1 files changed, 21 insertions, 0 deletions

diff --git a/doc/webid-oidc.texi b/doc/webid-oidc.texi
index 60ec866..c1fe781 100644
--- a/doc/webid-oidc.texi
+++ b/doc/webid-oidc.texi
@@ -631,6 +631,20 @@ then update the parent, then unlock the parent, and finally unlock the
 child path.
 @end deffn
 
+The Web Access Control specification defines an RDF vocabulary to
+check whether a given user is allowed to perform some operations. The
+@code{(webid-oidc server resource wac)} helps you do that.
+
+@deffn function wac-get-modes @var{server-name} @var{path} @var{user} @var{[#:http-get]}
+Return the list of modes that are allowed for @var{user} accessing
+@var{path}. The @var{server-name} URI is required to find the relevant
+triples in the ACL. If @var{user} is unauthenticated, pass @code{#f}.
+
+Please note that in any case, the data owner should have all rights
+whatsoever, bypassing WAC. Otherwise, it is possible to steal control
+away from the data owner.
+@end deffn
+
 @node Running a client
 @chapter Running a client
 
@@ -1229,6 +1243,13 @@ There was a request to delete a non-empty container.
 There was a request to create a resource in something that is not a
 container.
 @end deftp
+
+@deftp {exception type} &cannot-fetch-group @var{group-uri} @var{cause}
+The access control could not fetch the group @var{group-uri} (with a
+known @var{cause}). This warning is continuable every time it is
+raised. If the handler returns, then the group will be considered
+empty.
+@end deftp
 @node GNU Free Documentation License
 @appendix GNU Free Documentation License