I’ve started working on it now and I’d like your advice on a few questions:
If I have an .acl like this:
# ACL resource for the private folder
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
# The owner has all permissions
acl:mode acl:Read, acl:Write, acl:Control.
- What information is the subject (
<#owner>) carrying? Is it just for grouping the permissions and agents together? Or does it actually has an impact on how the access is granted? Would it (theoretically) have any impact if I split up one subject group into multiple with the same subject?
- What would happen if we use the same subject (e.g.
<#owner>) two times?
- When modifying, how should I handle predicates inside
<#owner> which aren’t related to WAC? Are these even allowed? I think if I just delete them, I could break things, and if I modify the rule without deleting them, I could break things too.
- Each rule has a
a acl:Authorization; statement inside. I guess I shouldn’t process statements without this type declaration, but what kind of content except for acl:Authorization declarations could I expect in an acl file?
accessTo: In general an acl file only relates to one ressource/container, right? But in case one wants to use the same acl file for multiple files this predicate would be used for that?
I’d be glad if you can help me with any of these questions. If you want to take a look at the current status of the project, it is on github here: https://github.com/Otto-AA/acl-utils/
But it is still in active development, so there is no documentation yet and the features are not finished (it ignores
default... predicates for now and grouping and minifying by subjects has to be added).