From 2fb6f6374604e17d4eb996e260b5ed8e7f7a3fb4 Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Tue, 26 Mar 2019 15:17:37 +0200
Subject: Add: ACL requirements

---
 yuck.mdwn | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/yuck.mdwn b/yuck.mdwn
index 08bf0ad..7f46226 100644
--- a/yuck.mdwn
+++ b/yuck.mdwn
@@ -170,6 +170,11 @@ reference in discussions.
   from brute-forcing a password by trying many times.
 * (TEMPLOCKNOTIFY) Yuck MUST notify an account owner of temporary
   locking, out of band.
+* (ACLSIMPLE) It must be easy to understand and reason about ACL
+  rules. It may be good aid this by visualising.
+* (ACLTRY) There must be a way to test ACL rules: if *this* user in
+  *these groups* does *this* operation for *this* resource, is it
+  allowed? This may require additional support from the RP.
 
 
 # Architecture: the ecosystem
-- 
cgit v1.2.1