Re: Proposal: Adding acl:paymentRequired predicate for HTTP 402 handling from Frederick Gibson on 2025-07-09 (public-solid@w3.org from July 2025)

From: Frederick Gibson <frederick@graphmetrix.com>
Date: Tue, 08 Jul 2025 20:06:51 -0700
To: "Melvin Carvalho" <melvincarvalho@gmail.com>
Cc: "public-solid" <public-solid@w3.org>
Message-Id: <197ed267b6b.dd4432db99228.5593169574954358015@graphmetrix.com>

I would vote a typed literal to handle the currency






Fred Gibson

Founder & CEO

mobile: 415.335.8232





1255 Treat Blvd, Suite 300
PMB#4611
Walnut Creek, CA  94597

office: 925.940.0741











 
 

 
 ---- On Tue, 08 Jul 2025 01:16:58 -0700  Melvin Carvalho<melvincarvalho@gmail.com> wrote ----


 Hi All,

Short version
=============

I propose we mint a single new predicate in the ACL namespace:

    acl:paymentRequired  

If an `Authorization` statement includes this triple,
a compliant server **MUST** deny access when the requester’s account
balance—in the server’s ledger for that realm—falls below the
literal.  The denial is expressed as an *HTTP 402 Payment Required*
response that also tells the client where and how to top-up.

Why?
====

Many Solid agents run on usage-based quotas
(API tokens, Streaming Chat Interfaces, storage bytes, etc.).
Today servers have no *standard* way to:

* signal “the request was good, but please pay a bit first”, **and**
* tell the client where to send that payment.

Applications therefore cook up ad-hoc headers and status codes,
breaking interoperability.

One predicate plus the already standard HTTP 402 closes that gap.

Proposed vocabulary diff
========================


@prefix acl: [ http://www.w3.org/ns/auth/acl#](http://www.w3.org/ns/auth/acl#)  .
@prefix xsd: [ http://www.w3.org/2001/XMLSchema#](http://www.w3.org/2001/XMLSchema#)  .

acl:paymentRequired
a                rdf:Property ;
rdfs:label       "payment required" ;
rdfs:comment     "Minimum positive balance the agent must hold
before this Authorization is granted.
Decimal, same currency unit the server’s
ledger uses." ;
rdfs:domain      acl:Authorization ;
rdfs:range       xsd:decimal .


Example ACL
-----------


@prefix acl: [ http://www.w3.org/ns/auth/acl#](http://www.w3.org/ns/auth/acl#)  .
@prefix foaf: [ http://xmlns.com/foaf/0.1/](http://xmlns.com/foaf/0.1/)  .

<#paid-read>
a               acl:Authorization ;
acl:accessTo    </data/> ;
acl:mode        acl:Read ;
acl:agentClass  foaf:Agent ;
acl:paymentRequired "0.0005"^^xsd:decimal .



Server behaviour (normative)
============================

* Evaluate the requester’s **current balance** (ledger details are
  implementation-specific).
* If balance < required, respond:



HTTP/1.1 402 Payment Required
Link: https://pay.example/topup  ; rel="payment"
Pay-Balance: "-0.0001"
Pay-Required: "0.0005"


* After the client tops up and retries, normal `2xx` processing
  resumes.

Open questions
==============

1. **Currency unit** —  keep it server-wide (simplest) or add another
   predicate for per-rule currency?
2. **Headers** —  are `Pay-Balance` / `Pay-Required` worth standardising
   or should there be a problem JSON body alone carry the numbers?
3. **Ledger location** —  should the spec normatively reference a
   `webledger.json` (or similar) so clients can fetch balances?

Implementor feedback is very welcome.

Best,
Melvin

Received on Wednesday, 9 July 2025 03:07:04 UTC