Skip to content
This repository was archived by the owner on Apr 13, 2022. It is now read-only.

Commit b5c3845

Browse files
bblfishbblfish
committed
initial proposal 4 simpler and better pattern language
1 parent 0d63850 commit b5c3845

File tree

1 file changed

+37
-1
lines changed

1 file changed

+37
-1
lines changed

acl-inheritance.md

Lines changed: 37 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -97,12 +97,48 @@ in the created resource's acl.
9797
acl:agentClass foaf:Agent .
9898
```
9999

100-
#### Issue
100+
#### Issues
101+
102+
##### Truth
101103

102104
It does mean that on a naive reading of `wac:regex` some acls will not actually be true of all files specified in the regular expression, as they are only valid if the resource's acl includes them using `wac:include`. Perhaps there is a way of thinking of the `acl:regex` relation in way that does not create such false statements. Perhaps it should be read as defining the subclass of resources that fit the given pattern _and_ that whose acls are linked to via a set of `wac:include`s to the resource that contains the regular expression. On this reading one cannot deduce that `https://jack.example/cat.acl` is readable by everyone only from the acl shown in the cons section above. One also needs to know:
103105
* that `<https://jack.example/cat.acl>` exists
104106
* that `<https://jack.example/cat.acl>` has an `acl` link header to a resource that through a chain of `wac:include`s refers back to `<default.acl>`
105107

108+
#### Better Pattern Languages
109+
110+
The problems with full regexes are:
111+
112+
* one needs to know the full url of the resource
113+
* different languages have different implementations of regexes
114+
* they can be turing complete
115+
116+
This should not stop one. Regexes are already standardised by the W3C in RDF via the [POWDER spec](https://www.w3.org/TR/powder-dr/), which also provided simpler less powerful vocabularies to enable use cases that did not require the full regex power. So one could invent a simple regular expression based on globbing such as `"/*"` for all resources in a folder, or `"/**"` for all resources in a folder and sub-folders. This could look like the following:
117+
118+
```Turtle
119+
[] acl:accessToClass [ acl:urlPattern [ acl:base <.>; acl:match "*.acl" ]];
120+
acl:mode acl:Read;
121+
acl:agentClass foaf:Agent .
122+
```
123+
124+
This should be read as saying that everybody can read all resources that match the pattern "*.acl" in the current directory, and for which this is an acl through wac:include chain from the resource's acl. (in this case this is a rule on acls)
125+
126+
To allow all files to be readable and writeable by the owner in this folder and sub-folders one could use
127+
128+
```Turtle
129+
[] acl:accessToClass [ acl:urlPattern [ acl:base <.>; acl:match "**" ]];
130+
acl:mode acl:Read, acl:Write;
131+
acl:agent </card#i> .
132+
```
133+
134+
assuming of course the user's WebID is `</card#i>` .
135+
Note again that the `acl:urlPattern` gives a class that is larger than the class of resources for which this is true, as the only resources for which that rule is valid are those whose acls link to the acl in which this is written.
136+
137+
138+
139+
The advantage of such a pattern language is that it allows the pattern to be relative to a resource, and so to be written out even for a client that does not know the full url of the resource.
140+
141+
106142
--
107143

108144
## References

0 commit comments

Comments
 (0)