-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add time constraints to WAC rules #87
Comments
👍 , would be a great feature. |
Actually, I have a PR open that is related: #37 (although it was geared towards caching, we could clarify the semantics to deal with some of this) |
Expiry sounds good. "Valid" "from/to" or "not before/after" seems fine too. Just to add to scenarios where this can be useful from an application's perspective: going in/out of offline mode. Knowing the time-based constraints can help an application decide what to do next (eg. dokieli/dokieli#259 (comment) ) especially if it makes sense to expose that information through WAC-Allow. |
This issue is mostly a duplicate of #10 and it'd be good to take it up around the same time with that and Kjetil's related PR: #37 The essence of this and relate issue is captured in WAC Editor's Draft: https://solid.github.io/web-access-control-spec/ . See #authorization-extensions . Moving this issue to https://github.com/solid/web-access-control-spec for future discussion. |
The current Web Access Control Spec lets you create rules to control whether an agent or group of agents can access resources, and to specify specific modes of access (read, write, append, control). However, it doesn't allow for the specification of when these accesses are permitted.
In the simplest (and perhaps most useful) use case, this would allow for expiry of a given authorization rule. For example, a user wants to grant temporary access to someone, and creates an authorization rule that expires in twenty-four hours. However, other use cases could call for the ability to specify when the rule activates, or involve the ability to limit access to a certain time window each day, etc.
The text was updated successfully, but these errors were encountered: