LinkedDataHub access control is based on the W3C ACL ontology.
\nThere are 4 access modes (classes of operation) that map to HTTP methods:
\n| Mode | \nThose allowed may | \nHTTP method | \n
|---|---|---|
| Read | \nread the contents (including querying it, etc) | \nGET | \n
| Write | \noverwrite the contents (including deleting it, or modifying part of it) | \nPUT, DELETE | \n
| Append | \nadd information to [the end of] it but not remove information | \nPOST | \n
| Control | \nset the Access Control List for this themselves | \n\n |
An agent is a person or a software agent that can be authorized to have certain modes\n of access to certain applications.
\n \nA group is a named group of agents to which an authorization can\n be given. It is a subclass of the foaf:Group\n class.
There are several default groups:
\nOnly agents that belong to the owners group will have access to the administration application.
\n Note that an agent being a member of one of the above groups does not automatically provide it with an\n authorization. A valid authorization for the whole group has to be present.
An authorization explicitly grants access for an agent or a group\n of agents to access a specific end-user application document or a class\n of its documents.
\nAn agent has to be authorized using the Control mode to be\n able to login to the administration application.
\nHere are the default authorizations for groups and their respective access modes:
\n| Group | \nRead access | \nWrite/append access | \nFull control | \n
|---|---|---|---|
| Owners | \nRead | \nWrite | \nControl | \n
| Append | \n|||
| Writers | \nRead | \nWrite | \n\n |
| Append | \n|||
| Readers | \nRead | \n\n | \n |
Public access authorization allows access for non-authenticated agents.
\nIf access is denied due to missing authorization, the agent can ask for it by issuing a request to the application's\n owners. It indicates the request URI and access mode in question.\n The owners can then accept the request by creating an authorization with the provided information\n (possibly extending the requested access to a group of agents or a class of resources),\n or simply ignore it.
\n\n