Merge
authorJohn Arwe
Tue, 29 Jul 2014 13:08:53 -0400
changeset 735 8212abe7dd2d
parent 734 76e5cbeb6b36 (current diff)
parent 733 cdcd4e3b2b39 (diff)
child 736 ffda91dd27b7
Merge
--- a/AccessControl.html	Tue Jul 29 13:07:14 2014 -0400
+++ b/AccessControl.html	Tue Jul 29 13:08:53 2014 -0400
@@ -3,7 +3,7 @@
   <head>
     <title>LDP Access Control</title>
     <meta charset='utf-8'>
-    <script src='https://www.w3.org/Tools/respec/respec-w3c-common'
+    <script src='http://www.w3.org/Tools/respec/respec-w3c-common'
             async class='remove'></script>
     <script class='remove'>
       var respecConfig = {
@@ -90,8 +90,9 @@
         Access Control is a mechanism through which an agent ( an HTTP server in this case ) permits other agents -- 
 		individuals, organizations, and/or groups made up of these -- to perform certain operations on resources as 
 		specified by policies for the resources and for the agents. Within this document, the resources are LDP resources, but the access 
-		control may operate at different granularities: RDF or other documents, named graphs, individual triples, or 
-		individual attributes. The operations are create, read, update, and delete (CRUD).
+		control may operate at different granularities: RDF or other documents, named graphs or individual triples.
+		The operations are typically create, read, update, and delete (CRUD) but other operations can easily be accomodated by
+		this design.
 		</p>
 		<p>
         When an agent requests a collection of resources it gets to see only those resources or parts of resources 
@@ -106,7 +107,7 @@
 		<section>
 	  <h2>Terminology</h2>
 	  <ul>
-	  <li>ACG: An Access Control Graph describes the permitted modes of access for particular agents to specific resources.</li>
+	  <li>ACG: An Access Control Graph describes the permitted modes of access for particular agents to apecific resources.</li>
 	  <li>ACG Resource: A resource whose representation contains one or more ACGs which the server relies 
 	  upon to make access control decisions.</li>
 	  </ul>
@@ -120,9 +121,6 @@
     <li>To CREATE, READ, UPDATE (or PATCH), or DELETE a resource identified by a URL.  The server may immediately 
 	allow or deny the request, or it may request that he authenticate to confirm his privileges, 
 	as specified by the ACG for the Resource.</li>
-    <li>To UPDATE, CREATE or DELETE an attribute of the resource identified by the URL. The server allows or denies 
-	the request as specified the by the ACG for the resource and attribute and whether fine-grained access control 
-	is supported.</li>
     <li>If he is denied access, an explanation of why all or part of his request was denied should be provided 
 	so that it becomes possible to detect errors, and so that he may modify the request -- 
 	potentially to include making a request for such privileges.
@@ -136,11 +134,9 @@
 	<h3>Editability of Access Control Rules using HTTP</h3>
 	<ol>
 	<li>
-    Bart's user agent logs on to a server and requests:
-	<ol>
-        <li>The ability to read a group of related resources such as all the papers presented at a conference.</li>
-        <li>The ability to update an attribute of related resources, for example, to add a copyright notice to each resource.
-    	</ol></li>
+    Bart's user agent logs on to a server and requests
+	the capability to read a group of related resources such as all the papers presented at a conference.</li>
+    </li>
 	<li>Employees with job titles VP or SVP can sign (update) supplier contracts.</li>
     <li>Charlie, the Webmaster, would like to grant read access to the papers presented at a conference to all the 
 	people who attended the conference.</li>
@@ -181,7 +177,7 @@
 	( All use cases )</li>
 	</ul>
 	
-	<p>The above requirements require the ability, by an authorized agent, to CREATE, EDIT, UPDATE relevant ACGs.</p>
+	<p>The above requirements require the ability, by an authorized agent, to CREATE, EDIT, UPDATE relevant ACGs. 
 
 	<ul>
 	<li>Ability to specify access privileges at a fine-grained level. (Usecase 3.1.2, 3.2.1.2)</li>
@@ -190,8 +186,7 @@
 	(Usecase 3.1.3)
 	</li>
     <li>A user-agent should be able to find the ACG for a given resource.(Usecase 3.1.1)</li>
-	<li>The ability by one user agent to delegate the authority to create and edit ACGs to another agent. ( Usecase 3.3.3 )
-	</li>
+	<li>The ability by one user agent to delegate the authority to create and edit ACGs to another agent.(Usecase 3.3.3)</li>
 	</ul>
 	</section>
 	<section>