web-access-control-spec
web-access-control-spec copied to clipboard
solid
Web Access Control (WAC)
To enable a wider set of access modes that can be used in the `WAC-Allow` header field-value, the `access-mode` parameter should be relaxed to allow any term. `WAC-Allow`'s current definition...
As a continuation of https://github.com/solid/solid-spec/issues/134, we might want to make it explicit in this spec that the server should check the default resource's ACL. Examples: 1) If serving index.html for...
## On proposal WAC ## Details If a server receives a request for `/&foo`, it might become normalized into `/%26foo`. Should the ACL document refer to `/&foo`, `/%26foo`, or either...
The discussion about Auxiliary resources (and how they are tied to the life cycle of their primary resource) reminds me -- I'd love to see an addition to the Web...
With solid/specification#31 an ACL has to be created after the resource, and until it does, the inherited ACL is used. It may be problematic if more restrictive permissions is required...
Rough text from auxiliary resource: >A given Solid resource MAY Link to auxiliary resources on a different server under a different authority, per the configuration of the Solid server on...
Just a thought, for symmetry with [how `acl:agentGroup` can be used](https://github.com/solid/web-access-control-spec#group-listings---implementation-notes) as a level of indirection between the ACL doc and the list of actual `acl:agent` webid's, maybe it would...
The current [Web Access Control Spec](https://github.com/solid/web-access-control-spec) lets you create rules to control whether an agent or group of agents can access resources, and to specify specific modes of access (read,...
I'd like to propose using the full english spelling instead of latin abbreviations in spec text as per this comment on the WAC ED: https://github.com/solid/web-access-control-spec/pull/83#discussion_r661003286 Use of latin abbreviations makes...
https://github.com/solid/web-access-control-spec#referring-to-origins-ie-web-apps > When a compliant server receives a request from a web application running in a browser, the browser will send an extra warning HTTP header, the Origin header. What...
