LinkedDataHub access control is based on the W3C ACL ontology.
There are 4 access modes (classes of operation) that map to HTTP methods:
|Mode||Those allowed may||HTTP method|
|Read||read the contents (including querying it, etc)||
|Write||overwrite the contents (including deleting it, or modifying part of it)||
|Append||add information to [the end of] it but not remove information||
|Control||set the Access Control List for this themselves|
An agent is a person or a software agent that can be authorized to have certain modes of access to certain applications.
There are several default groups:
Only agents that belong to the owners group will have access to the administration application.
Note that an agent being a member of one of the above groups does not automatically provide it with an authorization. A valid authorization for the whole group has to be present.
Here are the default authorizations for groups and their respective access modes:
|Group||Read access||Write/append access||Full control|
Public access authorization allows access for non-authenticated agents.
If access is denied due to missing authorization, the agent can ask for it by issuing a request to the application's owners. It indicates the request URI and access mode in question. The owners can then accept the request by creating an authorization with the provided information (possibly extending the requested access to a group of agents or a class of resources), or simply ignore it.