diff --git a/README.md b/README.md index 01db2db..f1827a5 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ the ACL resource in the above example would be `/docs/.acl`). Clients MUST NOT assume that the location of an ACL resource can be deterministically derived from a document's URL. For example, given a document with a URL of `/docs/file1`, clients cannot rely on the assumption that an ACL -resource exists at `/docs/file1.acl`, simply using `.acl` as a prefix. The +resource exists at `/docs/file1.acl`, simply using `.acl` as a suffix. The actual naming convention for ACL resources can differ for each individual implementation (or even for each individual server). If one server locates the ACL resource by appending the suffix `.acl`, another server could place the ACL @@ -301,7 +301,7 @@ the following issues: for group ACLs are public. Possible future methods for a server to find out whether a given agent is a -member of s group are a matter for future research and possible addition here. +member of a group are a matter for future research and possible addition here. ### Public Access (All Agents) @@ -368,24 +368,24 @@ All scripts running on the same origin are assumed to be run by the same social entity, and so trusted to the same extent. *When an Origin header is present then BOTH the authenticated agent AND -the origin MUST be allowed access* +the origin MUST be allowed access.* - As both the user and the web app get to read or write (etc) the data, then they most BOTH - be trusted. This is the algorithm the server must go through. +As both the user and the web app get to read or write (etc) the data, then they must BOTH +be trusted. This is the algorithm the server must go through. - - If the requested mode is available to the public, then succeed `200 OK` with added CORS headers ACAO and ACAH ** - - If the user is *not* logged on, then fail `401 Unauthenticated` - - Is the User authenticated is *not* allowed access required, AND the class AuthenticatedAgent is not allowed access, then fail `403 User Unauthorized` - - If the Origin header is not present, the succeed `200 OK` - - If the Origin is allowed by the ACL, then succeed `200 OK` with added CORS headers ACAO and ACAH - - (In future proposed) Look up the owner's webid(s) to check for trusted apps declared there, and if match, succeed `200 OK` with added CORS headers ACAO and ACAH - - Fail `403 Origin Unauthorized` + - If the requested mode is available to the public, then succeed `200 OK` with added CORS headers ACAO and ACAH. ** + - If the user is *not* logged on, then fail `401 Unauthenticated`. + - If the authenticated user is *not* allowed access, AND the class AuthenticatedAgent is not allowed access, then fail `403 User Unauthorized`. + - If the Origin header is not present, then succeed `200 OK`. + - If the Origin is allowed by the ACL, then succeed `200 OK` with added CORS headers ACAO and ACAH. + - (In future proposed) Look up the owner's webid(s) to check for trusted apps declared there, and if match, succeed `200 OK` with added CORS headers ACAO and ACAH. + - Fail `403 Origin Unauthorized`. - Note it is a really good idea to make it clear both in the text of the status message and in the body of - the message the difference between the user not being allowed and the web app they are using - not being trusted. +Note it is a really good idea to make it clear both in the text of the status message and in the body of +the message the difference between the user not being allowed and the web app they are using +not being trusted. - ** Possible future alternative: Set ACAO header to `"*"` indicating that the document is public. This will though block in the browser any access made using credentials. +** Possible future alternative: Set ACAO header to `"*"` indicating that the document is public. This will though block in the browser any access made using credentials. #### Adding trusted web apps. @@ -439,7 +439,7 @@ Since an ACL resource is a plain Web document in itself, what controls who has access to *it*? While an ACL resource *could* in theory have its own corresponding ACL document (for example, `file1.acl` controls access to `file1`, and `file1.acl.acl` could potentially control access to `file1.acl`), one -quickly realizes thats this recursion has to end somewhere. +quickly realizes that this recursion has to end somewhere. Instead, the [`acl:Control` access mode](#aclcontrol) is used (see below), to specify who has access to alter (or even view) the ACL resource.