Update acl-inheritance.md

Author: timbl

acl-inheritance.md

@@ -15,26 +15,40 @@ The need for inherited ACL comes from two main issues:
 
 There are two relevant implementations to consider: `default` and `defaultForNew`. The key differences between those are: (1) whether permissions are defined by the __most significant__ ACL entry or are cumulative, hence (2) the permission check algorithm's direction of the walk through the resource path.
 
-### Strategy 1) `default`
+### Strategy 1) `monotonic`
 
-In `default`, ACL permissions are cumulative (inherited from the ancestors) and the permission check algorithm sums permissions from left-to-right. The path is explored from root, `/` to the end.
+In `monotonic`, ACL permissions are cumulative (inherited from the ancestors) and the permission check algorithm sums permissions from left-to-right. The path is explored from root, `/` to the end, or inany direction, as the permission is the union of all the permissions from each ACL file. The search can stop when any ACL file is which gives permission.
 
 #### Pro
 - Simple hierarchical permission (e.g. everything in `/shared` is shared)
+- Can be fast as it only has to find one ACL file to give the permission it needs
+- An invariant is that an ACL cnnnot be overruled, 
 
 #### Cons
-- It is slower than `defaultForNew`, since all the path must be taken into consideration.
-- It can't have private subfolders within shared folders. Given that permissions cannot be reverted (with the current WAC specification), a subfolder cannot be private in a shared folder. A possible solution is include Windows' `DENY` or `DENY all` in the WAC specification. These entries would take precedence to the other (_allow_) permissions).
+- It is slower than `default`, since all the path must be taken into consideration.  @@@ No, not necessaryily,as the search stops the moment it finds success.
+- It can't have private subfolders within shared folders. Given that permissions cannot be reverted (with the current WAC specification), a subfolder cannot be private in a shared folder. ((A possible solution is NOT include Windows' `DENY` or `DENY all` in the WAC specification. These entries would take precedence to the other (_allow_) permissions).   This system is monotonic.
 - User has to be aware of the permissions given to the parent folders
 
-### Strategy 2) `defaultForNew`
+### Strategy 2) `default`
 
-In `defaultForNew`, ACL permissions are inherited from the most significant ACL. The permission check algorithm iterates from the end of path to the beginning stopping at the first valid ACL. Note: Different permission check algorithm may be implemented to find the most significant ACL.
+In `defaultLocal`, ACL permissions are inherited from the most local ACL file which exists, and no others are searched.. The permission check algorithm iterates from the end of path to the beginning stopping at the first existing ACL. Note: Different permission check algorithm may be implemented to find the most significant ACL.
 
 #### Pro
 - It can have private subfolders within shared folders
 
 #### Cons
+- Users may lose access to their resource by creating an ACL file that does not contain themselves. (Software stops that happening) 
+- Changing permissions recursively to a folder will require changing permission on each subfolder's ACL
+
+### Strategy 3) `defaultForNew`
+
+In `defaultForNew`, ACL permissions are inherited from the whole path as in 'momotonic', but done from the end of the path top the root. With this method, however, whenever a file dopes not have a local ACL, one is generated for it, so that in future the search will hit it immediately.
+
+#### Pro
+- Fast
+
+#### Cons
+- Generates a storage reuirement for all the ACL files, which is a pain, especialy in a fiel space shared with other systems.
 - Users may lose access to their resource by creating an ACL file that does not contain themselves.
 - Changing permissions recursively to a folder will require changing permission on each subfolder's ACL