Circles as full-featured ACLs

[tiller-tolbus]

A circle should be able to handle all of the general cases of access control over a resource, so that a resource can pull in a single %circle dependency and have all of the information it needs to approve or reject a request or command.

Here is a design that could work:

A circle denotes a set of exceptions to an established access level and rule. For example, a feed application knows that it is pulling in a circle dependency to determine who is able to read from (subscribe to) the feed. The circle only informs the application of membership.

|%
::  assumed quantities 
+$  rule  ?(%public %private)
+$  level ?(%read %write)

::  circle-specific
+$  circle  (set exception)
+$  exception
  $%
    %ship  (set ship)
    %moon  (set ship)  ::  ship and all moons of ship
    %sein  (set ship)  :: ship and all sponsored by ship
    %rank  rank
  ==
--

This design probably sucks and could be refined. The way Clay does access control is interesting and could be copied, but we want to be able to discriminate on the basis of moon, sein, and rank as well.

[hanfel-dovned]

After discussing this, we determined that this should likely be built into Shrubbery core.

[tiller-tolbus]

@hanfel-dovned did Liam confirm this is on the roadmap?

[tiller-tolbus]

Re-opening and awaiting confirmation on core roadmap

[hanfel-dovned]

We should indeed do this in userspace. I'll come up with a design for it and then likely assign production to ~bonbud-macryg.