Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Basic WAC like access control #17

Open
bblfish opened this issue May 10, 2021 · 2 comments
Open

Basic WAC like access control #17

bblfish opened this issue May 10, 2021 · 2 comments
Milestone
M3

Comments

@bblfish
Copy link
Member

bblfish commented May 10, 2021

Add Basic WAC access control
@bblfish bblfish added this to the M3 milestone May 11, 2021
@bblfish
Copy link
Member Author

bblfish commented May 11, 2021

The requirement for this is

@bblfish
Copy link
Member Author

bblfish commented Jun 11, 2021
edited
Loading

Building the AuthZ layer one immediately comes to to think about inheritance of Access Control Rules. This happens as follows just by thinking about building a test suite:

  1. The test suite has to start with an empty Pod, with perhaps at most one access control rule for the root container.
  2. Then one will want to create containers and resources in that container: these will need to inherit the access control rules of the parent if they are to be editable or viewable at all.

WAC has support for a basic form of default inheritance, but default reasoning is awakward on the semantic web, and so proposed using an :imports relation as per solid authz issue 210: add :imports relation. I had something similar in rww-play 6 years ago - though I called it :includes at the time. I find that makes it much easier to think about access control, so I implemented this in Commit 7771d5871dd9c10f535200730f4290454c0d3032.

In order to implement Access Control flexibly I added a basic system of Free Monad Scripts defined in SolidCmd.scala. This allows one to for example write a script that fetches a graph and the transitive closure of its :imports related graphs.

One advantage is that it makes it possible to test the script with a mock WWW and simple interpretation as in TestLDPCmd.scala. One can then interpret exactly the same script using Actors. Each command comes with a URL allowing it to gets Routed to its own Actor and interpreted by that actor: a filesystem actor will read data from the FileSystem and Web Proxy actor read from the relevant remote resource, or from its cache, a DB Actor ... (see the BasicContainer for example). This was done in RWW-Play too, but here we integrate this clearly with a pure streaming web server view via the Wait command to allow us to work with Futures when transforming an RDF Stream into a Graph for example.

The result of running the Free Monad, is a Cofree Comonad, which interestingly enough is the structure of a RDF Dataset!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
M3
Development

No branches or pull requests
1 participant
@bblfish