From 41dd3090c359222139fc330b875b479c13eb34ec Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 16 Mar 2021 18:45:07 +0100 Subject: [PATCH 1/2] Clarify discover, reading, and writing auxiliary resources --- protocol.html | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/protocol.html b/protocol.html index 6e7a5263..3493f1e1 100644 --- a/protocol.html +++ b/protocol.html @@ -562,10 +562,6 @@

Web Access Control

An auxiliary resource of type Web Access Control provides access control description of a subject resource (Web Access Control).

Servers MUST NOT directly associate more than one ACL auxiliary resource to a subject resource.

- -

To discover, read, create, or modify an ACL auxiliary resource, an acl:agent MUST have acl:Control privileges per the ACL inheritance algorithm on the resource directly associated with it.

- -

A Solid server SHOULD sanity check ACL auxiliary resources upon creation or update to restrict invalid changes, such as by performing shape validation against authorization statements therein.

@@ -576,9 +572,7 @@

Description Resource

Servers MUST NOT directly associate more than one description resource to a subject resource.

-

To create or modify a description resource, an acl:agent MUST have acl:Write privileges per the ACL inheritance algorithm on the resource directly associated with it.

- -

To discover or read a description resource, an acl:agent MUST have acl:Read privileges per the ACL inheritance algorithm on the resource directly associated with it.

+

When a HTTP request targets a description resource, the server MUST apply the authorization policy that is used for the subject resource that the description resource is associated with.

Clients can discover resources that are described by description resources by making an HTTP HEAD or GET request on the target URL, and checking the HTTP Link header with a rel value of describes (inverse of the describedby relation) [RFC6892].

From 0d68139bc325be9a07f62de248bb0ceb2d3e0e79 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Tue, 16 Mar 2021 21:07:55 +0100 Subject: [PATCH 2/2] Update protocol.html Co-authored-by: Ted Thibodeau Jr --- protocol.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/protocol.html b/protocol.html index 3493f1e1..067e06fa 100644 --- a/protocol.html +++ b/protocol.html @@ -572,7 +572,7 @@

Description Resource

Servers MUST NOT directly associate more than one description resource to a subject resource.

-

When a HTTP request targets a description resource, the server MUST apply the authorization policy that is used for the subject resource that the description resource is associated with.

+

When an HTTP request targets a description resource, the server MUST apply the authorization policy that is used for the subject resource with which the description resource is associated.

Clients can discover resources that are described by description resources by making an HTTP HEAD or GET request on the target URL, and checking the HTTP Link header with a rel value of describes (inverse of the describedby relation) [RFC6892].