Access Control Policy Language (ACP)

Classes

Access Control
Access Control Resource
Access Grant
Access Mode
Access Policy
Always Satisfied Restriction
Context
Matcher

Access Control^c back to ToC or Class ToC

IRI: http://www.w3.org/ns/solid/acp#AccessControl

is defined by: http://www.w3.org/ns/solid/acp#

All Access Controls controlling member resources access via the acp:memberAccessControl property MUST be included in the set of Access Controls linked as acp:accessControl in the effective authorization graph of a resource.

is in domain of: apply^op
is in range of: access control^op, member access control^op

Access Control Resource^c back to ToC or Class ToC

IRI: http://www.w3.org/ns/solid/acp#AccessControlResource

is defined by: http://www.w3.org/ns/solid/acp#

Both the acp:resource property and its inverse acp:accessControlResource MUST be taken into account in determining the Access Control Resources controlling access to resources.

is in domain of: access control^op, member access control^op, resource^op
is in range of: access control resource^op

Access Grant^c back to ToC or Class ToC

IRI: http://www.w3.org/ns/solid/acp#AccessGrant

is defined by: http://www.w3.org/ns/solid/acp#

is in domain of: context^op, grant^op

Access Mode^c back to ToC or Class ToC

IRI: http://www.w3.org/ns/solid/acp#AccessMode

is defined by: http://www.w3.org/ns/solid/acp#

is in range of: allow^op, deny^op, grant^op

Access Policy^c back to ToC or Class ToC

IRI: http://www.w3.org/ns/solid/acp#Policy

is defined by: http://www.w3.org/ns/solid/acp#

An ACP engine MUST grant exactly those Access Modes allowed by Effective Policies. Effective Policies are the Policies controlling access to a resource. A Policy MUST control access to a resource if: it is applied by an Access Control of an ACR of the resource; or, it is applied by a member Access Control of an ACR of an ancestor of the resource. An Access Mode MUST be granted if and only if in the set of Effective Policies controlling access to it: a satisfied policy allows the Access Mode; and, no satisfied policy denies it. A Policy MUST be satisfied if and only if: it references at least one Matcher via an acp:allOf or acp:anyOf property; and, all of its acp:allOf Matchers are satisfied; and, at least one of its acp:anyOf Matchers is satisfied; and, none of its acp:noneOf Matchers are satisfied.

is in domain of: all of^op, allow^op, any of^op, deny^op, none of^op
is in range of: apply^op

Always Satisfied Restriction^c back to ToC or Class ToC

IRI: http://www.w3.org/ns/solid/acp#AlwaysSatisfiedRestriction

is defined by: http://www.w3.org/ns/solid/acp#

has members: Public Agentⁿⁱ, Public Clientⁿⁱ, Public Issuerⁿⁱ

Context^c back to ToC or Class ToC

IRI: http://www.w3.org/ns/solid/acp#Context

is defined by: http://www.w3.org/ns/solid/acp#

is in domain of: attribute
is in range of: context^op

Matcher^c back to ToC or Class ToC

IRI: http://www.w3.org/ns/solid/acp#Matcher

is defined by: http://www.w3.org/ns/solid/acp#

A Matcher MUST be satisfied if and only if: it defines at least one attribute; and, at least one value of each defined attribute matches the Context. ACP engines MUST match the context attributes defined by this specification according to IRI equality and literal term equality. ACP implementations supporting sub-properties of acp:attribute other than the ones defined by ACP SHOULD also define and implement corresponding matching algorithms.

is in range of: all of^op, any of^op, none of^op

access control^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#accessControl

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Control Resource^c
has range: Access Control^c

access control resource^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#accessControlResource

is defined by: http://www.w3.org/ns/solid/acp#

has range: Access Control Resource^c
is inverse of: resource^op

all of^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#allOf

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Policy^c
has range: Matcher^c

allow^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#allow

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Policy^c
has range: Access Mode^c

any of^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#anyOf

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Policy^c
has range: Matcher^c

apply^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#apply

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Control^c
has range: Access Policy^c

context^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#context

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Grant^c
has range: Context^c

deny^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#deny

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Policy^c
has range: Access Mode^c

grant^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#grant

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Grant^c
has range: Access Mode^c

member access control^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#memberAccessControl

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Control Resource^c
has range: Access Control^c

none of^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#noneOf

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Policy^c
has range: Matcher^c

resource^op back to ToC or Object Property ToC

IRI: http://www.w3.org/ns/solid/acp#resource

is defined by: http://www.w3.org/ns/solid/acp#

has domain: Access Control Resource^c
is inverse of: access control resource^op

Named Individuals

Authenticated Agent
Creator Agent
Owner Agent
Public Agent
Public Client
Public Issuer

Authenticated Agentⁿⁱ back to ToC or Named Individual ToC

IRI: http://www.w3.org/ns/solid/acp#AuthenticatedAgent

is defined by: http://www.w3.org/ns/solid/acp#

Creator Agentⁿⁱ back to ToC or Named Individual ToC

IRI: http://www.w3.org/ns/solid/acp#CreatorAgent

is defined by: http://www.w3.org/ns/solid/acp#

Owner Agentⁿⁱ back to ToC or Named Individual ToC

IRI: http://www.w3.org/ns/solid/acp#OwnerAgent

is defined by: http://www.w3.org/ns/solid/acp#

Public Agentⁿⁱ back to ToC or Named Individual ToC

IRI: http://www.w3.org/ns/solid/acp#PublicAgent

is defined by: http://www.w3.org/ns/solid/acp#

belongs to: Always Satisfied Restriction^c

Public Clientⁿⁱ back to ToC or Named Individual ToC

IRI: http://www.w3.org/ns/solid/acp#PublicClient

is defined by: http://www.w3.org/ns/solid/acp#

belongs to: Always Satisfied Restriction^c

Public Issuerⁿⁱ back to ToC or Named Individual ToC

IRI: http://www.w3.org/ns/solid/acp#PublicIssuer

is defined by: http://www.w3.org/ns/solid/acp#

belongs to: Always Satisfied Restriction^c

Annotation Properties

agent
attribute
cites as authority
client
creator
description
issuer
mode
owner
target
vc

agent^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#agent

is defined by: http://www.w3.org/ns/solid/acp#

In a Matcher, agent attributes define a set of agents, at least one of which MUST match the Context for the Matcher to be satisfied.

has super-properties: attribute^ap

attribute^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#attribute

is defined by: http://www.w3.org/ns/solid/acp#

Sub-properties of acp:attribute can be created to fit the specific access control requirements of applications.

has sub-properties: agent^ap, client^ap, creator^ap, issuer^ap, mode^ap, owner^ap, target^ap, vc^ap
has domain: Context^c

cites as authority^ap back to ToC or Annotation Property ToC

IRI: http://purl.org/spar/cito/citesAsAuthority

client^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#client

is defined by: http://www.w3.org/ns/solid/acp#

In a Matcher, client attributes define a set of clients, at least one of which MUST match the Context for the Matcher to be satisfied.

has super-properties: attribute^ap

creator^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#creator

is defined by: http://www.w3.org/ns/solid/acp#

has super-properties: attribute^ap

description^ap back to ToC or Annotation Property ToC

IRI: http://purl.org/dc/terms/description

issuer^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#issuer

is defined by: http://www.w3.org/ns/solid/acp#

In a Matcher, issuer attributes define a set of issuers, at least one of which MUST match the Context for the Matcher to be satisfied.

has super-properties: attribute^ap

mode^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#mode

is defined by: http://www.w3.org/ns/solid/acp#

has super-properties: attribute^ap

owner^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#owner

is defined by: http://www.w3.org/ns/solid/acp#

has super-properties: attribute^ap

target^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#target

is defined by: http://www.w3.org/ns/solid/acp#

has super-properties: attribute^ap

vc^ap back to ToC or Annotation Property ToC

IRI: http://www.w3.org/ns/solid/acp#vc

is defined by: http://www.w3.org/ns/solid/acp#

In a Matcher, vc attributes define a set of types of Verifiable Credentials (VC), at least one of which MUST match the Context for the Matcher to be satisfied. A VC type present in the Context MUST be a valid VC presented as part of the resource access request.

has super-properties: attribute^ap

This HTML document was obtained by processing the OWL ontology source code through LODE, Live OWL Documentation Environment, developed by Silvio Peroni .

Access Control Policy Language (ACP)

Table of Content

Classes

Access Controlc back to ToC or Class ToC

Access Control Resourcec back to ToC or Class ToC

Access Grantc back to ToC or Class ToC

Access Modec back to ToC or Class ToC

Access Policyc back to ToC or Class ToC

Always Satisfied Restrictionc back to ToC or Class ToC

Contextc back to ToC or Class ToC

Matcherc back to ToC or Class ToC

Object Properties

access controlop back to ToC or Object Property ToC

access control resourceop back to ToC or Object Property ToC

all ofop back to ToC or Object Property ToC

allowop back to ToC or Object Property ToC

any ofop back to ToC or Object Property ToC

applyop back to ToC or Object Property ToC

contextop back to ToC or Object Property ToC

denyop back to ToC or Object Property ToC

grantop back to ToC or Object Property ToC

member access controlop back to ToC or Object Property ToC

none ofop back to ToC or Object Property ToC

resourceop back to ToC or Object Property ToC

Named Individuals

Authenticated Agentni back to ToC or Named Individual ToC

Creator Agentni back to ToC or Named Individual ToC

Owner Agentni back to ToC or Named Individual ToC

Public Agentni back to ToC or Named Individual ToC

Public Clientni back to ToC or Named Individual ToC

Public Issuerni back to ToC or Named Individual ToC