The m-ld Access Control List (m-ld ACL) extension provides authorisation
controls on a m-ld domain using principals and permissions registered in the
domain data.
At present the implemented control is whole-domain read/write authorisation.
This extension requires an AppPrincipal object to be available in the
app, which signs data using
RSASSA-PKCS1-v1_5.
The following pattern should be used for the domain data:
The m-ld Access Control List (m-ld ACL) extension provides authorisation controls on a m-ld domain using principals and permissions registered in the domain data.
At present the implemented control is whole-domain read/write authorisation.
This extension requires an AppPrincipal object to be available in the app, which signs data using RSASSA-PKCS1-v1_5.
The following pattern should be used for the domain data:
domain = { '@id': `http://${domain-name}/`, 'http://m-ld.org/#secret': { '@type': 'http://www.w3.org/2001/XMLSchema#base64Binary', '@value': `${base-64-encoded-AES-key}` } } principal = { '@id': `${principal-iri}`, 'http://m-ld.org/#publicKey': { '@type': 'http://www.w3.org/2001/XMLSchema#base64Binary', '@value': `${base-64-encoded-RSA-public-key-spki}` } }