Append mode creation of resource should work as well with PUT

[timbl]

The text about mapping access modes to HTTP methods

In "NOTE: HTTP Method and Access Mode Mapping" in
https://solid.github.io/web-access-control-spec/#reading-writing-resources
says

The HTTP POST can be used to create a new resource in a container or add information to existing resources (but not remove resources or its contents) with either acl:Append or acl:Write.

As the HTTP PUT method requests to create or replace the resource state, the acl:Write access mode would be required.

It should say

The HTTP POST can be used to create a new resource in a container or add information to existing resources (but not remove resources or its contents) with either acl:Append or acl:Write.

As the HTTP PUT method requests to create or replace the resource state, the acl:Write access mode is required to replace an existing resource, but to create a new resource, access to the container can be either acl:Append or acl:Write.

This is because it is essential that the semantics of the mode of access are about what the agent can do with the resource, independent of which HTTP method (or other protocol for that matter) they happen to be using.

(As we have already ensured for PATCH, for example.)

[csarven]

Thanks. That's useful for the Note. PR #123 (using the text as suggested in this issue) is a solution to resolve this issue.

[damooo]

This is because it is essential that the semantics of the mode of access are about what the agent can do with the resource, independent of which HTTP method (or other protocol for that matter) they happen to be using.

That's great. It also helps implementations for much robust architecture. For eg, Manas has an abstraction called Repo, that provides services to perform authorized operations on resources. They can be used independently, or from http method handlers.

[csarven]

I agree but once again, this has been the case all along. It is precisely why the there is a "mapping" Note. Moreover in https://solid.github.io/web-access-control-spec/#http-interactions :

Clients who want to perform read-write operations on ACL resources with respect to Authorizations which are stored on a server can do so within the framework of HTTP. This specification does not describe the HTTP interaction to read-write resources. It is assumed that servers have a mapping to handle HTTP requests and the required Authorizations to grant operations on resources. Implementations are strongly encouraged to use existing approaches that provide an extension of the rules of Linked Data, e.g., [SOLID-PROTOCOL], [LDP], [ACTIVITYPUB].