Perpetual Web - ACLs for editors

I just finished watching the amazing @JimCollinson’s YouTube screencast and I was wondering about writing permissions. Example: multiple editors, role hierarchy, etc.

My understanding is that the editors of a website will be defined in the “whitelist” property of the AD that is assigned to the “domain”.

While this can work for many cases, e.g. if you are the sole owner/editor of your website, this won’t work properly in many other cases, especially on medium to large websites.

For example, imagine this forum on the SafeNetwork. Each time a new moderator is added, it will be required to change the meta of each post and asset. This is an insane amount of network resources and time.

And while this is bad for big websites, even small websites will suffer to add or remove members, as even small blogs have typically hundreds to thousands of files (assets, images, css, js), making it necessary to wait for minutes to update all metadata in case you want to add a collaborator or an IT person that will improve or fix something.

Even worse, imagine a staff member holding a grudge? Imagine that a staff member has an argument and it knows is going to be fired and decides to remove everybody’s else access or to mess up with the files. While this can be reverted (as the owner will still have access), it would help a lot if we could define roles and hierarchies in order to have damage control. I really don’t like the idea of giving your temp the same access level to your app as your managers.

And maybe it is just my lack of imagination, but I can’t imagine websites like StackOverflow, Wikipedia or any website that requires role levels on the SafeNetwork unless ACL controls are implemented. I think the only way to have these websites would be to have a central server (owned by the website owner) running a script 24/7 (a central bot) - which is a big no-no.

This topic has been (quickly) discussed before. I have suggested taking a look at Firebase’s rules and proposed a very simple solution with minimal network footprint, @happybeing suggested checking Solid Access Control Lists, @intrz suggested Capability lists, and so on but I don’t think any of this has been advanced.

Now that the project seems to be gaining traction, I hopefully wonder if ACLs are on the radar for Fleming. :slight_smile:


Just to make you aware, we’re not tackling this specific problem from a UX point-of-view right at this very moment, but it will be the subject of future design sprints, probably starting with Yanni’s persona, or possibly for a future milestone.

So, while we have to think about the implications from Laurel’s point of view (e.g. how does some viewing a site understand there are multiple publishers and authors, and navigate that metadata) we will be reserving the design work of managing all that for future sprints. This is just to make things manageable and iterative.