Expand description
Web Access Control evaluator.
Parses JSON-LD / Turtle ACL documents and evaluates whether a given
agent URI is granted a specific access mode on a resource path.
WAC 2.0 conditions (client / issuer gates) are supported via the
conditions submodule.
Reference: https://solid.github.io/web-access-control-spec/ + https://webacl.org/secure-access-conditions/
Re-exports§
pub use client::ClientConditionBody;pub use client::ClientConditionEvaluator;pub use conditions::validate_acl_document;pub use conditions::validate_for_write;pub use conditions::Condition;pub use conditions::ConditionDispatcher;pub use conditions::ConditionOutcome;pub use conditions::ConditionRegistry;pub use conditions::EmptyDispatcher;pub use conditions::RequestContext;pub use conditions::UnsupportedCondition;pub use document::AclAuthorization;pub use document::AclDocument;pub use document::IdOrIds;pub use document::IdRef;pub use evaluator::evaluate_access;pub use evaluator::evaluate_access_ctx;pub use evaluator::evaluate_access_ctx_with_registry;pub use evaluator::evaluate_access_with_groups;pub use evaluator::GroupMembership;pub use evaluator::StaticGroupMembership;pub use issuer::IssuerConditionBody;pub use issuer::IssuerConditionEvaluator;pub use origin::check_origin;pub use origin::extract_origin_patterns;pub use origin::Origin;pub use origin::OriginDecision;pub use origin::OriginPattern;pub use parser::parse_turtle_acl;pub use parser::parse_turtle_acl_with_limit;pub use resolver::AclResolver;pub use resolver::StorageAclResolver;pub use serializer::serialize_turtle_acl;
Modules§
- client
acl:ClientCondition— gate authorisation on the requesting client.- conditions
- WAC 2.0 conditions framework.
- document
- ACL document AST — JSON-LD deserialisation shape.
- evaluator
- Core WAC evaluation engine.
- issuer
acl:IssuerCondition— gate authorisation on the token issuer.- origin
acl:originvalue objects and enforcement helpers (WAC §4.3 / F4).- parser
- Turtle ACL parser (subset sufficient for WAC documents).
- resolver
- ACL resolver — locates the effective ACL document for a given path.
- serializer
- Turtle serialiser for
AclDocument.
Enums§
- Access
Mode - Access modes defined by WAC.
Constants§
- ALL_
MODES - MAX_
ACL_ BYTES - Maximum byte length of an ACL document body. WAC 2.0 ACLs are flat
declarative documents; 1 MiB is generous and prevents O(n²) parser
blowup. Configurable at parse time via
JSS_MAX_ACL_BYTES. - MAX_
ACL_ JSON_ DEPTH - Maximum JSON-LD nesting depth. Solid ACLs are ≤4 levels deep in
practice; 32 is a generous fail-closed cap against depth bombs.
Configurable via
JSS_MAX_ACL_JSON_DEPTH.
Functions§
- method_
to_ mode - mode_
name - parse_
jsonld_ acl - Parse a JSON-LD ACL body with byte and depth bounds enforced.
- parse_
jsonld_ acl_ with_ limits - Parse a JSON-LD ACL body with caller-supplied byte and depth limits.
- wac_
allow_ header - Build a
WAC-Allowheader value (WAC 1.x — no condition dispatcher). - wac_
allow_ header_ with_ dispatcher - WAC 2.0 — build a
WAC-Allowheader omitting modes whose conditions are unsatisfied in the current request context.