Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WAC-Allow's access-mode parameter to allow any term #82

Open
csarven opened this issue Jun 16, 2021 · 5 comments
Open

WAC-Allow's access-mode parameter to allow any term #82

csarven opened this issue Jun 16, 2021 · 5 comments
Assignees
@csarven

Comments

@csarven
Copy link
Member

csarven commented Jun 16, 2021

To enable a wider set of access modes that can be used in the WAC-Allow header field-value, the access-mode parameter should be relaxed to allow any term. WAC-Allow's current definition uses:

access-mode = "read" / "write" / "append" / "control"

Proposed change would allow any term:

access-mode = 1*ALPHA

where the terms are defined in their own spec eg. the WAC spec defines "read", "write", "append", "control" as clear mapping to the terms in the ACL ontology eg. "read" for acl:Read. When new access modes eg. acl:Create are defined and terms such as "create" are mapped to them in a spec, they can be used by implementations conforming to those specifications. (Unrecognised terms are strongly encouraged to be ignored.)

This change also makes it possible for other authorization systems using access modes to define and map terms in their respective specification. See also solid/specification#210 (comment)
@csarven csarven self-assigned this Jun 16, 2021
@timbl
Copy link

timbl commented Jul 14, 2021

I feel that if the WAC-Allow allowed strings are to be extended, then it is important that the meanings of the strings are defined. This is a standard protocol. If we need to add "delete" etc then let's define what "delete" does and does not mean. People write code which generates these things and looks at this header which does useful things. Leaving it as allowing random strings would be a mistake.

@timbl
Copy link

timbl commented Jul 14, 2021

It will be important to establish mappings between WAC and ACP modes. It is important to do that anyway. The existence of the universal API suggests that mapping is possible and important.

@csarven
Copy link
Member Author

csarven commented Jul 14, 2021
edited
Loading

Provided that we have consensus on the finite set of access modes that can be used by different authorization systems. See also Access Mode Extensions: #85

@csarven
Copy link
Member Author

csarven commented Jul 14, 2021
edited
Loading

If WAC-Allow is defined in the Solid Protocol ( solid/specification#277 (comment) ) as opposed to the WAC spec, then we can do two things:

  • Solid Protocol can define the WAC-Allow access mode strings to correspond to the operations in the Protocol (currently it includes read, write, append, but there is also one open issue to define it for delete... and we can have more eg. create, modify.. controlread..)
  • WAC spec maps the Access Modes from the ACL Ontology to the access mode strings in WAC-Allow. Ditto other authorization systems using different vocabs.

@matthieubosquet matthieubosquet mentioned this issue Jul 23, 2021
Open
2 tasks
@kjetilk
Copy link
Member

kjetilk commented Jul 26, 2021

I agree there should be a closed world here, and I think we can reasonably do this in the protocol spec so that it becomes independent of the access control system.

@csarven csarven mentioned this issue Sep 21, 2021
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@csarven csarven

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kjetilk @csarven @timbl