Clarify case where storage server acts as oauth client (direct access with web browser)

[elf-pavlik]

Described in Accessing NonRDF-Sources directly via browser, in which case storage server itself is being used as oauth client. We may need to specify that when storage server is being used as oauth client, it has unconstrained access to all resources it hosts.

[zenomt]

this is just "log in to this web server with your WebID". for example, this is what happens if you go to

https://zenomt.zenomt.com/testauth/

and then try to load any page that's protected (like check.html).

in my implementation of WAC, every request has an effective origin (even if there's no explicit origin, like with anOrigin header or app ID). in the absence of an explicit Origin for a request authenticated with a cookie, the "same origin" is assumed. there's no implicit permission for the same origin; a resource's ACL MUST grant permission for the same origin for a "local login" to have access to that resource. in my implementation you can say that with acl:origin </>.

[elf-pavlik]

It appears that Solid Protocol will not require support for direct access via a web browser: solid/specification#382

We can reopen this issue if that feature would ever be required.