Authorization enforced within F4 must also be enforceable by external services, such as Solr.
As a user from the Registrar office creates an Asset with a loan agreement document, the user assigns a property to the asset indicating that the asset is restricted to the Registrar staff, the user (a member of the Registrar group) should not be locked out of viewing/editing the resource

Proposed Requirements

F4 MUST allow assertions about authorization to be modeled in RDF in accordance with the WebAccessControl specification
F4 MUST be able to enforce authorization based on WebAC when a resource is requested via the REST-API
F4 resources that are open for public read should not challenge the client to authenticate
F4 MUST allow authorization policies to apply to a group of resources
F4 MUST honor the most permissive authorization policy when multiple policies apply to a request

...

Page tree