# Web Access Control (WAC) **Web Access Control (WAC)** is an RDF-based authorization mechanism that defines who can access what resources on a [[Solid]] pod and at what level. It's a core specification of the [[Solid Protocol]]. ## Key Concepts - **ACL (Access Control List)**: A `.acl` resource defines permissions for a target resource - **Modes**: `Read`, `Write`, `Append`, `Control` permissions - **Agent**: Identifies who the rule applies to (specific [[WebID]], group, or public) - **Inheritance**: Container-level ACLs apply to contained resources by default - **RDF-based**: ACLs are expressed as RDF triples for interoperability ## Permission Modes | Mode | Description | |------|-------------| | Read | View resource contents | | Write | Modify or delete resource | | Append | Add new data without modifying existing | | Control | Modify the ACL itself | ## Agent Types - **Specific Agent**: Single user identified by [[WebID]] - **Agent Group**: Group of users defined in an RDF document - **Agent Class**: All authenticated agents or general public - **Origin**: Restrict by web application origin ## Example ACL ```turtle @prefix acl: <http://www.w3.org/ns/auth/acl#> . <#owner> a acl:Authorization ; acl:agent <https://alice.example.com/profile/card#me> ; acl:accessTo <./resource> ; acl:mode acl:Read, acl:Write, acl:Control . <#public> a acl:Authorization ; acl:agentClass acl:AuthenticatedAgent ; acl:accessTo <./resource> ; acl:mode acl:Read . ``` ## Alternative: Access Control Policy (ACP) ACP is a newer authorization specification under development that may eventually supersede WAC for more complex policy needs. WAC remains widely supported. ## Resources - W3C WAC spec: https://solidproject.org/TR/wac - Solid auth specs: https://solidproject.org/TR/protocol#authorization ## References - https://solidproject.org/TR/wac ## Related - [[Solid]] - [[Solid Protocol]] - [[WebID]] - [[Solid OIDC]]