You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
<p><dfnid="wac">Web Access Control</dfn> (<abbrtitle="Web Access Control">WAC</abbr>) is a decentralized cross-domain access control system providing a way for Linked Data systems to set authorization conditions on HTTP resources using the <dfnid="acl">Access Control List</dfn> (<abbrtitle="Access Control List">ACL</abbr>) model.</p>
372
372
373
-
<pid="wac-overview" rel="schema:hasPart" resource="#wac-overview"><spandatatype="rdf:HTML" property="schema:description">The WAC specification describes how to enable applications to discover <ahref="#authorization">Authorizations</a> associated with a given <ahref="#resource">resource</a>, and to control such policies, as directed by an agent. Server manages the association between a resource and an <ahref="#acl-resource">ACL resource</a>, and applies the authorization conditions on requested operations. Authorizations are described using the <cite><ahref="http://www.w3.org/ns/auth/acl" rel="cito:citeAsAuthority">ACL ontology</a></cite> to express and determine access privileges of a requested resource. Any kind of access can be given to a resource as per the ACL ontology. This specification uses the <ahref="#access-mode">access modes</a> currently defined by the ACL ontology, such as the class of operations to read, write, append and control resources. An Authorization may allow public access to resources or place the requirement for authenticated <ahref="#agent">agents</a>. Resources and agents can be on different origins.</span></p>
373
+
<pid="wac-overview" rel="schema:hasPart" resource="#wac-overview"><spandatatype="rdf:HTML" property="schema:description">The WAC specification describes how to enable applications to discover <ahref="#authorization">Authorizations</a> associated with a given <ahref="#resource">resource</a>, and to control such policies, as directed by an agent. Server manages the association between a resource and an <ahref="#acl-resource">ACL resource</a>, and applies the authorization conditions on requested operations. Authorizations are described using the <cite><ahref="http://www.w3.org/ns/auth/acl" rel="cito:citesAsAuthority">ACL ontology</a></cite> to express and determine access privileges of a requested resource. Any kind of access can be given to a resource as per the ACL ontology. This specification uses the <ahref="#access-mode">access modes</a> currently defined by the ACL ontology, such as the class of operations to read, write, append and control resources. An Authorization may allow public access to resources or place the requirement for authenticated <ahref="#agent">agents</a>. Resources and agents can be on different origins.</span></p>
<pid="extension-acl-authorization">As ACL resources are RDF sources; <ahref="#authorization">Authorization</a> descriptions may be extended or limited by constraints, e.g., temporal or spatial constraints; and duties, e.g., payments, may be imposed on permissions; but no behaviour is defined by this specification. For example, the <cite><ahref="https://www.w3.org/TR/odrl-model/" rel="cito:citesAsPotentialSolution">ODRL Information Model</a></cite> can be used to set obligations required to be met by agents prior to accessing a resource.</p>
997
997
998
-
<pid="extension-acl-accesstoclass">To allow access to a class of resources, implementations may want to use the <code>acl:accessToClass</code> predicate as defined in the <cite><ahref="http://www.w3.org/ns/auth/acl" rel="cito:citeAsAuthority">ACL ontology</a></cite>.</p>
998
+
<pid="extension-acl-accesstoclass">To allow access to a class of resources, implementations may want to use the <code>acl:accessToClass</code> predicate as defined in the <cite><ahref="http://www.w3.org/ns/auth/acl" rel="cito:citesAsAuthority">ACL ontology</a></cite>.</p>
<pid="req-extension-acl-mode">An extension to access modes is any mode that is defined in the <cite><ahref="http://www.w3.org/ns/auth/acl" rel="cito:citeAsAuthority">ACL ontology</a></cite>, i.e., as a subclass of <code>acl:Access</code>, but not described in this specification (<cite><ahref="#access-modes" rel="rdfs:seeAlso">Access Modes</a></cite>). Consumers of Authorizations that encounter unrecognised access modes MUST NOT stop processing or signal an error and MUST continue processing the access modes as if those properties were not present.</p>
1007
+
<pid="req-extension-acl-mode">An extension to access modes is any mode that is defined in the <cite><ahref="http://www.w3.org/ns/auth/acl" rel="cito:citesAsAuthority">ACL ontology</a></cite>, i.e., as a subclass of <code>acl:Access</code>, but not described in this specification (<cite><ahref="#access-modes" rel="rdfs:seeAlso">Access Modes</a></cite>). Consumers of Authorizations that encounter unrecognised access modes MUST NOT stop processing or signal an error and MUST continue processing the access modes as if those properties were not present.</p>
1008
1008
1009
1009
<p>Foreign-namespaced access modes are allowed in ACL resources, but they MUST NOT cause increased access.</p>
0 commit comments