authorization-panel
authorization-panel copied to clipboard
solid
acp anyOf/allOf examples with multiple rules?
ACP makes a distinction between acp:anyOf and acp:allOf relations. Thes are defined by the first commit of the acp ontology
acp:allOf a rdf:Property ;
rdfs:label "all of"@en ;
rdfs:comment "The allOf property identifies a collection of Rules, each of which must match in order for the Policy to take effect."@en ;
rdfs:domain acp:Policy ;
rdfs:range acp:Rule ;
rdfs:isDefinedBy acp: .
acp:anyOf a rdf:Property ;
rdfs:label "any of"@en ;
rdfs:comment "The anyOf property identifies a collection of Rules, one of which must match in order for the Policy to take effect."@en ;
rdfs:domain acp:Policy ;
rdfs:range acp:Rule ;
rdfs:isDefinedBy acp: .
The first example of a use of acp:allOf that points to more than one agent is in
2.1.4 Append Only Access. After creating a </contacts> vcard resource the following personal policy is added
<#recommend> a acp:AccessPolicy ;
acp:allow acp:Append ;
acp:allOf <#canRecommend> .
<#canRecommend> a acp:Rule ;
acp:group <https://alice.pod/contacts> .
which is meant to give access to any member the group. True there is only one rule and all rules have to match (only one). Matching the rule means being a member of the group.
But there are no examples of acp:anyOf or of acp:allOf being used with multiple rules which would help show the difference between the logic of each.
My guess is a use case of acp:allOf would be for giving access to someone over a certain age with proof of UK residence. An example of acp:anyOf would be to give access to members of two or more distinct clubs.
Why would one use acp:allOf in the published examples over and above acp:anyOf ?
