Nice pictures, very intuitive.
You inspired me to think about the granular access controls.
The access control can always be complicated in practice. Usually (I may be wrong), systems are using the inheritance mechanism to simplify it. That is, if not specified, refer to my container’s settings. In my understanding, ACL follows the same tactic.
The inheritance mechanism is very efficient in tree-like structures, where people can generally set the root to high-level classification for certain visitor groups, then reduce it or elaborate the sub-layer settings only when required, or sometimes move a branch into a path with different classified level.
Come to Solid. If the scope of access control is still “resource”(URL or document), we can stay with the same mechanism. However, another meaningful scope of access control is “knowledge”, which has the structure of graph rather than tree.
Say if my host has file1 and file2 both contain some knowledge about Alice and Bob, my restriction of access to the visitor Victor is “all knowledge about Alice”, while open “all knowledge about Bob”. I may not care whether such knowledge is stored in file1 or file2 or even both.
In this case, the inheritance strategy may not be that effective due to the above-mentioned reasons. With a brief thought, I think the rule-based approach maybe perform better however raising the bar in maintaining. Anyway, I believe this is something we need to think about.