"any of"@en . "The deny property connects Policies to the Access Modes they deny if satisfied."@en . "Both the acp:resource property and its inverse acp:accessControlResource MUST be taken into account in determining the Access Control Resources controlling access to resources."@en . . . . . . "The allow property connects Policies to the Access Modes they allow if satisfied."@en . . . . "The issuer attribute describes identity providers used to assert the identity of agents requesting resources."@en . . "Public Agent"@en . "vc"@en . . . "Access Mode"@en . "In a Matcher, client attributes using the Public Client named individual MUST match all Contexts."@en . . . . "Public Client"@en . . . . . . . "Access Policy"@en . . . "All Access Controls controlling member resources access via the acp:memberAccessControl property MUST be included in the set of Access Controls linked as acp:accessControl in the effective authorization graph of a resource."@en . . "Access Grant"@en . "Access Control Resource"@en . . . . . . . "creator"@en . "An Access Mode MUST be granted if and only if in the set of Effective Policies controlling access to it: a satisfied policy allows the Access Mode; and, no satisfied policy denies it."@en . . "The any of property connects Policies to a set of Matchers, at least one of which MUST be satisfied for the Policy to be satisfied."@en . "The creator attribute describes creators of requested resources."@en . . . . . "Defined instances of the Always Satisfied Restriction class are used in Matcher restrictions to indicate that the restriction is always satisfied. The default behaviour of a Matcher is to not be satisfied, so this is the only way to make a Matcher always satisfied."@en . "acp" . . . . "apply"@en . . "attribute"@en . "Access Control Policy Language (ACP)"@en . . "target"@en . "agent"@en . "In a Matcher, client attributes define a set of clients, at least one of which MUST match the Context for the Matcher to be satisfied. "@en . "In a Matcher, issuer attributes define a set of issuers, at least one of which MUST match the Context for the Matcher to be satisfied."@en . "The vc attribute describes types of Verifiable Credentials (VC) presented as part of resource access requests."@en . "In a Matcher, vc attributes define a set of types of Verifiable Credentials (VC), at least one of which MUST match the Context for the Matcher to be satisfied. A VC type present in the Context MUST be a valid VC presented as part of the resource access request."@en . "The context property connects Access Grants to the Contexts in which they're given."@en . "grant"@en . "In a Matcher, agent attributes using the Public Agent named individual MUST match all Contexts."@en . "Authenticated Client"@en . "The none of property connects Policies to a set of Matchers, all of which MUST NOT be satisfied for the Policy to be satisfied."@en . "The agent attribute describes agents initiating requests."@en . "Instances of the Context class describe instances of resource access."@en . "The resource property connects ACRs to resources they control. It is the inverse of acp:accessControlResource."@en . . . . "Matcher"@en . "In a Matcher, client attributes using the Authenticated Client named individual MUST match Contexts that contain a client."@en . "none of"@en . "A Matcher MUST be satisfied if and only if: it defines at least one attribute; and, at least one value of each defined attribute matches the Context. ACP engines MUST match the context attributes defined by this specification according to IRI equality and literal term equality."@en . . . . "Instances of the Access Control Resource (ACR) class connect resources to their Access Controls."@en . "access control resource"@en . . . "Instances of the Policy class connect Access Controls to allowed and denied Access Modes as well as sets of Matchers describing instances of resource access."@en . . . . "Instances of the Access Control class connect Access Control Resources to their Policies."@en . "The grant property connects Access Grants to the Access Modes they grant."@en . . . . "2022-05-18"^^ . . . "deny"@en . . . "Instances of the Matcher class are descriptions of matching resource access Contexts."@en . "ACP implementations supporting sub-properties of acp:attribute other than the ones defined by ACP SHOULD also define and implement corresponding matching algorithms."@en . . . "Creator Agent"@en . "Owner Agent"@en . . "context"@en . . "The Access Control Policy Language (ACP) is a language for describing, controlling, and granting access to resources."@en . . . "The target attribute describes requested resources."@en . "The owner attribute describes owners of requested resources."@en . "all of"@en . . . . "resource"@en . . "member access control"@en . "Sub-properties of ACP attribute are used to describe instances of resource access."@en . . . . . . . . . . . . . "Instances of the Access Grant class define sets of Access Modes granted in particular Contexts."@en . . . . "The access control resource property connects resources to ACRs controlling access to them. It is the inverse of acp:resource."@en . "Sub-properties of acp:attribute can be created to fit the specific access control requirements of applications."@en . . "An ACP engine MUST grant exactly those Access Modes allowed by Effective Policies. Effective Policies are the Policies controlling access to a resource. A Policy MUST control access to a resource if: it is applied by an Access Control of an ACR of the resource; or, it is applied by a member Access Control of an ACR of an ancestor of the resource."@en . . . "In a Matcher, agent attributes using the Owner Agent named individual MUST match Contexts where a defined owner matches the defined agent."@en . . "Context"@en . "issuer"@en . "The ACP specification does not define specific Access Modes. Instead, any Access Mode granted is an instance of the Access Mode class. Access Modes and their granularity can be tailored to the needs of an application and Access Modes defined in other vocabularies can also be used (for example, instances of ACL Access)."@en . . "A Policy MUST be satisfied if and only if: it references at least one Matcher via an acp:allOf or acp:anyOf property; and, all of its acp:allOf Matchers are satisfied; and, at least one of its acp:anyOf Matchers is satisfied; and, none of its acp:noneOf Matchers are satisfied."@en . "owner"@en . . . . . "The access control property connects ACRs to Access Controls."@en . "client"@en . . . "Authenticated Agent"@en . . . . . . . "In a Matcher, agent attributes define a set of agents, at least one of which MUST match the Context for the Matcher to be satisfied."@en . . . "access control"@en . . "In a Matcher, agent attributes using the Creator Agent named individual MUST match Contexts where a defined creator matches the defined agent."@en . "In a Matcher, issuer attributes using the Public Issuer named individual MUST match all Contexts."@en . "Public Issuer"@en . . . "Always Satisfied Restriction"@en . "The member access control property transitively connects ACRs of member resources to Access Controls."@en . . "The client attribute describes client applications used to request resources."@en . "http://www.w3.org/ns/solid/acp#"^^ . "allow"@en . . "The all of property connects Policies to a set of Matchers, all of which MUST be satisfied for the Policy to be satisfied."@en . "In a Matcher, agent attributes using the Authenticated Agent named individual MUST match Contexts that contain an agent."@en . . . "In a Matcher, issuer attributes using the Authenticated Issuer named individual MUST match Contexts that contain an issuer."@en . . "Authenticated Issuer"@en . . "Access Control"@en . . "The apply property connects Access Controls to the Policies they apply to resources."@en .