Granting access control to resources?

Hello,

I’ve got a couple of questions regarding providing access control to resources in PODs.

  1. According to Web Access Control we can either create an ACL resource for each resource or a single ACL resource for the whole container which can contain multiple resources. I am currently running CSS 3.0 in a web server and I am accessing the PODs in the server via a mobile app. My question is that when I am creating a resource (eg: a .ttl file) inside a POD using the mobile app, does CSS automatically create .acl file for that resource or do I need to implement that separately in the mobile app side?

  2. Web Access Control describes providing different access control levels to resources. Is there a way to provide access control to individual triplets defined in a resource? For instance if I have a .ttl resource which contains all my personal information and if I need to provide access to someone only to my birthday in that resource, is that possible?

Thanks a lot for your support.

1 Like

Hi Anushka,

I’m not sure if that document is the best resource to describe what CSS implements. I’m not sure myself exactly what it implements, but I did saw a reference to this link on its website. Assuming that doesn’t diverge too much from the document you linked (which I’m more familiar with), then no, when you create a resource inside a Pod, the server should not automatically create an ACL. Without an applicable ACL, the ACL of the new resource’s container (or its container’s, or its container’s, etc.) will apply. If you want specific access control for that resource, you’ll have to initialise one yourself, at the location provided by the server (via the Link header with a rel="acl").

And no, at this point in time ACLs apply to a resource as a whole. If you need separate access control for separate chunks of data, you’ll have to spread that data out over multiple resources.

Hi @Vincent, thanks for your response. From the initial look at the document you mentioned it looks similar to the one I mentioned. But I will have a detailed look.

Thanks for the explanations. Those make sense.

CSS puts an ACL file in the root container of your pod. So the initial state of all resources is determined by that ACL unless you change things by creating ACL resources on containers or resources in the pod.

1 Like

Just a heads up, in the Inrupt Typescript SDK, we are currently aware of some issues with the ACL functionality

is there a way to provide access control to individual triplets defined in a resource?

I think this is a great question. As people already discussed, there currently isn’t a way to do that. However, i’d love to see that as well.

Otherwise we need to split and move data around just because we need more granular permissions. We may end up with a document split into separate sub-document for each unique combination of permissions (and move data in-between). Like with your birthday example.

It could help if we would think of Solid Pods more like a database, and less like a bunch of documents…

1 Like

@mrkvon - The Trinpod server implements triple-level permissions.

1 Like

Sounds great, i can’t wait to try it out. I only wish the Trinpod was open-source. Or is it? :slight_smile: