Acl $ owner/superuser / solid spec


#1

Some new questions about Acl are pointed recently with the 5.2.4 patch and other questions about who is the owner of a created resource ( the one that own the pod, or the one that created the resource? )

Looking at Acl system on Posix, I saw that it is extending the filesystem authorizations where there are basically owner, group & user that set a first level of authorization. And Acl is used as a second layer (?) .
Perhaps could we clarify authorization if pod owner was set as a superuser with something like :

  • pod owner is a superuser
  • pod owner set basic rights to container/resource/groups/users, allow or not a user to register/revoke himself to a group
  • pod owner can set quotas/number of files created by a user
  • resource creator is the owner of that resource and can set authorization for that resource…

Atomic level
Those rules must also be applied at the triple/quad level : pod owner decide if a user who added a triple in a ttl resource can or not modify/delete that triple…

So:

  • 3 differents levels : container/resource/triple
  • 3 levels of authorization :
    _ superuser
    _ like a filesystem (owner /group/user)
    _ resource creator/Acl

That is just some ideas, is not all really clear but it is sure that something is missing…


#2

“allow or not a user to register/revoke himself to a group”

This relates to the question of what a group really is. I think linked data models of that should be reevaluated at some point, before deciding on a new mapping to posix or acl terms.


#3

It seems to me that the questions asked on this page https://plato.stanford.edu/entries/social-ontology about social groups are the appropriate ones for what groups are and how they map to posix and acl. Now we just have to wait until they put it in owl format :crazy_face: