Granular Access Control


#1

What is an example best practice for managing granular (infra-document) Web Access Control to SOLID resources/files?

For instance, given my profile is one resource, if I want to make my name public, but my organization name private.


#2

I think the limit of granularity is a file, so you would put your organisation in a separate file (along with other restricted information) and link to that from your public profile.


#3

Exactly. This is called Extended Profile and the links should be owl:sameAs or rdfs:seeAlso.


#4

Ok thanks, and to generalize this case, would this mean you would need to create one file per triple in order to assign access control per triple, instead of one file but access control at fragment level?


#5

At least NSS does only have access control at file level. I am not sure if this is required by the spec. Servers that do not rely on the file system might indeed have a triple based access control, imho.


#6

got it, thanks! I was also reviewing the PIXOLID thread on how it is set up and it looks like each photo is a separate file so I can see how that would work.