- From: Sarven Capadisli <info@csarven.ca>
- Date: Wed, 25 Mar 2026 10:08:50 +0100
- To: public-solid@w3.org
- Message-ID: <925c6c0b-ac86-4003-8f96-9d5c4585875f@csarven.ca>
On 2026-03-24 17:50, Melvin Carvalho wrote: > NACK. As a WAC implementer, I will not implement this proposal as part > of WAC 1.1. Thank you for the feedback. The technical points raised are addressed below. > The current design introduces a silent authorization bypass on WAC 1.0 > servers that do not understand the new condition types. A WAC 1.0 server encountering acl:condition evaluates the authorization rule on the basis of access objects, modes, and subjects as it always has. No elevated access is granted by the presence of unrecognised triples alone. See #authorization-conformance . > That is a > security regression The security consideration for condition-unaware servers is explicitly documented. See #consider-condition-legacy . > and violates the principle of fail-closed authorization. Condition evaluation is explicitly fail-closed. Conditions whose types are not signalled are not used in evaluation, and all signalled conditions must be satisfied. See #condition-evaluation . > It changes the > effective security model of WAC in a way that existing deployments > cannot safely interpret. The changes are backwards-compatible. Servers without condition support are unaffected. See #acl-resource-condition-discovery . > If pursued, this must be defined as a separate extension specification > with explicit opt-in and independent implementation experience. The #authorization-extensions section explicitly anticipated extensible conditions of this kind. The proposal realises what was already described there. See #authorization-extensions . -Sarven https://csarven.ca/#i
Received on Wednesday, 25 March 2026 09:08:58 UTC