#req-inheritance-change-permissions]] * [[#req-inheritance-modify]] @@ -1646,10 +1682,16 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#basic-appendonly]], [[#basic-readappend]]
+### The system shall limit the ability to delete a certain [=resource=]. ### {#req-delete} + +
+ Related use cases: [[#collection-readcreatedelete]] +
+ ### The system shall allow for access to a [=resource=] or [=collection=] to be limited to the [=agent=] that created it. ### {#req-creator}
- Related use cases: [[#collection-readappendwrite]] + Related use cases: [[#collection-readcreatedelete]]
### The system shall not rely on the URI path to identity [=resources=] or [=collections=] ### {#req-uripath} @@ -1660,30 +1702,36 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. ## Access to collections ## {#req-collections} -### The system shall allow the ability to read a certain [=collection=] to be limited, exposing only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-read} +### The system shall allow the ability to read a certain [=collection=] to be limited, exposing only the data from the [=collection=] resource itself, and a listing of its members, and excluding the contents of its members, or any metadata about them. ### {#req-collection-read}
Related use cases: [[#collection-readonly]], [[#collection-readwrite]], - [[#collection-readappend]], [[#collection-readappendwrite]] + [[#collection-readcreate]], [[#collection-readcreatedelete]]
-### The system shall allow the ability to change data specific to a certain [=collection=] to be limited, including only the data from the [=collection=] resource itself, and a listing of its members. ### {#req-collection-write} +### The system shall allow the ability to change data specific to a certain [=collection=] to be limited, including only the data from the [=collection=] resource itself, and excluding any additions or subtractions from its list of members. ### {#req-collection-write}
Related use cases: [[#collection-readwrite]] -
+
### The system shall allow the ability to create a [=resource=] in a certain [=collection=] to be limited.### {#req-collection-create}
- Related use cases: [[#collection-readwrite]], [[#collection-readappend]], - [[#collection-readappendwrite]] + Related use cases: [[#collection-readwrite]], [[#collection-readcreate]], + [[#collection-readcreatedelete]], [[#collection-createonly]] +
+ +### The system shall limit the ability to delete a [=resource=] in a certain [=collection=].### {#req-collection-delete} + +
+ Related use cases: [[#collection-readcreatedelete]]
-### The system shall allow for the creator of a [=resource=] or [=collection=] in a certain [=collection=] to be automatically granted access to the created [=resource=] or [=collection=].### {#req-collection-creator} +### The system shall allow for the creator of a [=resource=] in a certain [=collection=] to be automatically granted access to the created [=resource=].### {#req-collection-creator}
- Related use cases: [[#collection-readappendwrite]] + Related use cases: [[#collection-readcreatedelete]]
### The system shall allow the ability to read the access permissions associated with a certain [=collection=] to be limited.### {#req-collection-read-permissions} @@ -1693,7 +1741,7 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. [[#uc-historyofchanges]]
-### The system shall allow the ability to change the access permissions associated with a certain [=collection=] to be limited.### {#req-collection-change-permissions} +### The system shall allow the ability to change the access permissions directly associated with a certain [=collection=] to be limited.### {#req-collection-change-permissions}
Related use cases: [[#collection-control]] @@ -1706,56 +1754,62 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=].
Related use cases: [[#uc-inheritance]]
+ +### The system shall allow for a certain resource to be read if the [=agent=] has inherited [=read access=] from the parent [=collection=] the [=resource=] is a member of. ### {#req-inheritance-readonly} -### The system shall allow for the members of a certain [=collection=] to extend or augment the permissions inherited from that [=collection=].### {#req-inheritance-modify} +
+ Related use cases: [[#inheritance-readonly]] +
+ +### The system shall allow for a resource to be changed if the [=agent=] has inherited [=write access=] from the parent [=collection=] the [=resource=] is a member of. ### {#req-inheritance-change}
- Related use cases: [[#inheritance-adding]], [[#inheritance-modifying]] + Related use cases: [[#inheritance-manage]]
-### The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members and cannot be augmented. ### {#req-inheritance-force} +### The system shall allow for new data to be added to a [=resource=], without being able to change existing data in that [=resource=], if the [=agent=] has inherited [=append access=] from the parent [=collection=] the [=resource=] is a member of. ### {#req-inheritance-appendonly}
- Related use cases: [[#inheritance-forcing]] + Related use cases: [[#inheritance-createappend]]
-### The system shall allow for a certain resource to be read if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-readonly} - +### The system shall allow for new resources to be added to a given [=collection=] if the [=agent=] has inherited [=create access=] from the parent [=collection=] that the given [=collection=] is a member of. ### {#req-inheritance-create} +
- Related use cases: [[#inheritance-readonly]] + Related use cases: [[#inheritance-readcreate]]
- -### The system shall allow for a new resource to be created if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-create} + +### The system shall allow for resources to be deleted from a given [=collection=] if the [=agent=] has inherited [=delete access=] from the parent [=collection=] that the given [=collection=] is a member of. ### {#req-inheritance-delete}
- Related use cases: [[#inheritance-readappend]] + Related use cases: [[#collection-readcreatedelete]]
-### The system shall allow for the default permissions of a newly created [=resources=] to be inherited from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-default-permissions} +### The system shall allow for the members of a certain [=collection=] to extend or augment the permissions inherited from the parent [=collection=].### {#req-inheritance-modify}
- Related use cases: [[#inheritance-defaultcreated]], [[#inheritance-extended]] + Related use cases: [[#inheritance-adding]], [[#inheritance-modifying]]
- -### The system shall allow for a resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-change} + +### The system shall allow for a certain [=collection=] to specify access permissions that are inherited by its members and cannot be augmented. ### {#req-inheritance-force}
- Related use cases: [[#inheritance-readwrite]] + Related use cases: [[#inheritance-forcing]]
-### The system shall allow for new data to be added to a [=resource=], without being able to change existing data in that [=resource=], if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-appendonly} +### The system shall allow for the default permissions of a newly created [=resource=] to be inherited from the parent [=collection=] the [=resource=] is a member of. ### {#req-inheritance-default-permissions}
- Related use cases: [[#inheritance-appendonly]] + Related use cases: [[#inheritance-defaultcreated]], [[#inheritance-extended]]
-### The system shall allow for the access permissions associated with a certain resource to be read if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-read-permissions} +### The system shall allow for the access permissions directly associated with a certain resource to be read if the [=agent=] has inherited [=read permission access=] from the parent [=collection=] the [=resource=] is a member of. ### {#req-inheritance-read-permissions}
Related use cases: [[#inheritance-control]]
-### The system shall allow for the access permissions associated with a certain resource to be changed if the [=agent=] has inherited that permission from the [=collection=] the [=resource=] is a member of. ### {#req-inheritance-change-permissions} +### The system shall allow for the access permissions directly associated with a certain resource to be changed if the [=agent=] has inherited [=write permission access=] from the parent [=collection=] the [=resource=] is a member of. ### {#req-inheritance-change-permissions}
Related use cases: [[#inheritance-control]] @@ -1815,7 +1869,7 @@ does not satisfy the following use cases: * [[#inheritance-modifying]] * [[#inheritance-forcing]] * [[#inheritance-extended]] -* [[#collection-readappendwrite]] +* [[#collection-readcreatedelete]] * [[#conditional-time]] * [[#conditional-tag]] * [[#conditional-filter]] @@ -1880,14 +1934,31 @@ An access mode denotes a class of operations that an [=agent=] and/or [=application=] can perform on one or more [=resources=]. Read access is an [=access mode=] that allows [=agents=] and/or -[=applications=] the ability to read, but not modify a [=resources=]. +[=applications=] the ability to read, but not modify a [=resource=]. When +the [=resource=] is a [=collection=], this includes access to the list +of [=resources=] in that [=collection=], but does not include access to +their contents, or any metadata about them. Write access is an [=access mode=] that allows [=agents=] and/or -[=applications=] the ability to create, update, or delete a [=resource=]. +[=applications=] the ability to modify the contents of a [=resource=]. When +the resource is a [=collection=], the contents of the [=collection=] resource +itself can be modified, but [=create access=] and [=delete access=] are +required to create or delete [=resources=] from the [=collection=]. Append access is an [=access mode=] that allows [=agents=] and/or -[=applications=] to add data to a resource, but not modify any data that -already exists. +[=applications=] to add data to the contents of a resource, but not modify +any of the existing contents. When the resource is a [=collection=], the +contents of the [=collection=] resource +itself can be added to, but [=create access=] is required to add new +[=resources=] to the [=collection=]. + +Create access is an [=access mode=] that allows [=agents=] and/or +[=applications=] to add new [=resources=] to a given [=collection=]. + +Delete access is an [=access mode=] that allows [=agents=] and/or +[=applications=] to delete a [=resource=]. If the [=resource=] is a +[=collection=], it includes the ability to delete [=resources=] in that +collection. Read permission access is an [=access mode=] that allows [=agents=] and/or [=applications=] to view [=authorizations=] associated with a [=resource=]. diff --git a/proposals/wac-ucr/uc-survey.md b/proposals/wac-ucr/uc-survey.md index a59b8c5f..598b9381 100644 --- a/proposals/wac-ucr/uc-survey.md +++ b/proposals/wac-ucr/uc-survey.md @@ -22,7 +22,14 @@ Notes: ## Basic resource access -### Control access +### Change permissions +URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-change-permissions + +* +1 bblfish: public [si] [ai]. + +### Read permissions (was basic control?) +URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-read-permissions + URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-control * +1 justinwb: to the ability to read and write permissions on resources. public [ai]. private [ai]. @@ -35,6 +42,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-control * +1 dmitrizagidulin: public [si]. * +1 bblfish: public [si] [ai]. + ### Read-write access URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-write @@ -48,6 +56,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-write * +1 dmitrizagidulin: * +1 bblfish: public [si] [ai] (note: the resume example implies a PATCH mechanism for HTML, which needs to be identified, and taken on elsewhere. PATCH for RDF is specified and quite implementable (it involves SPARQL UPDATE)). + ### Read-append access URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend @@ -78,7 +87,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend-multi * +1 justinwb: * +1 elf-pavlik: -* +1 csarven: [d] such that agent A sends a notification about the recommendation to agent B's inbox ie. #collection-readappend , instead of updating a resource that references it. +* +1 csarven: [d] such that agent A sends a notification about the recommendation to agent B's inbox ie. #collection-readcreate , instead of updating a resource that references it. * +1 jaxoncreed: * +1 KaiGilb: graphMetrix * +1 hindia: @@ -177,7 +186,8 @@ This is an important aspect of onboarding and the growth os Solid. "Grant access only if the user consents to be added to a list for future contacting etc". * +1 bblfish: public [si] [ai]. -## Basic collection access +## Collection access +URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-collection ### Read-only access to a Collection URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readonly @@ -190,7 +200,8 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readonly * +1 KaiGilb: graphMetrix * +1 hindia: * +3 dmitrizagidulin: -* +1 bblfish: public [si] [ai]. (proviso: if the ldp:Container only contains ldp:contains links, and no other descriptive info, it would be difficult for people to know what the contents are to make up their minds about what they are interested in. See the Tor example where it would make no sense. Perhaps one needs to add that the container shows the title of the contents, and summary, and links to requests to see the contents. This would require something like an solid:InformativeContainer which shows such information and acts like an RSS Feed.) +* +1 bblfish: public [si] [ai]. (changes with PR 166 ok) + ### Read-write access to a Collection URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readwrite @@ -203,10 +214,10 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readwrite * +1 KaiGilb: graphMetrix * +1 hindia: * +1 dmitrizagidulin: (though I agree with @jaxoncreed that clarification is needed.) -* +0 bblfish: public [si] [ai]. (agree with jaxon. I also think one needs to distinguish between ability to add new resources the Container, and changes to the container itself. You may be happy to allow people to add to an ldp:Container but not to change the nature of the container, say from an ldp:BasicContainer to an ldp:IndirectContainer, as the latter container has speech act implications beyond the creation of the content. See my [chapter 2 of my 2nd year report](https://co-operating.systems/2019/04/01/). Yes, delete without read seems dubious and dangerous - in [RelBAC](https://github.com/solid/authorization-panel/issues/150) I think delete is a subproperty of write.). +* +0 bblfish: public [si] [ai]. (changes with PR 166 ok) -### Read-append access to a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readappend +### Read-create access to a Collection +URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readcreate * +1 justinwb: * +1 elf-pavlik: @@ -216,16 +227,16 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readappend * +1 hindia: * +0 dmitrizagidulin: The usefulness of this UC, as written, depends on resource names (filenames) being human-readable. -* +1 bblfish: public [si] [ai] (agree with Dmitry though I one could also allow new types of containers that act as RSS feeds, giving title and summaries of the contents therein). +* +1 bblfish: public [si] [ai] (changes with PR 166 ok) -### Read-append-write access to a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readappendwrite +### Read-create-delete access to a Collection +URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readcreatedelete * +1 justinwb: Being able to designate the creator of a resource with specific privileges in an append scenario on a container is extremely important to a number of collaborative scenarios. * +1 elf-pavlik: -* 0 csarven: Seems like duplicate of #collection-readwrite and #collection-readappend +* 0 csarven: Seems like duplicate of #collection-readwrite and #collection-readcreate * +1 jaxoncreed: * +3 timbl: * +1 KaiGilb: graphMetrix @@ -236,21 +247,21 @@ a number of collaborative scenarios. * +2 bblfish: public [si] [ai] -### Append-only access to a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-appendonly +### Create-only access to a Collection +URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-createonly * +1 justinwb: * +1 elf-pavlik: * +1 csarven: Wide use. Required for [ap] eg. creating annotations or notifications. [d]. * +1 jaxoncreed: -* +3 timbl: Append-only access allows you to implement the semantics of message passing. That is a crcuial building blcok for many systems, +* +3 timbl: Append-only access allows you to implement the semantics of message passing. That is a crucial building block for many systems, technical and social. We may been extra functionality to in some cases giuve people read-write access to a thing they have posted using append-only access. * +1 KaiGilb: graphMetrix * +1 hindia: * +3 dmitrizagidulin: * +2 bblfish: public [si] [ai] -### Control access to a Collection +### Manage permissions for a Collection URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-control * +1 justinwb: @@ -263,7 +274,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-control * +3 dmitrizagidulin: * +1 bblfish: public [si] [ai] -## Inheritance +## Collection resource inherited access ### Read-only access to collection of resources URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readonly @@ -276,12 +287,10 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readonly * +1 KaiGilb: graphMetrix * +1 hindia: * +3 dmitrizagidulin: -* +1 bblfish: public [si] [ai] (note: I find the phrase "research authorization group" unwieldy. Why should - one distinguish an authorization group, from any other group of agents? Any access control rule can - authorize any group to access resources) +* +1 bblfish: public [si] [ai] -### Read-append access to collection resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readappend +### Read-create access to collection resources +URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readcreate * +1 justinwb: * +1 elf-pavlik: @@ -293,12 +302,12 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readappend * +1 dmitrizagidulin: * +1 bblfish: public [si] [ai] -### Read-write access to collection resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readwrite +### Manage a hierarchy of collection resources +URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-manage * +1 justinwb: * +1 elf-pavlik: -* +1 csarven: Wide use. Required for [ap] - similar to #inheritance-readappend. [d]. +* +1 csarven: Wide use. Required for [ap] - similar to #inheritance-readcreate. [d]. * 0 jaxoncreed: I think this needs more clarification on what happens to nested collections. * +3 timbl: * +1 KaiGilb: graphMetrix @@ -306,8 +315,8 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readwrite * +3 dmitrizagidulin: * +1 bblfish: public [si] [ai] -### Append-only access to collection resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-appendonly +### Create-append access to collection resources +URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-createappend * +1 justinwb: * +1 elf-pavlik: @@ -319,7 +328,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-appendonly * +3 dmitrizagidulin: * +1 bblfish: public [si] [ai] -### Control access to collection resources +### Manage permissions for collection resources URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-control * +1 justinwb: @@ -355,7 +364,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-extended * +1 KaiGilb: graphMetrix * +1 hindia: * +1 dmitrizagidulin: -* +1 bblfish: public [si] [ai] (note: I don't understand the last paragraph: what is a "granular fashion"?) +* +1 bblfish: public [si] [ai] ### Adding new subjects to inherited permissions URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-adding @@ -456,7 +465,7 @@ case addresses that. * +1 KaiGilb: graphMetrix. This seems very important. Like only give certain doctor relations access to records. * +1 hindia: * +1 dmitrizagidulin: -* +1 bblfish: public [si] [ai] - agree with dmitri and justin +* +1 bblfish: public [si] [ai] - agree with justin ### Conditional access by filter URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-filter @@ -528,7 +537,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-client-constraints * KaiGilb: im a little unclear on this case * +1 hindia: * +1 dmitrizagidulin: -* -1 bblfish: this is better done on the client, where such information can be written out once, without needing to have control access to every resource on the web that the app could have access to. +* +1 bblfish: this needs to be done on the client, where such information can be written out once, without needing to have control access to every resource on the web that the app could have access to. I described this better in [Interop Panel Meeting 2021-02-02](https://github.com/solid/data-interoperability-panel/blob/master/meetings/2021-02-02.md). ### Application determining access privileges URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-client-determine-access-privileges @@ -578,6 +587,7 @@ get to VC in the next cycle. in a wallet spec or implementation guide. * +3 bblfish: public [si] [ai]: this is very much a requirement on the server not the client. Without it we cannot secure privacy for the client across pods, as clients would constantly have to present for each remote resource every ID it has, even when none are valid. * +0 csarven: "minimal" is unclear. Client to present only one credential? Least "sensitive" - what criteria? Exact/Close match (schema) of what's allowed? Good UC to support. Not essential for [ap]. I don't plan to implement it. +* +2 bblfish: [si] [ac] re: csarven, reasoning about credentials is difficult I agree, so there should be a library that does all that type of work. That is what the [Launcher App](https://github.com/solid/authorization-panel/blob/master/proposals/LauncherApp.md) or something like it is meant to do. ### Limit information disclosure through URI @@ -593,7 +603,7 @@ represents data. * +1 hindia: * +0 dmitrizagidulin: Doesn't belong in authorization, this should be in the server spec security/privacy considerations section. -* +3 bblfish: [si] [ai] This is essential to make sure that authorization is completely based on follow your nose principles, not on pattern matching URLs or other implicit assumptions. Having a Tor based Solid Server should make for excellent demos at security conferences, ie conferences where the audience we need to convince go. Putting a Solid Server behind Tor should not be a lot of work, neither should creating a UUID to Resource mapping. +* +3 bblfish: [si] [ai] This is essential to make sure that authorization is completely based on follow your nose principles, not on pattern matching URLs or other implicit assumptions. Having a Tor based Solid Server should make for excellent demos at security conferences, ie conferences where the audience we need to convince go. Putting a Solid Server behind Tor should not be a lot of work, neither should creating a UUID to Resource mapping. Note that I also defend the idea of [full use of relative URLs in Solid](https://github.com/solid/specification/issues/194) which I believe is compatible with this. ## Trust @@ -608,7 +618,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-trustedissuers * +1 hindia: * -0 dmitrizagidulin: Seems like a very specific use case (a special case of allowing access by group). -* +0 bblfish: agree with dmitri, but still useful. Door should be left open to it, and perhaps wait until the situation arises where people demand it. +* +0 bblfish: agree with dmitri, but still useful. This is actually a case of restrictions on issuers, which is the (nearly) the only thing TLS client certificate negotition allows. ### Block access to agents URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-blockagents @@ -632,6 +642,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-validation URL: https://solid.github.io/authorization-panel/wac-ucr/#group-membership-vc * 0 csarven: Some use but not essential for [ap]. I don't plan to implement it. +* +1 bblfish: This is actually quite advanced, but I think it can be done elegantly summarized in the meetings notes for [2021-01-27](https://github.com/solid/authorization-panel/blob/master/meetings/2021-01-27.md). ### Possession of a verifiable credential URL: https://solid.github.io/authorization-panel/wac-ucr/#capabilities-vc @@ -659,4 +670,4 @@ flows or one-time shares. * +1 KaiGilb: graphMetrix (maybe +1) * +1 hindia: love this too * +1 dmitrizagidulin: Essential for shares. -* +0 bblfish: interesting use case. This could be just that the resource is read/write to everyone? (+if needed making the URL obscure). Or is the server meant to detect a redirect? +* +0 bblfish: interesting use case. This could be just that the resource is read/write to everyone? (+if needed making the URL obscure). Or is the server meant to detect a redirect? If it requires the user to go through a user interface as done on Google according to Dmitri, then this may not be scalable. So it needs to be tied in with some machine readable system where the client auth app can automate some tasks when authorized by a users' policy. From 0cdbf3f7c328d347770a050a0d68c0bfe2cc3ea7 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 15 Feb 2021 13:18:29 -0500 Subject: [PATCH 30/34] Minor grammar change Co-authored-by: Ted Thibodeau Jr --- proposals/wac-ucr/index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 69ccb359..644c333c 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -76,7 +76,7 @@ Use Cases {#usecases} ================================================================================ Unless stated otherwise, the use cases herein assume that named -individuals (i.e. Alice, Bob, Carol, etc.) are already +individuals (e.g., Alice, Bob, Carol, etc.) are already [=authenticated agents=], and their corresponding [=identities=] are known by the [=resource controller=] when they are granted access. From ba0e3faa2ee6bca95b762c6d14655936d2234879 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 15 Feb 2021 13:19:09 -0500 Subject: [PATCH 31/34] Minor grammar change Co-authored-by: Ted Thibodeau Jr --- proposals/wac-ucr/index.bs | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/proposals/wac-ucr/index.bs b/proposals/wac-ucr/index.bs index 644c333c..079456a1 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/wac-ucr/index.bs @@ -429,10 +429,9 @@ in the `portfolio` [=resource=]. ### Read-create access to a Collection ### {#collection-readcreate} -Alice worked with Bob in the past on a project, and she has added a -partial set of the final project deliverables into the `project1` -[=collection=]. She knows that Bob has the rest, and he agrees to provide -them. +Alice worked with Bob on a past project, and she has added a partial set +of the final project deliverables to the `project1` [=collection=]. She +knows that Bob has the rest, and he agrees to provide them. Alice grants Bob the following access on the `project1` [=collection=]: From 30d51739c1a60050e02116689addda4fc05fa67e Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 15 Feb 2021 15:47:41 -0500 Subject: [PATCH 32/34] Generalize away from Web Access Control --- README.md | 4 +- .../{wac-ucr => authorization-ucr}/index.bs | 27 +++-- .../uc-survey.md | 102 +++++++++--------- 3 files changed, 66 insertions(+), 67 deletions(-) rename proposals/{wac-ucr => authorization-ucr}/index.bs (98%) rename proposals/{wac-ucr => authorization-ucr}/uc-survey.md (85%) diff --git a/README.md b/README.md index 1768ad78..d138bc74 100644 --- a/README.md +++ b/README.md @@ -20,6 +20,6 @@ to authorizing access to data in a Solid pod. The Authorization Panel is undertaking the following initiatives, in priority order: -1. Document use cases and requirements for authorization - [Source](https://github.com/solid/authorization-panel/blob/master/proposals/wac-ucr/index.bs) - [Rendered](https://solid.github.io/authorization-panel/wac-ucr/) -1. Produce normative draft text of the Web Access Control specification +1. Document use cases and requirements for authorization - [Source](https://github.com/solid/authorization-panel/blob/master/proposals/authorization-ucr/index.bs) - [Rendered](https://solid.github.io/authorization-panel/authorization-ucr/) +1. Produce an authorization system specification to satisfy [use cases and requirements](https://solid.github.io/authorization-panel/authorization-ucr/) 1. Produce and propose mechanism(s) for client constraints diff --git a/proposals/wac-ucr/index.bs b/proposals/authorization-ucr/index.bs similarity index 98% rename from proposals/wac-ucr/index.bs rename to proposals/authorization-ucr/index.bs index 079456a1..1a9ec186 100644 --- a/proposals/wac-ucr/index.bs +++ b/proposals/authorization-ucr/index.bs @@ -1,15 +1,15 @@ 
-Title: Use Cases and Requirements for Web Access Control
-Shortname: wac-ucr
+Title: Use Cases and Requirements for Authorization in Solid
+Shortname: authorization-ucr
 Level: 1
 Max ToC Depth: 2
 Status: w3c/ED
 Group: solid-cg
-URL: https://solid.github.io/authorization-panel/wac-ucr/
+URL: https://solid.github.io/authorization-panel/authorization-ucr/
 Editor: Solid Editorial Team
 Markup Shorthands: markdown yes
 Abstract:
-  Use Cases and Requirements for Web Access Control.
+  Use Cases and Requirements for Authorization in Solid.
@@ -64,13 +64,12 @@ Introduction {#intro} ================================================================================ The [[#usecases]] in this document represent real-world scenarios that -Web Access Control can and should support. The [[#requirements]] in this -document are derived from those use cases, and support the contents of the -next Web Access Control specification. +a Solid authorization system should support. The [[#requirements]] in this +document are derived from those use cases, and will inform and guide +the contents of a subsequent specification proposal. [[#limitations]] highlights the [[#usecases]] that -[Legacy Web Access Control](https://github.com/solid/web-access-control-spec) -fails to satisfy. +the current authorization system fails to satisfy. Use Cases {#usecases} ================================================================================ @@ -1509,7 +1508,7 @@ Juan likes to manage his [=authorizations=] manually. Every once in a while, Juan makes a typo, or accidentally saves the [=authorization=] in an incomplete state. -Juan runs into trouble on systems where the Web Access Control implementation +Juan runs into trouble on systems where the authorization system implementation doesn't properly validate, most often resulting in Juan getting locked out of the [=resource=] and needing administrator assistance to recover. @@ -1858,10 +1857,10 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#conditional-control]]
-Limitations of Legacy Web Access Control {#limitations} +Limitations of Web Access Control {#limitations} ================================================================================ -[Legacy Web Access Control](https://github.com/solid/web-access-control-spec) +[Web Access Control](https://github.com/solid/web-access-control-spec) does not satisfy the following use cases: * [[#inheritance-adding]] @@ -1885,8 +1884,8 @@ does not satisfy the following use cases: Definitions {#definitions} ================================================================================ -All definitions as stated below should be considered in the context of Web -Access Control, whether explicitly stated or not. +All definitions as stated below should be considered in the context of +an authorization system in Solid, whether explicitly stated or not. An agent is a distinct individual, group, organization, or piece of software with an [=identity=] that can be strongly authenticated. diff --git a/proposals/wac-ucr/uc-survey.md b/proposals/authorization-ucr/uc-survey.md similarity index 85% rename from proposals/wac-ucr/uc-survey.md rename to proposals/authorization-ucr/uc-survey.md index 598b9381..eddf93cc 100644 --- a/proposals/wac-ucr/uc-survey.md +++ b/proposals/authorization-ucr/uc-survey.md @@ -23,14 +23,14 @@ Notes: ## Basic resource access ### Change permissions -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-change-permissions +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-change-permissions * +1 bblfish: public [si] [ai]. ### Read permissions (was basic control?) -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-read-permissions +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-read-permissions -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-control +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-control * +1 justinwb: to the ability to read and write permissions on resources. public [ai]. private [ai]. * +1 elf-pavlik: @@ -44,7 +44,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-control ### Read-write access -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-write +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-write * +1 justinwb: * +1 elf-pavlik: @@ -58,7 +58,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-write ### Read-append access -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-readappend * +3 timbl: * +1 justinwb: @@ -71,7 +71,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend #### Alice stores Danielle's recommendation -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend-single-storage +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-readappend-single-storage * +1 justinwb: * +1 elf-pavlik: @@ -83,7 +83,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend-singl * +1 bblfish: public [si] [ai]. (note: again assumes RDF based Resumé) #### Danielle stores their own recommendation -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend-multi-storage +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-readappend-multi-storage * +1 justinwb: * +1 elf-pavlik: @@ -95,7 +95,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readappend-multi * +1 bblfish: public [si] [ai]. (note: for RDF based Resumes this make sense, not for HTML) ### Append-only access -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-appendonly +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-appendonly * +1 justinwb: * +1 elf-pavlik: @@ -110,7 +110,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-appendonly * +1 bblfish: public [si] [ai] )(note: resumé examples make sense for RDF based resumes. Or for append to a container (in which case the RDF can be signed). For RDF based resumes, append makes sense if the resumé is in Quad format, as that allows subgraphs to be signed. Otherwise linking makes more sense) ### Removing access -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-removing +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-removing * +1 justinwb: * +1 elf-pavlik: @@ -124,7 +124,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-removing ### Read-only access -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readonly +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-readonly * +1 justinwb: * +1 elf-pavlik: @@ -137,7 +137,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-readonly * +1 bblfish: public [si] [ai]. ### Group access -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-group +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-group * +1 justinwb: * +1 elf-pavlik: @@ -150,7 +150,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-group * +1 bblfish: public [si] [ai]. ### Public access -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-public +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-public * +1 justinwb: * +1 csarven: Wide use. Required for [ap]. [d]. @@ -162,7 +162,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-public * +1 bblfish: public [si] [ai]. ### Logged in access -URL: https://solid.github.io/authorization-panel/wac-ucr/#basic-authenticated +URL: https://solid.github.io/authorization-panel/authorization-ucr/#basic-authenticated * +0 justinwb: There's controversy over whether this can be valuable given the ability for anyone to spin up their own identity in a decentralized @@ -187,10 +187,10 @@ This is an important aspect of onboarding and the growth os Solid. * +1 bblfish: public [si] [ai]. ## Collection access -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-collection +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-collection ### Read-only access to a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readonly +URL: https://solid.github.io/authorization-panel/authorization-ucr/#collection-readonly * +1 justinwb: * +1 elf-pavlik: @@ -204,7 +204,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readonly ### Read-write access to a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readwrite +URL: https://solid.github.io/authorization-panel/authorization-ucr/#collection-readwrite * +1 justinwb: * +1 elf-pavlik: @@ -217,7 +217,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readwrite * +0 bblfish: public [si] [ai]. (changes with PR 166 ok) ### Read-create access to a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readcreate +URL: https://solid.github.io/authorization-panel/authorization-ucr/#collection-readcreate * +1 justinwb: * +1 elf-pavlik: @@ -230,7 +230,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readcreate * +1 bblfish: public [si] [ai] (changes with PR 166 ok) ### Read-create-delete access to a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-readcreatedelete +URL: https://solid.github.io/authorization-panel/authorization-ucr/#collection-readcreatedelete * +1 justinwb: Being able to designate the creator of a resource with specific privileges in an append scenario on a container is extremely important to @@ -248,7 +248,7 @@ a number of collaborative scenarios. ### Create-only access to a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-createonly +URL: https://solid.github.io/authorization-panel/authorization-ucr/#collection-createonly * +1 justinwb: * +1 elf-pavlik: @@ -262,7 +262,7 @@ technical and social. We may been extra functionality to in some cases giuve pe * +2 bblfish: public [si] [ai] ### Manage permissions for a Collection -URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-control +URL: https://solid.github.io/authorization-panel/authorization-ucr/#collection-control * +1 justinwb: * +1 elf-pavlik: @@ -277,7 +277,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#collection-control ## Collection resource inherited access ### Read-only access to collection of resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readonly +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-readonly * +1 justinwb: * +1 elf-pavlik: @@ -290,7 +290,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readonly * +1 bblfish: public [si] [ai] ### Read-create access to collection resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readcreate +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-readcreate * +1 justinwb: * +1 elf-pavlik: @@ -303,7 +303,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-readcreate * +1 bblfish: public [si] [ai] ### Manage a hierarchy of collection resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-manage +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-manage * +1 justinwb: * +1 elf-pavlik: @@ -316,7 +316,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-manage * +1 bblfish: public [si] [ai] ### Create-append access to collection resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-createappend +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-createappend * +1 justinwb: * +1 elf-pavlik: @@ -329,7 +329,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-createappe * +1 bblfish: public [si] [ai] ### Manage permissions for collection resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-control +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-control * +1 justinwb: * +1 elf-pavlik: @@ -342,7 +342,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-control * +1 bblfish: public [si] [ai] ### Default permissions on created resources -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-defaultcreated +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-defaultcreated * +1 justinwb: * +1 elf-pavlik: @@ -355,7 +355,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-defaultcre * +1 bblfish: public [si] [ai] ### Default permissions for extended network -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-extended +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-extended * +1 justinwb: * +1 elf-pavlik: @@ -367,7 +367,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-extended * +1 bblfish: public [si] [ai] ### Adding new subjects to inherited permissions -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-adding +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-adding * +1 justinwb: Without an extensible inheritance system, it is near impossible to do any permission management that doesn't require managing permissions @@ -382,7 +382,7 @@ above. * +1 bblfish: public [si] [ai] ### Modifying inherited permissions for existing subjects -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-modifying +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-modifying * +1 justinwb: Without an extensible inheritance system, it is near impossible to do any permission management that doesn't require managing permissions @@ -397,7 +397,7 @@ above. * +1 bblfish: public [si] [ai] (note: could be tricky to do right) ### Forcing inherited permissions -URL: https://solid.github.io/authorization-panel/wac-ucr/#inheritance-forcing +URL: https://solid.github.io/authorization-panel/authorization-ucr/#inheritance-forcing * +1 justinwb: Some permissions shouldn't be contradicted. For example, the administrator with full control access of a given storage (i.e. pod) @@ -415,7 +415,7 @@ inside. ## Conditional access ### Conditional access by time -URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-time +URL: https://solid.github.io/authorization-panel/authorization-ucr/#conditional-time * +1 justinwb: Setting timeouts can really come in handy, and is a good way to ensure that permissions meant to be short-lived don't hang around @@ -430,7 +430,7 @@ invitiation flows. * +1 bblfish: public [si] [ai] ### Conditional access by tag -URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-tag +URL: https://solid.github.io/authorization-panel/authorization-ucr/#conditional-tag * +1 justinwb: Noting that we haven't specified a tag-based system for data yet in solid, the ability to tag individual resources, or collections of @@ -448,7 +448,7 @@ photo albums in my media library to colleagues. * +1 bblfish: public [si] [ai] - agree with dmitri and justin ### Conditional access by relationship -URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-relationship +URL: https://solid.github.io/authorization-panel/authorization-ucr/#conditional-relationship * +1 justinwb: Cannot underscore how important this use case is to doing intuitive authorization on more complex data objects. We cannot rely on @@ -468,7 +468,7 @@ case addresses that. * +1 bblfish: public [si] [ai] - agree with justin ### Conditional access by filter -URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-filter +URL: https://solid.github.io/authorization-panel/authorization-ucr/#conditional-filter * +0 justinwb: This is important, but I think we can hit it in the next cycle. Ultimately, we need the manage access to data within the resource. There are @@ -482,7 +482,7 @@ some rational ways to do this using machinery we already have. * +0 bblfish: public [si] [ai] - agree with justinwb, there is already a lot on the plate. ### Conditional control boundaries -URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-control +URL: https://solid.github.io/authorization-panel/authorization-ucr/#conditional-control * +0 justinwb: * +1 elf-pavlik: @@ -494,7 +494,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-control * +0 bblfish: public [si] [ai] - this may be something for the next version, requires reasoning to do well ### Conditional access by action -URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-action +URL: https://solid.github.io/authorization-panel/authorization-ucr/#conditional-action * 0 justinwb: * +1 elf-pavlik: @@ -506,18 +506,18 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-action * +0 bblfish: public [si] [ai] - very nice feature, but may be for next version ### Conditional access by payment -URL: https://solid.github.io/authorization-panel/wac-ucr/#conditional-payment +URL: https://solid.github.io/authorization-panel/authorization-ucr/#conditional-payment * +0 csarven: Generally useful for [ap] in that it can handle server's response to client error eg. prompt user with "Payment Required". May [d]. * +0 Kai Gilb: graphMetrix. Sounds cool, but maybe it could be handled by other means integrating with pay wall etc. * +1 hindia: -* +0 dmitrizagidulin: The proof of payment could be handled by https://solid.github.io/authorization-panel/wac-ucr/#capabilities-vc +* +0 dmitrizagidulin: The proof of payment could be handled by https://solid.github.io/authorization-panel/authorization-ucr/#capabilities-vc * +0 bblfish: public [si] [ai] - may be able to research this, depending on funding. ## Permissioning Applications ### Limiting access to trusted applications -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-trusted-applications +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-trusted-applications * +1 justinwb: Limiting access to only specific applications, identified by AppID, with the caveat that the effectiveness is specifically when @@ -531,7 +531,7 @@ piloted scenarios) * -1 bblfish: This should be possible, but on the whole it would be better if this happned on the client side, by something like what was called [the launcher app](https://github.com/solid/authorization-panel/issues/45). The reason is that this works ok for the Oscar's own server, but not that well for every other server. A better use case would be one involving Oscar discovering that an App is badly written, and is creating havock, and wanting to limit it for that reason. This would also allow one to subscribe to some security service that would test apps and publish blacklists. ### Limiting application access while not acting as resource controller -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-client-constraints +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-client-constraints * 0 csarven: A bit of a low-level server-side plumbing. Unclear how an application (like [ap]) may want/need to set a policy as such. * KaiGilb: im a little unclear on this case @@ -540,7 +540,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-client-constraints * +1 bblfish: this needs to be done on the client, where such information can be written out once, without needing to have control access to every resource on the web that the app could have access to. I described this better in [Interop Panel Meeting 2021-02-02](https://github.com/solid/data-interoperability-panel/blob/master/meetings/2021-02-02.md). ### Application determining access privileges -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-client-determine-access-privileges +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-client-determine-access-privileges * +1 csarven: Required for [ap]. [d]. * +1 hindia: @@ -550,7 +550,7 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-client-determine-ac ## Privacy ### Limiting access to who else is permitted -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-whopermitted +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-whopermitted * +1 justinwb: Privacy in this context in paramount, unless the controller specifically wants the information to be divulged. @@ -563,7 +563,7 @@ specifically wants the information to be divulged. * +1 bblfish: public [si] [ai] ### Limiting access to other authorization conditions -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-historyofchanges +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-historyofchanges * +1 justinwb: Privacy in this context in paramount, unless the controller specifically wants the information to be divulged. @@ -576,7 +576,7 @@ specifically wants the information to be divulged. * 0 bblfish: A bit too vague. This may just be a case of making the filtering rules invisible to either user. Filtering is orthogonal to access control, and filters can themselves be access controlled. ### Minimal Credential Disclosure -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-minimalcredentials +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-minimalcredentials * +0 justinwb: This scenario is legitimate though I believe we'll likely get to VC in the next cycle. @@ -591,7 +591,7 @@ get to VC in the next cycle. ### Limit information disclosure through URI -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-limituri +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-limituri * 0 justinwb: I'm not positive this is a use case for the authorization system as much as how the resource server itself organizes and/or @@ -608,7 +608,7 @@ represents data. ## Trust ### Only trust certain issuers of identity -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-trustedissuers +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-trustedissuers * +0 justinwb: Makes the authenticated agent use case more reasonable to me * +1 elf-pavlik: @@ -621,14 +621,14 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-trustedissuers * +0 bblfish: agree with dmitri, but still useful. This is actually a case of restrictions on issuers, which is the (nearly) the only thing TLS client certificate negotition allows. ### Block access to agents -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-blockagents +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-blockagents * +1 dmitrizagidulin: Seems reasonable. * +1 csarven: Wide use re: support healthy community and debate. Useful for [ap]. May [d]. * +1 bblfish: public [si] [ai] ## Validation -URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-validation +URL: https://solid.github.io/authorization-panel/authorization-ucr/#uc-validation * +1 justinwb: This just seems like good engineering practice to me * 0 csarven: Not sure why this UC is here or what's expected of it other than making sure server only processes valid authorization policies and in its absence all access is denied. @@ -639,13 +639,13 @@ URL: https://solid.github.io/authorization-panel/wac-ucr/#uc-validation ## Capabilities ### Possession of a group membership verifiable credential -URL: https://solid.github.io/authorization-panel/wac-ucr/#group-membership-vc +URL: https://solid.github.io/authorization-panel/authorization-ucr/#group-membership-vc * 0 csarven: Some use but not essential for [ap]. I don't plan to implement it. * +1 bblfish: This is actually quite advanced, but I think it can be done elegantly summarized in the meetings notes for [2021-01-27](https://github.com/solid/authorization-panel/blob/master/meetings/2021-01-27.md). ### Possession of a verifiable credential -URL: https://solid.github.io/authorization-panel/wac-ucr/#capabilities-vc +URL: https://solid.github.io/authorization-panel/authorization-ucr/#capabilities-vc * +0 justinwb: Definitely seems to be a key part of the future of access control for us. @@ -660,7 +660,7 @@ control for us. * +1 bblfish: very important to keep in mind. May not be possible to get this through the first version, though I would like to try. ### Possession of a link -URL: https://solid.github.io/authorization-panel/wac-ucr/#capabilities-link +URL: https://solid.github.io/authorization-panel/authorization-ucr/#capabilities-link * +0 justinwb: Can be extremely beneficial in scenarios like invitation flows or one-time shares. From 7ad7ccb951e8444ad8618465f0bfb5424091ebfa Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Mon, 15 Feb 2021 16:01:37 -0500 Subject: [PATCH 33/34] expand scope of effective permissions req --- proposals/authorization-ucr/index.bs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/authorization-ucr/index.bs b/proposals/authorization-ucr/index.bs index 1a9ec186..35048410 100644 --- a/proposals/authorization-ucr/index.bs +++ b/proposals/authorization-ucr/index.bs @@ -1656,7 +1656,7 @@ or limiting access to a [=resource=] or [=collection=] by an [=agent=]. Related use cases: [[#basic-change-permissions]]
-### The system shall provide the effective access permission modes on a certain [=resource=] or [=collection=] as they relate to the [=agent=] making the request, in the request response. ### {#req-effective-modes} +### The system shall provide the effective access permissions on a certain [=resource=] or [=collection=] as they relate to the [=agent=] making the request, in the request response. ### {#req-effective-modes}
Related use cases: [[#uc-client-determine-access-privileges]] From 0185b4da4a38a15daeab7ee6dde730f6b409e530 Mon Sep 17 00:00:00 2001 From: Justin Bingham Date: Tue, 16 Feb 2021 13:39:42 -0500 Subject: [PATCH 34/34] Add vc and vc determine to extended network --- proposals/authorization-ucr/index.bs | 2 ++ 1 file changed, 2 insertions(+) diff --git a/proposals/authorization-ucr/index.bs b/proposals/authorization-ucr/index.bs index 35048410..084cc987 100644 --- a/proposals/authorization-ucr/index.bs +++ b/proposals/authorization-ucr/index.bs @@ -841,6 +841,8 @@ reviewed. * [[#req-inheritance-default-permissions]] * [[#req-agent-group]] +* [[#req-vc]] +* [[#req-vc-determine]] * [[#req-conditional-relationship]]