acl:accessTo and rel="acl"

[elf-pavlik]

Could acl:accessTo become optional for authorizations? This would allow reuse of permission sets. A document could reference any permission set with rel="acl" and all the authorizations which don't have explicit acl:accessTo would apply to the document which referenced it with rel="acl". Authorizations with statements using acl:accessTo would only apply to resources used as object in those statements, it could come helpful for adding authorizations on ACL resource itself.

For example

HEAD /profile HTTP/1.1
Host: dataset.alice.example

HTTP/1.1 200 OK
Link: </acl/public-read>; rel="acl"

# Contents of https://dataset.alice.example/acl/public-read
@prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .

<#owner>
    a acl:Authorization;
    acl:agent <https://alice.example/>;  # Alice's WebID
    acl:mode
        acl:Read, acl:Write, acl:Control.
<#others>
    a acl:Authorization;
    acl:agentClass foaf:Agent;  # Alice's WebID
    acl:mode
        acl:Read .

dataset.alice.example would apply two authorizations above to any document which it serves with Link: </acl/public-read>; rel="acl"

[csarven]

Closing this issue as consensus is deemed to be captured in WAC Editor's Draft: https://solid.github.io/web-access-control-spec/ . See #acl-resource-discovery #authorization-conformance #authorization-matching . Servers may associate an ACL resource with different resources but an Authorization must include accessTo.