Date: Thu, 28 Mar 2024 14:19:29 -0400 (EDT) Message-ID: <1286105554.28572.1711649969534@lyrasis1-roc-mp1> Subject: Exported From Confluence MIME-Version: 1.0 Content-Type: multipart/related; boundary="----=_Part_28571_2023363807.1711649969534" ------=_Part_28571_2023363807.1711649969534 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Content-Location: file:///C:/exported.html
This page will be used to design a WebAc= cessControl Authorization Delegate.
Link: <acl-uri>; rel=3D=
meta
acl:Control
and acl:Append
modes
acl:include
See this comment below for more information on this remova= l.
Use ACL that directly references target resource, if exists, e= lse
if multiple ACLs apply to a given target resource, the most permissi= ve is used.
Use ACL from configured location that has policy for target re= source class, if exists, else
if multiple ACLs apply to a given class, the most permissive i= s used.
accessToClass statements in ACLs not in the configured location are ignored.
Recursively follow steps 1 and 2 for parent resource that ldp:= contains target resource, if exists, else
Deny access
Use policy that specifies requesting userId, = if exists, else
Use policy that specifies requesting groupId,= if exists, else
Note, if multiple requesting groupIds have policies, use the o= ne that grants the most access.
Deny access
[NOTE: This section has been stricken because it is not germane to the s= pecific effort to develop a WebACL authorization delegate; the authent= ication considerations described below need to be part of the larger config= uration of the ways Fedora and the web server interact, but that is a separ= ate issue.]