From 3ce2c8b2a997ca27d6b60830ac08d87c3087505f Mon Sep 17 00:00:00 2001
From: Lars Wirzenius <liw@liw.fi>
Date: Sat, 24 Nov 2018 20:55:56 +0200
Subject: Add: expanded description of access control

---
 README | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/README b/README
index 3a9d79e..f470738 100644
--- a/README
+++ b/README
@@ -20,8 +20,12 @@ expected signing key is a key Muck configuration item. I use Qvisqve
 for my OpenID provider, but any provider should work.
 
 Access control is currently very simplistic, but will be improved
-later. The goal is to allow access to be specified per user, per
-resource, and per operation.
+later. Currently each resource is assigned an owner upon creation, and
+each user (subject) can access (see, update, delete) only their own
+resources. The goal is to allow access to be specified per user, per
+resource, and per operation (Tomjon can allow Verence to see a
+specific resource, but not update or delete). This will require the
+OpenID provider to support groups.
 
 Muck is currently a single-threaded Python program using the Bottle.py
 framework and its built-in HTTP server. The production version of Muck
-- 
cgit v1.2.1