Access Requests and Grants#
With access requests and grants:
An agent can request access to Resource(s) hosted on a Pod. This access request includes the specific access level (e.g. read, write, append), the Resource(s) to access, etc.
The owner of the requested Resource(s) (i.e., individuals with Control access to the requested Resource(s)) can approve or deny the access request. The resource owner’s decision is sent as a response.
If the requesting agent receives an access grant, the agent can use the grant to access the Resource(s).
Inrupt Client Library#
Access Requests and Grants
The following Inrupt products are available to support Access Requests and Grants:
solid-client-access-grantslibrary for managing access requests and grants
Inrupt’s Enterprise Solid Server (ESS) provides support for access requests and grants. ESS serializes the access requests and grants as Verifiable Credentials (VCs). To allow the use of Access Grants for a resource, ESS’ ACP supports access policy based on a VC type matcher.
Inrupt’s PodBrowser supports access request management.
Inrupt provides the
@inrupt/solid-client-access-grants library for
managing access requests and grants.
npm install @inrupt/solid-client-access-grants
In the following usage scenario, a user wants to print some photos that are stored in the user’s Pod. The user visits the ExamplePrinter’s web application which provides photo printing services. When the ExamplePrinter’s web application asks for the photos to print, the user enters the URLs of the photos. To continue, the ExamplePrinter’s website asks for access to read the photos.
For example, assume the user
snoringsue with the WebID
https://id.example.com/snoringsue) is on ExamplePrinter’s web
application to print the following photos:
The following diagram gives an overview of the flow (in the example, the access request and grants serialized as VCs)
To make access requests. If access is granted, use the Access Grants to access the resource (such as the ExamplePrinter application in above diagram).
To approve or deny access requests (such as the Access Management application in above diagram).
To use approved Access Grants to access Pod resources (such as the ExamplePrinter application in above diagram).