Consider adding acl:originGroup #89
Comments
|
Yeah, but aren't we trying to move away from origins as a basis for app identification? |
|
the authorization and access control panel has been exploring the general problem of app permissions, including that the user should be free to choose which apps to use (or not use) to access different classes of resources, that the user can potentially lie to a resource server about what app she's using, that the resource owner classifies her resources, and that the resource server enforces access controls. i have proposed one possible solution to this problem space in that panel where the resource owner assigns "scope tag patterns" (which will probably be URIs but can also use wildcards) to different permission modes for resources, and the user assigns scope tag patterns to her different apps, on a per-resource-origin (including a default) and per-permission-mode basis (read to the end of the Issue for that part). to be determined in this proposal is how the user learns what tag vocabularies are used at an origin in order to manage her app privileges. |
👍 Since we talk about OAuth2 Clients we could generally talk about
On the social layer, users would give access to other users and groups of users (eg. organizations), which requires |
Just a thought, for symmetry with how
acl:agentGroupcan be used as a level of indirection between the ACL doc and the list of actualacl:agentwebid's, maybe it would be powerful to have a similar level of indirection between the ACL doc and the list of actualacl:originapps.The text was updated successfully, but these errors were encountered: