Skip to content
Docs

Authorization

Web Access Control (WAC)

We support the full WAC specification, except the WAC-Allow header #837

Access Control Policy

We do not support yet the ACP specification.

Capability URLs

Added in: activitypods@1.5

We implement capability resources which are defined as WAC Authorizations:

{
  "@context": { "acl": "http://www.w3.org/ns/auth/acl#" },
  "@id": "https://myserver.com/capabilities/k3kleict5ks3r4",
  "@type": "acl:Authorization",
  "acl:accessTo": "https://myserver.com/resource/x",
  "acl:mode": "acl:Write"
}

Anyone who know the capability URL can access its corresponding resource like this:

GET /capabilities/k3kleict5ks3r4 HTTP/1.1
Host: myserver.com
Accept: application/ld+json
Authorization: Capability https://myserver.com/capabilities/k3kleict5ks3r4

The capability resource itself is not public, but it can be requested with its own URL in the Authorization header.

We are currently working on an implementation of the ZCAP-LD spec to make capabilities more secure and extensible.