solid · csarven · Jun 30, 2021 · May 7, 2021 · May 7, 2021 · May 7, 2021
diff --git a/index.html b/index.html
@@ -138,7 +138,7 @@
     <main>
       <article about="" typeof="schema:Article doap:Specification">
         <h1 property="schema:name">Web Access Control</h1>
-        <h2>Editor’s Draft, 2021-06-28</h2>
+        <h2>Editor’s Draft, 2021-06-29</h2>
 
         <dl id="document-identifier">
           <dt>This version</dt>
@@ -164,7 +164,7 @@ <h2>Editor’s Draft, 2021-06-28</h2>
 
         <dl id="document-modified">
           <dt>Modified</dt>
-          <dd><time content="2021-06-28T00:00:00Z" datatype="xsd:dateTime" datetime="2021-06-28T00:00:00Z" property="schema:dateModified">2021-06-28</time></dd>
+          <dd><time content="2021-06-29T00:00:00Z" datatype="xsd:dateTime" datetime="2021-06-29T00:00:00Z" property="schema:dateModified">2021-06-29</time></dd>
         </dl>
 
         <dl id="document-repository">
@@ -322,6 +322,7 @@ <h2 id="table-of-contents">Table of Contents</h2>
                     <li><a href="#effective-acl-resource"><span class="secno">5.1</span> <span class="content">Effective ACL Resource</span></a></li>
                     <li><a class="tocxref" href="#authorization-conformance"><span class="secno">5.2</span> <span class="content">Authorization Conformance</span></a></li>
                     <li><a class="tocxref" href="#authorization-evaluation"><span class="secno">5.3</span> <span class="content">Authorization Evaluation</span></a></li>
+                    <li><a class="tocxref" href="#access-privileges"><span class="secno">5.4</span> <span class="content">Access Privileges</span></a></li>
                   </ol>
                 </li>
                 <li class="tocline">
@@ -414,7 +415,7 @@ <h3 property="schema:name skos:prefLabel">Terminology</h3>
                     <dd about="#acl-resource" property="skos:definition">An ACL resource is represented by an <em>RDF document</em> [<cite><a class="bibref" href="#bib-rdf11-concepts">RDF11-CONCEPTS</a></cite>] that includes <a href="#authorization">Authorizations</a> determining access to resources.</dd>
 
                     <dt about="#authorization" property="skos:prefLabel" typeof="skos:Concept"><dfn id="authorization">Authorization</dfn></dt>
-                    <dd about="#authorization" property="skos:definition">An Authorization is an abstract thing identified by a URI whose properties are defined in an <a href="#acl-resource">ACL resource</a>, e.g., <a href="#access-mode">access modes</a> granted to <a href="#agent">agents</a> the ability to perform operations on <a href="#resource">resources</a>.</dd>
+                    <dd about="#authorization" property="skos:definition">An Authorization is an abstract thing which is identified by a URI and whose properties are defined in an <a href="#acl-resource">ACL resource</a>, e.g., <a href="#access-mode">access modes</a> granted to <a href="#agent">agents</a> the ability to perform operations on <a href="#resource">resources</a>.</dd>
 
                     <dt about="#access-mode" property="skos:prefLabel" typeof="skos:Concept"><dfn id="access-mode">access mode</dfn></dt>
                     <dd about="#access-mode" property="skos:definition">An access mode is a class of operations that can be performed on one or more resources.</dd>
@@ -566,9 +567,9 @@ <h2 property="schema:name">Authorization Rule</h2>
               <section id="access-objects" inlist="" rel="schema:hasPart" resource="#access-objects">
                 <h3 property="schema:name">Access Objects</h3>
                 <div datatype="rdf:HTML" property="schema:description">
-                  <p id="acl-accessto">The <code>acl:accessTo</code> property value is used to check if access is allowed for a specific resource.</p>
+                  <p id="acl-accessto">The <code>acl:accessTo</code> predicate denotes the resource to which access is being granted.</p>
 
-                  <p id="acl-default">The <code>acl:default</code> property value (the container resource in context) is used to apply the Authorization to the original requested resource.</p>
+                  <p id="acl-default">The <code>acl:default</code> predicate denotes the container resource to which an Authorization can be applied to a resource lower in the collection hierarchy.</p>
 
                   <p>Inheriting Authorizations from the most significant container’s ACL resource is useful to avoid individually managing an ACL resource for each resource, as well as to define access control for resources that do not exist yet.</p>
 
@@ -635,17 +636,18 @@ <h3 property="schema:name">Access Subjects</h3>
 
                   <p id="acl-agentclass">The <code>acl:agentClass</code> predicate denotes a <a href="#agent-class">class of agents</a> being given the access permission.</p>
 
-<p>Two agent classes are defined here:</p>
+                  <p>Two agent classes are defined here:</p>
+
                   <dl>
                     <dt id="acl-agentclass-foaf-agent"><code>foaf:Agent</code></dt>
-                    <dd>Allows access to any agent.</dd>
+                    <dd>Allows access to any agent, i.e., the public.</dd>
                     <dt id="acl-agentclass-authenticated-agent"><code>acl:AuthenticatedAgent</code></dt>
                     <dd>Allows access to any authenticated agent.</dd>
                   </dl>
 
                   <p id="acl-agentgroup">The <code>acl:agentGroup</code> predicate denotes a <a href="#agent-group">group of agents</a> being given the access permission. The object of an <code>acl:agentGroup</code> statement is an instance of <code>vcard:Group</code>, where the members of the group are specified with the <code>vcard:hasMember</code> predicate.</p>
 
-                  <p id="acl-origin">The <code>acl:origin</code> predicate denotes the <a href="#origin">origin</a> of an HTTP request is being given the access permission.</p>
+                  <p id="acl-origin">The <code>acl:origin</code> predicate denotes the <a href="#origin">origin</a> of an HTTP request that is being given the access permission.</p>
 
                   <div class="note" id="subject-verification" inlist="" rel="schema:hasPart" resource="#subject-verification">
                     <h3 property="schema:name"><span>Note</span>: Subject Verification</h3>
@@ -825,17 +827,6 @@ <h5 property="schema:name"><span>Note</span>: Trusted Origins</h5>
                           <p>Implementations might implicitly allow a list of origins, such as the same-origin [<cite><a class="bibref" href="#bib-rfc6454">RFC6454</a></cite>].</p>
                         </div>
                       </div>
-
-                      <p id="req-server-wac-allow">Servers MUST advertise client’s access privileges on a resource by including the <code>WAC-Allow</code> HTTP header (<cite><a href="#wac-allow" rel="rdfs:seeAlso">WAC-Allow</a></cite>) in the response of HTTP <code>GET</code> and <code>HEAD</code> requests.</p>
-
-                      <div class="note" id="clients-discovering-access-privileges" inlist="" rel="schema:hasPart" resource="#client-discovering-access-privileges">
-                        <h5 property="schema:name"><span>Note</span>: Clients Discovering Access Privileges</h5>
-                        <div datatype="rdf:HTML" property="schema:description">
-                          <p>Clients can discover access privileges on a resource by making an HTTP <code>HEAD</code> or <code>GET</code> request on the target resource, and checking the <code>WAC-Allow</code> header value for access parameters listing the allowed access modes per permission group (<cite><a href="#wac-allow" rel="rdfs:seeAlso">WAC-Allow</a></cite>).</p>
-                        </div>
-                      </div>
-
-                      <p id="req-server-cors-aceh-wac-allow">When a server participates in the <abbr title="Cross-Origin Resource Sharing">CORS</abbr> protocol [<cite><a class="bibref" href="#bib-fetch">FETCH</a></cite>], the server MUST include <code>WAC-Allow</code> in the <code>Access-Control-Expose-Headers</code> field-value in the HTTP response.</p>
                     </div>
                   </section>
 
@@ -917,6 +908,22 @@ <h4 property="schema:name">Authorization Matching</h4>
                       </figure>
                     </div>
                   </section>
+
+                  <section id="access-privileges" inlist="" rel="schema:hasPart" resource="#access-privileges">
+                    <h4 property="schema:name">Access Privileges</h4>
+                    <div datatype="rdf:HTML" property="schema:description">
+                      <p id="req-server-wac-allow">Servers MUST advertise client’s access privileges on a resource by including the <code>WAC-Allow</code> HTTP header (<cite><a href="#wac-allow" rel="rdfs:seeAlso">WAC-Allow</a></cite>) in the response of HTTP <code>GET</code> and <code>HEAD</code> requests.</p>
+
+                      <div class="note" id="clients-discovering-access-privileges" inlist="" rel="schema:hasPart" resource="#clients-discovering-access-privileges">
+                        <h5 property="schema:name"><span>Note</span>: Clients Discovering Access Privileges</h5>
+                        <div datatype="rdf:HTML" property="schema:description">
+                          <p>Clients can discover access privileges on a resource by making an HTTP <code>HEAD</code> or <code>GET</code> request on the target resource, and checking the <code>WAC-Allow</code> header value for access parameters listing the allowed access modes per permission group (<cite><a href="#wac-allow" rel="rdfs:seeAlso">WAC-Allow</a></cite>).</p>
+                        </div>
+                      </div>
+
+                      <p id="req-server-cors-aceh-wac-allow">When a server participates in the <abbr title="Cross-Origin Resource Sharing">CORS</abbr> protocol [<cite><a class="bibref" href="#bib-fetch">FETCH</a></cite>], the server MUST include <code>WAC-Allow</code> in the <code>Access-Control-Expose-Headers</code> field-value in the HTTP response.</p>
+                    </div>
+                  </section>
                 </div>
               </section>
             </div>