Michiel de Jong
Michiel de Jong
We also discussed this in the community call just now and there seemed to be unanimous consensus that this is something we want and need to be in scope.
Copying over from https://github.com/solid/specification/issues/38#issuecomment-533580324: ---- basically it's https://forum.solidproject.org/t/read-only-or-sub-folder-oidc-scopes/767 and https://github.com/solid/authorization-and-access-control-panel - in a sentence, and at the minimal level: If Alice gives Bob read-access to (a part of) her pod,...
Great! I'll leave this task in your (plural) capable hands. :)
Also discussed this issue with @jaxoncreed just now. Our conclusion is that regardless of where the dialog GUI lives where Bob specifies his choice of attenuation, there are basically two...
So https://github.com/solid/authorization-and-access-control-panel/blob/master/privilege-request-protocol.md doesn't solve the Alice+Bob scenarios I described in this issue, because it just sort of assumes that Bob is somehow able to tell Alice's server what his attenuation...
> Why in that case Bob would trust Alice's storage server to even properly apply user related WAC rules? Good question, and I don't know the answer! :) I did...
> C/ | C/R | C/R exists | C/R doesn't exist > Read | - | 200 | 404 Shouldn't that be `Read | - | 403 | 404` ?...
> POST C/ > Slug: R Slug should only be used as advice, and if C/R exists, the server should pick a different location. It should always return the location...
> PUT C/R > C/ | C/R | C/R exists | C/R doesn't exist > Read,Write | - | 200 | 201 Neither creating nor updating C/R should be allowed...
> PATCH C/R > C/ | C/R | C/R exists | C/R doesn't exist > - | Append | 200 | 201 Only if the PATCH is an append-only patch...