Skip to content

Authorization

Jump to bottom
Friedrich edited this page Jul 2, 2024 · 1 revision

Authorization for the access to resources inside a Solid pod can be done in two ways:

1. Web Access Control (WAC)

WAC uses an Access Control List (ACL), generally it has an .acl extension, but this doesn't need to be so.

Example:

# Root ACL resource for the agent account
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.

# The homepage is readable by the public
<#public>
    a acl:Authorization;
    acl:agentClass foaf:Agent;
    acl:accessTo <./>;
    acl:mode acl:Read.

# The owner has full access to every resource in their pod.
# Other agents have no access rights,
# unless specifically authorized in other .acl resources.
<#owner>
    a acl:Authorization;
    acl:agent <http://localhost:3000/my-pod/profile/card#me>;
    # Optional owner email, to be used for account recovery:
    acl:agent <mailto:test@example.com>;
    # Set the access to the root storage folder itself
    acl:accessTo <./>;
    # All resources will inherit this authorization, by default
    acl:default <./>;
    # The owner has all of the access modes allowed
    acl:mode
        acl:Read, acl:Write, acl:Control.

(source)

spec

2. Access Control Policy (ACP)

spec

Clone this wiki locally