# Glossary

For questions around the concepts and terminology specific to Solid, refer to <https://solidproject.org/faqs> .

### Access Control List

An Access Control List (ACL) is a [Resource](#resource) that controls users’ level of access ( **`{ read: <boolean>, append: <boolean>, write: <boolean>, control: <boolean> }`** ) to a Resource. For example, it can list rules like “ **`https://jcaesar.solid.community/profile/card#me`** can read this Resource”, and “ **`https://cleopatra.solid.community/profile/card#me`** can read this Resource and its children”.

### Access Control Policies

One of the access control mechanisms that can be used with Solid. See [acp](https://docs.inrupt.com/security/authorization/acp "mention").

### Access Control Resource

Each Pod resource has an associated Access Control Resource (ACR) that contains the policies that determine access to the Pod resource.

![Each Pod resource (Container, RDF resource, non-RDF resource) has an associated Access Control Resource (ACR). ACRs are hosted on the Authorization server.](https://2584838151-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FLMLxFYifBOpjrf8rQMX1%2Fuploads%2Fgit-blob-a017ba72b213602f7f34ae9590bd71b5cdddb918%2FACR.svg?alt=media)

The lifecycle of the ACR is bound to the lifecycle of the Pod resource; that is:

* When creating a resource, ESS creates a corresponding ACR.
* When deleting a resource, ESS deletes the corresponding ACR.

If a resource has no Policies that apply to it, the resource is inaccessible. However, the Pod owner can add new policies to provide access to the resource.

### Access Grant

A signed credential that can be used to access Resources stored in a Pod. See [access-requests-grants](https://docs.inrupt.com/security/authorization/access-requests-grants "mention") for more information.

### Access Request

A signed request that is requesting access to one or more Resources stored in a Pod. See [access-requests-grants](https://docs.inrupt.com/security/authorization/access-requests-grants "mention") for more information.

### Agent

A user. Agent typically refers to a person but could also refer to an organization, a bot, etc. An Agent is identified by a WebID.

### Access Modes

The types of access that have been granted: [Read Access](#read-access) , [Append Access](#append-access), [Write Access](#write-access).

### Access Management Application

A trusted application for managing access to data in a Pod. The application allows the user to respond to Access Requests, view granted access and revoke access. Inrupt provides a reference component that demonstrates the features and UX of an access management application. See [amc](https://docs.inrupt.com/security/authorization/access-requests-grants/amc "mention") for details.

### Append Access

Access to add data to the applicable Resource.

### Client

An application; also referred to as client application. Can be Web-based, server-based, CLI tools, etc.

### Client Identifier

A URI/[IRI](#iri) that uniquely identifies a client application. For Solid, the Client Identifier dereferences to a **`application/ld+json`** document.

For information on WebID-based authentication for client applications, see [the-client-id-document](https://docs.inrupt.com/guides/identity-in-solid/the-client-id-document "mention").

### Control Access

Access to view and manage who has access to the applicable Resource.

Applicable to the [ACL](#access-control-list) authorization system.

### Container

A special type of Resource that can contain other Containers as well as RDF Resources (SolidDatasets) or Non-RDF Resources. Technically, a Container is itself a SolidDataset.

A Container is analogous to a folder on your file system.

For example, given a Resource at **`https://cleopatra.solid.community/profile/card`** , both **`https://cleopatra.solid.community/profile/`** and **`https://cleopatra.solid.community/`** are Containers.

The URL for a Container ends with a slash `/` .

For more information, see[structured-data-rdf-resources](https://docs.inrupt.com/reference/rdf/structured-data-rdf-resources "mention").

### Default access

Rules defining [Access Modes](#access-modes) that apply not to the [Container](#Container) Resource directly, but are inherited by its children, their children if applicable, and so forth.

### Enterprise Solid Server (ESS)

Inrupt offers an enterprise-grade, production ready Solid Pod server called the Enterprise Solid Server. ESS' microservices architecture enables simple scaling, high performance, and support for highly available deployment configurations. ESS is part of Inrupt's Wallet Infrastructure.

### Extended Profile

An [RDF Resource](#RDF-Resource) , stored in an [Agent’s](#Agent) Pod, that contains data about the Agent. The extended profile is complementary to the [WebID Profile](#WebID-Profile) .

Unlike a [WebID Profile](#WebID-Profile) which, by definition, is publicly readable, an extended profile may or may not be publicly accessible (for reads or writes) based on the Agent’s discretion. That is, the Agent can specify access to the extended profile like any other resource in the Agent’s Pod.

For more information, see <https://solid.github.io/webid-profile/#extended-profile-documents> .

### Fallback ACL

If a [Resource](#Resource) does not have an explicit [Resource ACL](#Resource-ACL) of its own, the Fallback ACL is the [ACL](#ACL) of the [Container](#Container) closest to that Resource that does have its own explicit Resource ACL. Only the [Default access](#Default-access) rules in the Fallback ACL apply.

### IRI

Internationalized Resource Identifier. An IRI is similar to standard web URI but allows for internationalized characters such as the umlaut `Ä` , or the Greek letter `Δ` . See also [IRI Wikipedia page](https://en.wikipedia.org/wiki/Internationalized_Resource_Identifier).

IRI is similar to [URI](#uri) but uses a Universal Coded Character Set, whereas URI is limited to US-ASCII character set.

In the documentation, these terms are used interchangeably.

### ISO-8601

A global standard for representing time values.

### Mutual TLS

A method for mutual authentication in network connections, involving the presentation and verification of digital certificates.

### Non-RDF Resource

Any non-RDF binary or text file, such as **`.pdf`** , **`.jpeg`** , etc.

### Pod

Storage location for personal data. Users manage the access to data stored in their Pods.

### Resource

The data sent to you when you type a URL into a web browser. A resource can be an [RDF Resource](#RDF-Resource) or a [Non-RDF Resource](#Non-RDF-Resource).

### Resource Owner

One or more [agents](#agent) with [control access](#control-access) to resources in a [Pod](#pod).

### Resource ACL

The [ACL](#ACL) that applies to a given [Resource](#Resource). If none exists, the [Fallback ACL](#Fallback-ACL) applies.

### Read Access

Access to view the contents of the applicable [Resource](#Resource) .

### RDF Resource

A [Resource Description Framework (RDF)](https://www.w3.org/TR/rdf11-concepts/) document whose contents consists of statements that describe a some subject by its relationships and have the following form:

```turtle
<subject> <predicate> <object> .
```

For more information, see [rdf](https://docs.inrupt.com/reference/rdf "mention").

### SolidDataset

Representation of [RDF Resource](#RDF-Resource) as a set of [Things](#Thing) . For more information, see [structured-data-rdf-resources](https://docs.inrupt.com/reference/rdf/structured-data-rdf-resources "mention").

### Thing

A data entity, e.g., a person. A **`Thing`** is associated with a set of data or properties about the Thing, e.g., **`name`** , **`date of birth`** , **`address`** , etc.

A Thing is saved as part of a [SolidDataset](#SolidDataset) , where a `SolidDataset` is a set of `Things` . For more information, see [structured-data-rdf-resources](https://docs.inrupt.com/reference/rdf/structured-data-rdf-resources "mention").

### Turtle

An **extension of N-Triples**. In addition to the basic N-Triples syntax, Turtle introduces a number of syntactic shortcuts, such as support for namespace prefixes, lists and shorthands for datatyped literals. Turtle provides a trade-off between ease of writing, ease of parsing and readability. ([Source](https://www.w3.org/TR/rdf11-primer/#section-turtle))

### URI

Uniform Resource Identifier is the official name for those things you see on the Web that begin **`http:`** or **`mailto`**. For example, <http://www.w3.org/> is the URI for the home page of the World Wide Web consortium.

[IRI](#iri) is similar to URI but uses a Universal Coded Character Set, whereas URI is limited to US-ASCII character set.

In the documentation, these terms are used interchangeably.

### Verifiable Credential

Set of claims (i.e., the credential) that can be verified.

See <https://www.w3.org/TR/vc-data-model/#credentials>.

### Verifiable Presentation

Wrapper around one or more [Verifiable Credentials](#verifiable-credential).

Verifiable Presentation can also contains a subset of data from Verifiable Credentials or data synthesized from Verifiable Credentials.

See <https://www.w3.org/TR/vc-data-model/#presentations>.

### Web Access Control

One of the access control mechanisms that can be used with Solid, based on [Access Control Lists](#ACL) . See [Manage Access to Data (WAC)](https://docs.inrupt.com/security/authorization#note) .

### Wallet Storage

The storage mechanism of personal data for a wallet. Inrupt's system uses [Pods](#pods) for storage.

### WebID

A [URI](#uri)/[IRI](#iri) that uniquely identifies an [Agent](#Agent). The [Resource](#Resource) found at the [WebID](#WebID) can provide more information about the Agent.

For more information on WebID URL, see <https://www.w3.org/2005/Incubator/webid/spec/identity/#dfn-webid>.

### WebID Profile

The [RDF Resource](#rdf-resource) obtained when dereferencing the [WebID](#webid) . The WebID Profile may be stored separately from the Agent’s Pod.

For more information, see <https://solid.github.io/webid-profile/>.

### Write Access

Access to add (i.e. [append](#Append-Access)), update, and delete contents of [Resource](#Resource) . Granting Write access automatically grants [Append Access](#Append-Access) .

### Source Container

A Solid [Container](#Container) containing resources that serve as the data source for [View Resources](#view-resource) in a `VIEW_CONTAINER` type [View Binding](#view-binding).

### Source Resource

A Solid [Resource](#Resource) containing the original, unfiltered data that is filtered to create a [View Resource](#view-resource) through a [View Binding](#view-binding).

### View Binding

A configuration that connects a [View Definition](#view-definition) to [Source Resources](#source-resource) and specifies where the filtered [View Resources](#view-resource) are created. Can be type `VIEW_RESOURCE` (single resource) or `VIEW_CONTAINER` (all resources in a container).

### View Container

A Solid [Container](#Container) that holds [View Resources](#view-resource) created from a [Source Container](#source-container) through a `VIEW_CONTAINER` type [View Binding](#view-binding). View Resources maintain the same relative path structure as their Source Resources.

### View Definition

A reusable GraphQL-based configuration stored in the Data Views registry that defines how to filter JSON data. Consists of a GraphQL schema, query, and metadata (name, description, purpose).

### View Resource

A read-only Solid [Resource](#Resource) containing filtered JSON data from a [Source Resource](#source-resource), created by applying a [View Definition](#view-definition) through a [View Binding](#view-binding). View Resources automatically update when their source data changes.