From dda08638c074f00c8e9be87a8bf06f313ab487d4 Mon Sep 17 00:00:00 2001 From: elf Pavlik Date: Wed, 24 Feb 2021 09:11:05 -0600 Subject: [PATCH 01/10] PoC evaluation table --- proposals/evaluation/index.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 proposals/evaluation/index.md diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md new file mode 100644 index 00000000..90183e64 --- /dev/null +++ b/proposals/evaluation/index.md @@ -0,0 +1,12 @@ +# Evaluation of proposals for Authorization + +| WAC | ACP | | +| --- | --- | --- | +| βœ… | βœ… | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | +| ❌ | πŸ”Έ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | +| πŸ”Έ | πŸ”Έ | [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) | +| πŸ”Έ | πŸ”Έ | [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) | +| πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | +| πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | +| πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | +| πŸ”Έ | πŸ”Έ | []() | From fb363ad553c34c2529fb51b54eec9025493e12db Mon Sep 17 00:00:00 2001 From: Henry Story Date: Wed, 24 Feb 2021 18:08:53 +0100 Subject: [PATCH 02/10] 3.1.2 Update From today's conversation it is clear that neither WAC as it is now, nor ACP as it is now can cover this use case. But WAC+ does have an answer proposed in https://github.com/solid/authorization-panel/issues/176 --- proposals/evaluation/index.md | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index 90183e64..2bdfb32a 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -1,12 +1,13 @@ # Evaluation of proposals for Authorization -| WAC | ACP | | -| --- | --- | --- | -| βœ… | βœ… | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | -| ❌ | πŸ”Έ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | -| πŸ”Έ | πŸ”Έ | [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) | -| πŸ”Έ | πŸ”Έ | [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) | -| πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | -| πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | -| πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | -| πŸ”Έ | πŸ”Έ | []() | +| WAC | WAC+ | ACP | | +| --- | --- | --- |--- | +| βœ… | βœ… | βœ… | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | +| ❌ | βœ… | ❌ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | From 766a01f0dd2d3e649b6d7b950792d9e53fb3a872 Mon Sep 17 00:00:00 2001 From: Henry Story Date: Fri, 26 Feb 2021 03:11:55 +0100 Subject: [PATCH 03/10] add column for warrants for the claims --- proposals/evaluation/index.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index 2bdfb32a..fd7b056e 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -1,13 +1,13 @@ # Evaluation of proposals for Authorization -| WAC | WAC+ | ACP | | -| --- | --- | --- |--- | -| βœ… | βœ… | βœ… | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | -| ❌ | βœ… | ❌ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | +| WAC | WAC+ | ACP | Requirement | warrant | +| --- | --- | --- |--- | --- | +| βœ… | βœ… | βœ… | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | [WAC: 1. in [issue 176](https://github.com/solid/authorization-panel/issues/176). | +| ❌ | βœ… | ❌ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | [WAC+: 2. in [issue 176](https://github.com/solid/authorization-panel/issues/176). | | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) | | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) | | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | | From b86c2375a766d4ed81651ce825eec165bfd119b9 Mon Sep 17 00:00:00 2001 From: Henry Story Date: Fri, 26 Feb 2021 03:13:54 +0100 Subject: [PATCH 04/10] fix typos --- proposals/evaluation/index.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index fd7b056e..b3cc88d1 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -1,9 +1,9 @@ # Evaluation of proposals for Authorization -| WAC | WAC+ | ACP | Requirement | warrant | -| --- | --- | --- |--- | --- | -| βœ… | βœ… | βœ… | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | [WAC: 1. in [issue 176](https://github.com/solid/authorization-panel/issues/176). | -| ❌ | βœ… | ❌ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | [WAC+: 2. in [issue 176](https://github.com/solid/authorization-panel/issues/176). | | +| WAC | WAC+ | ACP | Requirement | Warrant | +| --- | --- | --- | --- | --- | +| βœ… | βœ… | βœ… | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | WAC: 1. in [issue 176](https://github.com/solid/authorization-panel/issues/176). | +| ❌ | βœ… | ❌ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | WAC+: 2. in [issue 176](https://github.com/solid/authorization-panel/issues/176). | | | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) | | | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) | | | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | | From c1e607441a73c33f137555d55bc24ef3e81a3228 Mon Sep 17 00:00:00 2001 From: Henry Story Date: Fri, 12 Mar 2021 18:20:41 +0100 Subject: [PATCH 05/10] WAC+ has a way to allow ACLs to be read This allows clients to find out what credentials to present. --- proposals/evaluation/index.md | 1 + 1 file changed, 1 insertion(+) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index b3cc88d1..a2d295d5 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -10,4 +10,5 @@ | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | | | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | | | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | | +| πŸ”Έ | βœ… | πŸ”Έ | [3.2.2. The system shall ensure that there are practical and efficient mechanism available for the client to determine an appropriate credential to present for access to a given resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine) | [issue 189: ACLs on ACLs for WAC](https://github.com/solid/authorization-panel/issues/189) | | πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | | From e20f86aaea596c9ce6ffbfed0f146dfa4dc0f3e1 Mon Sep 17 00:00:00 2001 From: Henry Story Date: Wed, 17 Mar 2021 11:41:17 +0100 Subject: [PATCH 06/10] Update proposals/evaluation/index.md good idea. Co-authored-by: Matthieu Bosquet --- proposals/evaluation/index.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index a2d295d5..65835e3d 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -12,3 +12,7 @@ | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | | | πŸ”Έ | βœ… | πŸ”Έ | [3.2.2. The system shall ensure that there are practical and efficient mechanism available for the client to determine an appropriate credential to present for access to a given resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine) | [issue 189: ACLs on ACLs for WAC](https://github.com/solid/authorization-panel/issues/189) | | πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | | + +βœ… Requirement is fulfilled +❌ Requirement is no met +πŸ”Έ Status of requirement to be determined From ac014abe2c6c56883d15fcc76dbd8d80db67c589 Mon Sep 17 00:00:00 2001 From: Matthieu Bosquet Date: Wed, 17 Mar 2021 14:22:23 +0000 Subject: [PATCH 07/10] Update proposals/evaluation/index.md Co-authored-by: Ted Thibodeau Jr --- proposals/evaluation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index 65835e3d..88b788a1 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -15,4 +15,4 @@ βœ… Requirement is fulfilled ❌ Requirement is no met -πŸ”Έ Status of requirement to be determined +πŸ”Έ Status of requirement fulfillment to be determined From ba23d0f1ebbc91b3f0c41306f44fd9cb84148615 Mon Sep 17 00:00:00 2001 From: Matthieu Bosquet Date: Wed, 17 Mar 2021 14:22:42 +0000 Subject: [PATCH 08/10] Update proposals/evaluation/index.md Co-authored-by: Ted Thibodeau Jr --- proposals/evaluation/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index 88b788a1..a303ebc6 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -14,5 +14,5 @@ | πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | | βœ… Requirement is fulfilled -❌ Requirement is no met +❌ Requirement is not fulfilled πŸ”Έ Status of requirement fulfillment to be determined From e37b38fd4116b1b79fd19a227ac49f0be1318893 Mon Sep 17 00:00:00 2001 From: elf Pavlik Date: Thu, 18 Mar 2021 09:15:41 -0600 Subject: [PATCH 09/10] move last column to footnotes --- proposals/evaluation/index.md | 74 +++++++++++++++++++++++++++-------- 1 file changed, 58 insertions(+), 16 deletions(-) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index a303ebc6..94e8e05f 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -1,18 +1,60 @@ # Evaluation of proposals for Authorization -| WAC | WAC+ | ACP | Requirement | Warrant | -| --- | --- | --- | --- | --- | -| βœ… | βœ… | βœ… | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | WAC: 1. in [issue 176](https://github.com/solid/authorization-panel/issues/176). | -| ❌ | βœ… | ❌ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | WAC+: 2. in [issue 176](https://github.com/solid/authorization-panel/issues/176). | | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) | | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) | | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | | -| πŸ”Έ | βœ… | πŸ”Έ | [3.2.2. The system shall ensure that there are practical and efficient mechanism available for the client to determine an appropriate credential to present for access to a given resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine) | [issue 189: ACLs on ACLs for WAC](https://github.com/solid/authorization-panel/issues/189) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | | - -βœ… Requirement is fulfilled -❌ Requirement is not fulfilled -πŸ”Έ Status of requirement fulfillment to be determined +* βœ… Requirement is fulfilled +* ❌ Requirement is not fulfilled +* πŸ”Έ Status of requirement fulfillment to be determined + +| WAC | WAC+ | ACP | Requirement | +| --- | --- | --- | --- | +| πŸ”Έ [w1.1]| πŸ”Έ | πŸ”Έ | [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) | +| πŸ”Έ | πŸ”Έ [p1.2] | πŸ”Έ | [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | +| πŸ”Έ | πŸ”Έ [p2.2] | πŸ”Έ | [3.2.2. The system shall ensure that there are practical and efficient mechanism available for the client to determine an appropriate credential to present for access to a given resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | + +## Notes + +### [3.1.1. The system shall allow access to be limited based on the identity of the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-identity) + +#### 3.1.1 WAC +[w1.1]:#311-wac + +https://github.com/solid/authorization-panel/issues/176 + +### [3.1.2. The system shall allow access to be limited based on the identity of the agent, only when that identity is issued by a trusted identity provider.](https://solid.github.io/authorization-panel/authorization-ucr/#req-trusted-identity) + +#### 3.1.2 WAC+ +[p1.2]:#312-wac + +https://github.com/solid/authorization-panel/issues/176 + + +### [3.1.3. The system shall allow access to be limited to an agent based on the agent’s membership in a certain group of agents.](https://solid.github.io/authorization-panel/authorization-ucr/#req-agent-group) + + +### [3.1.4. The system shall allow access to be limited to an agent based on the client application in use by the agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-application) + +### [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) + +### [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) + +### [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) + +### [3.2.2. The system shall ensure that there are practical and efficient mechanism available for the client to determine an appropriate credential to present for access to a given resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine) + +#### 3.2.2 WAC+ +[p2.2]:#322-wac + +[issue 189: ACLs on ACLs for WAC](https://github.com/solid/authorization-panel/issues/189) + + + + + + + + From fb6f01ab020b9ee7730cf48cf18bf201ebff7f66 Mon Sep 17 00:00:00 2001 From: elf Pavlik Date: Thu, 18 Mar 2021 10:21:11 -0600 Subject: [PATCH 10/10] complete list of requirements --- proposals/evaluation/index.md | 98 ++++++++++++++++++++++++++++++++++- 1 file changed, 97 insertions(+), 1 deletion(-) diff --git a/proposals/evaluation/index.md b/proposals/evaluation/index.md index 94e8e05f..c84a77ee 100644 --- a/proposals/evaluation/index.md +++ b/proposals/evaluation/index.md @@ -13,8 +13,42 @@ | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.5. The system shall allow an agent to limit modes and/or conditions of access for a given client application in their use for a resource or collection that they have been granted access to.](https://solid.github.io/authorization-panel/authorization-ucr/#req-client-constrained) | | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.6. The system shall allow access to be permitted for any unauthenticated or authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-public) | | πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.2.1. The system shall allow access to be limited to an agent based on the agent’s possession of a certain verifiable credential or capability.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc) | | πŸ”Έ | πŸ”Έ [p2.2] | πŸ”Έ | [3.2.2. The system shall ensure that there are practical and efficient mechanism available for the client to determine an appropriate credential to present for access to a given resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine) | -| πŸ”Έ | πŸ”Έ | πŸ”Έ | []() | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.1. The system shall allow the ability to read the access permissions associated with a certain resource to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-read-permissions) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.2. The system shall allow the ability to change the access permissions associated with a certain resource to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-change-permissions) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.3. The system shall provide the effective access permissions on a certain resource or collection as they relate to the agent making the request, in the request response.](https://solid.github.io/authorization-panel/authorization-ucr/#req-effective-modes) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.4. The system shall allow the ability to read a certain resource to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-read) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.5. The system shall allow the ability to change any of the existing contents of a certain resource to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-write) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.6. The system shall allow the ability to change existing data in a certain resource to be limited, such that only new data can be added to it.](https://solid.github.io/authorization-panel/authorization-ucr/#req-append) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.7. The system shall limit the ability to delete a certain resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-delete) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.8. The system shall allow for access to a resource or collection to be limited to the agent that created it.](https://solid.github.io/authorization-panel/authorization-ucr/#req-creator) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.3.9. The system shall not rely on the URI path to identity resources or collections](https://solid.github.io/authorization-panel/authorization-ucr/#req-uripath) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.4.1. The system shall allow the ability to read a certain collection to be limited, exposing only the data from the collection resource itself, and a listing of its members, and excluding the contents of its members, or any metadata about them.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-read) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.4.2. The system shall allow the ability to change data specific to a certain collection to be limited, including only the data from the collection resource itself, and excluding any additions or subtractions from its list of members.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-write) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.4.3. The system shall allow the ability to create a resource in a certain collection to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-create) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.4.4. The system shall limit the ability to delete a resource in a certain collection.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-delete) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.4.5. The system shall allow for the creator of a resource in a certain collection to be automatically granted access to the created resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-creator) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.4.6. The system shall allow the ability to read the access permissions associated with a certain collection to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-read-permissions) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.4.7. The system shall allow the ability to change the access permissions directly associated with a certain collection to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-change-permissions) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.1. The system shall allow for a certain collection to specify access permissions that are inherited by its members.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-inheritance) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.2. The system shall allow for a certain resource to be read if the agent has inherited read access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-readonly) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.3. The system shall allow for a resource to be changed if the agent has inherited write access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-change) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.4. The system shall allow for new data to be added to a resource, without being able to change existing data in that resource, if the agent has inherited append access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-appendonly) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.5. The system shall allow for new resources to be added to a given collection if the agent has inherited create access from the parent collection that the given collection is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-create) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.6. The system shall allow for resources to be deleted from a given collection if the agent has inherited delete access from the parent collection that the given collection is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-delete) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.7. The system shall allow for the members of a certain collection to extend or augment the permissions inherited from the parent collection.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-modify) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.8. The system shall allow for a certain collection to specify access permissions that are inherited by its members and cannot be augmented.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-force) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.9. The system shall allow for the default permissions of a newly created resource to be inherited from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-default-permissions) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.10. The system shall allow for the access permissions directly associated with a certain resource to be read if the agent has inherited read permission access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-read-permissions) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.5.11. The system shall allow for the access permissions directly associated with a certain resource to be changed if the agent has inherited write permission access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-change-permissions) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.6.1. The system shall allow the ability to limit access to a certain resource by a given start and/or end data and time.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-time) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.6.2. The system shall allow the ability to limit access to a certain resource by a tag associated with that resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-tag) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.6.3. The system shall allow the ability to limit access to a certain resource based on the existence of a specific relationship with another resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-relationship) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.6.4. The system shall allow access to be limited to only a subset of data in a certain resource based on supplied filter criteria.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-filter) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.6.5. The system shall allow the access modes and/or conditions of a given access permission for a certain resource or collection to change after other specified conditions have been satisfied.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-action) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.6.6. The system shall allow the ability to read, create, or change only those access permissions for a given resource or collection that apply to a specified group of agents to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-control) | +| πŸ”Έ | πŸ”Έ | πŸ”Έ | [3.6.7. The system shall allow the ability to read, create, or change access permissions for resources associated with a particular tag to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-control-tag) | ## Notes @@ -44,6 +78,8 @@ https://github.com/solid/authorization-panel/issues/176 ### [3.1.7. The system shall allow access to be limited to any authenticated agent.](https://solid.github.io/authorization-panel/authorization-ucr/#req-authenticated) +### [3.2.1. The system shall allow access to be limited to an agent based on the agent’s possession of a certain verifiable credential or capability.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc) + ### [3.2.2. The system shall ensure that there are practical and efficient mechanism available for the client to determine an appropriate credential to present for access to a given resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-vc-determine) #### 3.2.2 WAC+ @@ -51,10 +87,70 @@ https://github.com/solid/authorization-panel/issues/176 [issue 189: ACLs on ACLs for WAC](https://github.com/solid/authorization-panel/issues/189) +### [3.3.1. The system shall allow the ability to read the access permissions associated with a certain resource to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-read-permissions) + +### [3.3.2. The system shall allow the ability to change the access permissions associated with a certain resource to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-change-permissions) + +### [3.3.3. The system shall provide the effective access permissions on a certain resource or collection as they relate to the agent making the request, in the request response.](https://solid.github.io/authorization-panel/authorization-ucr/#req-effective-modes) + +### [3.3.4. The system shall allow the ability to read a certain resource to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-read) + +### [3.3.5. The system shall allow the ability to change any of the existing contents of a certain resource to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-write) + +### [3.3.6. The system shall allow the ability to change existing data in a certain resource to be limited, such that only new data can be added to it.](https://solid.github.io/authorization-panel/authorization-ucr/#req-append) + +### [3.3.7. The system shall limit the ability to delete a certain resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-delete) + +### [3.3.8. The system shall allow for access to a resource or collection to be limited to the agent that created it.](https://solid.github.io/authorization-panel/authorization-ucr/#req-creator) + +### [3.3.9. The system shall not rely on the URI path to identity resources or collections](https://solid.github.io/authorization-panel/authorization-ucr/#req-uripath) + +### [3.4.1. The system shall allow the ability to read a certain collection to be limited, exposing only the data from the collection resource itself, and a listing of its members, and excluding the contents of its members, or any metadata about them.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-read) + +### [3.4.2. The system shall allow the ability to change data specific to a certain collection to be limited, including only the data from the collection resource itself, and excluding any additions or subtractions from its list of members.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-write) + +### [3.4.3. The system shall allow the ability to create a resource in a certain collection to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-create) + +### [3.4.4. The system shall limit the ability to delete a resource in a certain collection.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-delete) + +### [3.4.5. The system shall allow for the creator of a resource in a certain collection to be automatically granted access to the created resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-creator) + +### [3.4.6. The system shall allow the ability to read the access permissions associated with a certain collection to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-read-permissions) + +### [3.4.7. The system shall allow the ability to change the access permissions directly associated with a certain collection to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-change-permissions) + +### [3.5.1. The system shall allow for a certain collection to specify access permissions that are inherited by its members.](https://solid.github.io/authorization-panel/authorization-ucr/#req-collection-inheritance) + +### [3.5.2. The system shall allow for a certain resource to be read if the agent has inherited read access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-readonly) + +### [3.5.3. The system shall allow for a resource to be changed if the agent has inherited write access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-change) + +### [3.5.4. The system shall allow for new data to be added to a resource, without being able to change existing data in that resource, if the agent has inherited append access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-appendonly) + +### [3.5.5. The system shall allow for new resources to be added to a given collection if the agent has inherited create access from the parent collection that the given collection is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-create) + +### [3.5.6. The system shall allow for resources to be deleted from a given collection if the agent has inherited delete access from the parent collection that the given collection is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-delete) + +### [3.5.7. The system shall allow for the members of a certain collection to extend or augment the permissions inherited from the parent collection.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-modify) + +### [3.5.8. The system shall allow for a certain collection to specify access permissions that are inherited by its members and cannot be augmented.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-force) + +### [3.5.9. The system shall allow for the default permissions of a newly created resource to be inherited from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-default-permissions) + +### [3.5.10. The system shall allow for the access permissions directly associated with a certain resource to be read if the agent has inherited read permission access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-read-permissions) + +### [3.5.11. The system shall allow for the access permissions directly associated with a certain resource to be changed if the agent has inherited write permission access from the parent collection the resource is a member of.](https://solid.github.io/authorization-panel/authorization-ucr/#req-inheritance-change-permissions) +### [3.6.1. The system shall allow the ability to limit access to a certain resource by a given start and/or end data and time.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-time) +### [3.6.2. The system shall allow the ability to limit access to a certain resource by a tag associated with that resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-tag) +### [3.6.3. The system shall allow the ability to limit access to a certain resource based on the existence of a specific relationship with another resource.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-relationship) +### [3.6.4. The system shall allow access to be limited to only a subset of data in a certain resource based on supplied filter criteria.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-filter) +### [3.6.5. The system shall allow the access modes and/or conditions of a given access permission for a certain resource or collection to change after other specified conditions have been satisfied.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-action) +### [3.6.6. The system shall allow the ability to read, create, or change only those access permissions for a given resource or collection that apply to a specified group of agents to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-control) +### [3.6.7. The system shall allow the ability to read, create, or change access permissions for resources associated with a particular tag to be limited.](https://solid.github.io/authorization-panel/authorization-ucr/#req-conditional-control-tag)