- From: Martynas Jusevičius <martynas@atomgraph.com>
- Date: Tue, 17 Sep 2019 10:40:17 +0200
- To: Mikael Pesonen <mikael.pesonen@lingsoft.fi>
- Cc: public-declarative-apps@w3.org
Thanks Mikael,
the example makes it clearer.
So the URI template for all persons (and I guess all resources in
general?) is "/{uuid}", if we take https://resource.lingsoft.fi as the
base URI. Which means that you could not match two different LDT
templates for different types of persons.
Then my suggestion with using a single template with a query that
references the ACL graph still stands. Let me know if you need help
setting it up in Processor.
Martynas
On Mon, Sep 16, 2019 at 11:27 AM Mikael Pesonen
<mikael.pesonen@lingsoft.fi> wrote:
>
>
> Here is a sample data:
>
> <https://resource.lingsoft.fi/286c384d-cd5c-4887-9b85-94c0c147f709>
> a foaf:Person ;
> vcard:family-name "Pesonen" ;
> vcard:fn "Mikael Pesonen" ;
> vcard:given-name "Mikael" ;
> vcard:hasEmail
> <https://resource.lingsoft.fi/cf9b02b7-bd0d-486e-b0d9-da1464e27d2e> ,
> <https://resource.lingsoft.fi/5c04aa23-6c42-44a1-9ac9-69ee255ac170> ;
> vcard:hasGender vcard:Male ;
> vcard:hasInstantMessage
> <https://resource.lingsoft.fi/4aa01d37-744c-4964-a794-d997aa376584> ;
> vcard:hasPhoto
> <https://resource.lingsoft.fi/8f4a4ddd-43c2-4e27-8ed7-996dd00e939c> ;
> vcard:hasTelephone
> <https://resource.lingsoft.fi/3755ed0c-81b7-430e-92a0-16fc80ba41b4> ;
> org:basedAt
> <https://resource.lingsoft.fi/b48a0820-6921-43fc-a346-e72397265bbe> ;
> org:memberOf
> <https://resource.lingsoft.fi/810dfbff-e6fb-458a-b27d-3726a27e5109> ;
> foaf:account
> <https://resource.lingsoft.fi/2f0aa772-f845-4f43-b607-dc65ff66b9aa> ;
> <https://resource.lingsoft.fi/cf9b02b7-bd0d-486e-b0d9-da1464e27d2e>
> a vcard:Email , vcard:Work ;
> rdfs:label "***@lingsoft.fi" ;
> vcard:hasValue <mailto:***@lingsoft.fi> .
>
>
> So most of the person's values are resources and every resource has id
> of type https://resource.lingsoft.fi/<UUID>.
>
>
> Mikael
>
>
> On 15/09/2019 01:02, Martynas Jusevičius wrote:
> > I meant the first and the ACL examples as alternatives, but yes you
> > can combine the approaches as well. Again, depends mostly on your URIs
> > - and are able to change their pattern?
> >
> > I think it would help if you could show some RDF data that represents
> > your case (does not have to be the actual person data :)) Either paste
> > inline or as a Gist if it's larger.
> >
> > Re. ACL, we use a filter in our LinkedDataHub platform that checks ACL
> > access before the actual LDT request is invoked. And if query results
> > need to depend on the access level, we reference the ACL dataset as I
> > showed in the example.
> >
> > Martynas
> >
> > On Fri, Sep 13, 2019 at 3:55 PM Mikael Pesonen
> > <mikael.pesonen@lingsoft.fi> wrote:
> >>
> >> Looking at your first example, looks like that and this acl version work
> >> both?
> >>
> >> So as with your first example:
> >>
> >> /person/basic_access/{id}
> >> --
> >>
> >> :BasicPersonAccessItem a ldt:Template ;
> >> ldt:match "/person/basic_access/{id}" ;
> >> ldt:query :ConstructBasicPerson ;
> >>
> >> ----
> >> /person/admin_access/{id}
> >> --
> >> :AdminPersonAccessItem a ldt:Template ;
> >> ldt:match "/person/admin_access/{id}" ;
> >> ldt:query :ConstructFullPerson ;
> >>
> >>
> >>
> >> And this acl example
> >>
> >> /person/{agent}/{id}
> >> --
> >> :PersonAccessItem a ldt:Template ;
> >> ldt:match "/person/{agent}/{id}" ;
> >> ldt:query :ConstructPerson ;
> >> ...
> >>
> >>
> >> ACL example sure is more refined since you can define the access levels
> >> in the ACL data.
> >>
> >>
> >> On 13/09/2019 16:25, Martynas Jusevičius wrote:
> >>> Well if you only have one kind of person resources with a single URI
> >>> pattern, then you cannot select (match) different LDT templates.
> >>> That is because an LDT template maps one URI pattern to one SPARQL
> >>> command. The matching process is not looking into the SPARQL query
> >>> results at all, only at the request URI and the application's LDT
> >>> ontology.
> >>>
> >>> I think you can solve this with a single query though. What we do is
> >>> provide the URI of the requesting agent as a query binding, e.g.
> >>> ?agent variable. Something like
> >>>
> >>> :ConstructPerson a sp:Construct ;
> >>> sp:text """
> >>> PREFIX foaf: <http://xmlns.com/foaf/0.1/>
> >>> PREFIX acl: <http://www.w3.org/ns/auth/acl#>
> >>>
> >>> CONSTRUCT
> >>> {
> >>> ?this a foaf:Person .
> >>> ?this foaf:name ?name .
> >>> ?this ?p ?o .
> >>> }
> >>> WHERE
> >>> { { ?this a foaf:Person ;
> >>> foaf:name ?name
> >>> }
> >>> UNION
> >>> { GRAPH <acl>
> >>> { ?auth acl:accessTo ?this ;
> >>> acl:agent ?agent .
> >>> }
> >>> ?this ?p ?o
> >>> }
> >>> }
> >>> """ ;
> >>> rdfs:isDefinedBy : .
> >>>
> >>> The idea is that the person query always returns "basic" properties,
> >>> and adds all properties *only* if the agent ?agent has an
> >>> authorization to access the requested resource ?this.
> >>> This approach requires that the query has access to the ACL data,
> >>> which I have indicated here as GRAPH <acl>. The actual pattern for
> >>> authorization check will probably be more complex of course.
> >>> It also requires that the authentication mechanism can provide the URI
> >>> of the agent.
> >>>
> >>> I hope I got what you meant :)
> >>>
> >>> On Fri, Sep 13, 2019 at 2:58 PM Mikael Pesonen
> >>> <mikael.pesonen@lingsoft.fi> wrote:
> >>>> Ah, I might have explained our case bit vaguely. So I just meant that we
> >>>> have in RDF data one kind of person resources, and
> >>>> depending on the access rights in the application, you are allowed to
> >>>> see different portions of that person's data.
> >>>> Basic user sees only the name, for example, and admin user is allowed to
> >>>> see all data. This is handled by selecting different template for basic
> >>>> user and admin, right?
> >>>>
> >>>>
> >>>>
> >>>> On 13/09/2019 15:52, Martynas Jusevičius wrote:
> >>>>> Mikael,
> >>>>>
> >>>>> this is related to hierarchical URIs:
> >>>>> http://patterns.dataincubator.org/book/hierarchical-uris.html
> >>>>>
> >>>>> In your case, the question is how you have organized the
> >>>>> collections/items of basic and admin persons in your dataset.
> >>>>>
> >>>>> One option is that both "basic persons" and "admin persons" belong to
> >>>>> the same collection and have a single URI pattern: /persons/{id}
> >>>>> In this case you cannot tell if resource /persons/12345 is a "basic
> >>>>> person" or "admin person" just from its URI. You need to dereference
> >>>>> it and the look into RDF types and properties.
> >>>>>
> >>>>> Another option is that you treat them as belonging to separate
> >>>>> collections, for example: /persons/{id} and /admins/{id}
> >>>>> In this case you can easily tell if a resource is a "basic person" or
> >>>>> an "admin person" already from its URIs.
> >>>>>
> >>>>> Linked Data Templates are best suited for this second case, where URI
> >>>>> space is subdivided into hierarchies based on entity types. That makes
> >>>>> it easy to define URI templates that match precisely the set of
> >>>>> resources that you want.
> >>>>>
> >>>>> Does it make it clearer?
> >>>>>
> >>>>> On Fri, Sep 13, 2019 at 2:08 PM Mikael Pesonen
> >>>>> <mikael.pesonen@lingsoft.fi> wrote:
> >>>>>> Hi Martynas,
> >>>>>>
> >>>>>> thank you for the examples, GET seems clear now.
> >>>>>>
> >>>>>> Good point about the person / document. We probably end up with three
> >>>>>> kind of resources: actual object, admin record (who last modified etc),
> >>>>>> and web page or another document about the object.
> >>>>>>
> >>>>>> Just one question: what did you mean by
> >>>>>>
> >>>>>> "If you cannot distinguish "basic person" from "admin person" by their
> >>>>>> URIs"?
> >>>>>>
> >>>>>>
> >>>>>> We are not quite there yet with updates, so we might have questions
> >>>>>> later about those.
> >>>>>>
> >>>>>> Br,
> >>>>>> Mikael
> >>>>>>
> >>>>>> On 11/09/2019 18:45, Martynas Jusevičius wrote:
> >>>>>>> Hi Mikael,
> >>>>>>>
> >>>>>>> thanks for reaching out.
> >>>>>>>
> >>>>>>> There is more information on LDT in the AtomGraph Processor wiki, more
> >>>>>>> specifically: https://github.com/AtomGraph/Processor/wiki/Linked-Data-Templates
> >>>>>>>
> >>>>>>> The matching is based on URIs: relative request URI is being matched
> >>>>>>> against the ldt:match values of templates in the ontology.
> >>>>>>>
> >>>>>>> Then, from the matching template (if there is any), the SPARQL command
> >>>>>>> is retrieved using either ldt:query or ldt:update (depending on the
> >>>>>>> HTTP request method).
> >>>>>>>
> >>>>>>> To address your example, templates and queries could look like this:
> >>>>>>>
> >>>>>>> :BasicPersonItem a ldt:Template ;
> >>>>>>> ldt:match "/person/basic/{id}" ;
> >>>>>>> ldt:query :ConstructBasicPerson ;
> >>>>>>> rdfs:isDefinedBy : .
> >>>>>>>
> >>>>>>> :ConstructBasicPerson a sp:Construct ;
> >>>>>>> sp:text """
> >>>>>>> PREFIX foaf: <http://xmlns.com/foaf/0.1/>
> >>>>>>>
> >>>>>>> CONSTRUCT
> >>>>>>> {
> >>>>>>> ?this a foaf:Person ;
> >>>>>>> foaf:name ?name .
> >>>>>>> }
> >>>>>>> {
> >>>>>>> ?this a foaf:Person ;
> >>>>>>> foaf:name ?name .
> >>>>>>> }
> >>>>>>> """ ;
> >>>>>>> rdfs:isDefinedBy : .
> >>>>>>>
> >>>>>>> :AdminPersonItem a ldt:Template ;
> >>>>>>> ldt:match "/person/admin/{id}" ;
> >>>>>>> ldt:query :ConstructAdminPerson ;
> >>>>>>> rdfs:isDefinedBy : .
> >>>>>>>
> >>>>>>> :ConstructAdminPerson a sp:Construct ;
> >>>>>>> sp:text """
> >>>>>>> CONSTRUCT WHERE
> >>>>>>> {
> >>>>>>> ?this ?p ?o
> >>>>>>> }
> >>>>>>> """ ;
> >>>>>>> rdfs:isDefinedBy : .
> >>>>>>>
> >>>>>>> "Basic person" query retrieves only name and type, "admin person"
> >>>>>>> query retrieves all properties.
> >>>>>>> This example requires that basic and admin person resources can be
> >>>>>>> differentiated by their URIs, i.e. "/person/basic/{id}" vs
> >>>>>>> "/person/admin/{id}".
> >>>>>>>
> >>>>>>> It also assumes that persons are documents (since they can be
> >>>>>>> dereferenced over HTTP), which is not kosher re. httpRange-14 [1]. A
> >>>>>>> better solution would have separate resources for persons e.g. using
> >>>>>>> hash URIs such as #this) and explicitly connect them to documents
> >>>>>>> using an RDF property. We use foaf:primaryTopic/foaf:isPrimaryTopicOf.
> >>>>>>> But this is a whole topic on its own.
> >>>>>>>
> >>>>>>> If you cannot distinguish "basic person" from "admin person" by their
> >>>>>>> URIs, you could also have a template that matches both and maps to a
> >>>>>>> single query. The question is then whether you can differentiate which
> >>>>>>> properties to return using a single query.
> >>>>>>>
> >>>>>>> Does this help?
> >>>>>>>
> >>>>>>>
> >>>>>>> [1] https://www.w3.org/2001/tag/group/track/issues/14
> >>>>>>>
> >>>>>>> Martynas
> >>>>>>> atomgraph.com
> >>>>>>>
> >>>>>>> On Wed, Sep 11, 2019 at 11:21 AM Mikael Pesonen
> >>>>>>> <mikael.pesonen@lingsoft.fi> wrote:
> >>>>>>>> Hi Martynas,
> >>>>>>>>
> >>>>>>>> we have a proprietary implementation now:
> >>>>>>>>
> >>>>>>>> js/React app generates a custom json out of form data. That is sent
> >>>>>>>> (with a template id) to also custom proxy, which converts the json into
> >>>>>>>> SPARQL using pre made templates. SPARQL is then queried on Apache Jena.
> >>>>>>>>
> >>>>>>>> Now we would like to replace all custom bits with one ore more standards.
> >>>>>>>>
> >>>>>>>> Is it possible to have any kind of templates with LDT? For example
> >>>>>>>> "person_basic" and "person_admin",
> >>>>>>>> where admin contains more properties of a person?
> >>>>>>>>
> >>>>>>>> I'm still having trouble to understand how the SPARQL template is
> >>>>>>>> selected with LDT.
> >>>>>>>>
> >>>>>>>> Br,
> >>>>>>>> Mikael
> >>>>>>>>
> >>>>>>>> On 10/09/2019 15:50, Martynas Jusevičius wrote:
> >>>>>>>>> Hey Mikael,
> >>>>>>>>>
> >>>>>>>>> we have a simple example here: https://github.com/AtomGraph/Processor#example
> >>>>>>>>>
> >>>>>>>>> Do you have some specific use case in mind? If you can share it, I can
> >>>>>>>>> probably look into it.
> >>>>>>>>>
> >>>>>>>>> There is a Community Group for Linked Data Templates which includes a
> >>>>>>>>> mailing list: https://www.w3.org/community/declarative-apps/
> >>>>>>>>>
> >>>>>>>>> Martynas
> >>>>>>>>> atomgraph.com
> >>>>>>>>>
> >>>>>>>>> On Tue, Sep 10, 2019 at 1:27 PM Mikael Pesonen
> >>>>>>>>> <mikael.pesonen@lingsoft.fi> wrote:
> >>>>>>>>>> In the example there is the GET request
> >>>>>>>>>>
> >>>>>>>>>> GET /people/Berners-Lee?g=http%3A%2F%2Flinkeddatahub.com%2Fgraphs%2Fc5f34fe9-0456-48e8-a371-04be71529762 HTTP/1.1
> >>>>>>>>>>
> >>>>>>>>>>
> >>>>>>>>>> Often you want to query different amounts of data depending of the case. Sometimes for example, person name is enough, other time you want all the triples (DESCRIBE).
> >>>>>>>>>> How do you specify here the context?
> >>>>>>>>>>
> >>>>>>>>>> BTW is there a dedicated forum for discussing Linked Data Templates?
> >>>>>>>> --
> >>>>>>>> Lingsoft - 30 years of Leading Language Management
> >>>>>>>>
> >>>>>>>> www.lingsoft.fi
> >>>>>>>>
> >>>>>>>> Speech Applications - Language Management - Translation - Reader's and Writer's Tools - Text Tools - E-books and M-books
> >>>>>>>>
> >>>>>>>> Mikael Pesonen
> >>>>>>>> System Engineer
> >>>>>>>>
> >>>>>>>> e-mail: mikael.pesonen@lingsoft.fi
> >>>>>>>> Tel. +358 2 279 3300
> >>>>>>>>
> >>>>>>>> Time zone: GMT+2
> >>>>>>>>
> >>>>>>>> Helsinki Office
> >>>>>>>> Eteläranta 10
> >>>>>>>> FI-00130 Helsinki
> >>>>>>>> FINLAND
> >>>>>>>>
> >>>>>>>> Turku Office
> >>>>>>>> Kauppiaskatu 5 A
> >>>>>>>> FI-20100 Turku
> >>>>>>>> FINLAND
> >>>>>>>>
> >>>>>> --
> >>>>>> Lingsoft - 30 years of Leading Language Management
> >>>>>>
> >>>>>> www.lingsoft.fi
> >>>>>>
> >>>>>> Speech Applications - Language Management - Translation - Reader's and Writer's Tools - Text Tools - E-books and M-books
> >>>>>>
> >>>>>> Mikael Pesonen
> >>>>>> System Engineer
> >>>>>>
> >>>>>> e-mail: mikael.pesonen@lingsoft.fi
> >>>>>> Tel. +358 2 279 3300
> >>>>>>
> >>>>>> Time zone: GMT+2
> >>>>>>
> >>>>>> Helsinki Office
> >>>>>> Eteläranta 10
> >>>>>> FI-00130 Helsinki
> >>>>>> FINLAND
> >>>>>>
> >>>>>> Turku Office
> >>>>>> Kauppiaskatu 5 A
> >>>>>> FI-20100 Turku
> >>>>>> FINLAND
> >>>>>>
> >>>> --
> >>>> Lingsoft - 30 years of Leading Language Management
> >>>>
> >>>> www.lingsoft.fi
> >>>>
> >>>> Speech Applications - Language Management - Translation - Reader's and Writer's Tools - Text Tools - E-books and M-books
> >>>>
> >>>> Mikael Pesonen
> >>>> System Engineer
> >>>>
> >>>> e-mail: mikael.pesonen@lingsoft.fi
> >>>> Tel. +358 2 279 3300
> >>>>
> >>>> Time zone: GMT+2
> >>>>
> >>>> Helsinki Office
> >>>> Eteläranta 10
> >>>> FI-00130 Helsinki
> >>>> FINLAND
> >>>>
> >>>> Turku Office
> >>>> Kauppiaskatu 5 A
> >>>> FI-20100 Turku
> >>>> FINLAND
> >>>>
> >> --
> >> Lingsoft - 30 years of Leading Language Management
> >>
> >> www.lingsoft.fi
> >>
> >> Speech Applications - Language Management - Translation - Reader's and Writer's Tools - Text Tools - E-books and M-books
> >>
> >> Mikael Pesonen
> >> System Engineer
> >>
> >> e-mail: mikael.pesonen@lingsoft.fi
> >> Tel. +358 2 279 3300
> >>
> >> Time zone: GMT+2
> >>
> >> Helsinki Office
> >> Eteläranta 10
> >> FI-00130 Helsinki
> >> FINLAND
> >>
> >> Turku Office
> >> Kauppiaskatu 5 A
> >> FI-20100 Turku
> >> FINLAND
> >>
>
> --
> Lingsoft - 30 years of Leading Language Management
>
> www.lingsoft.fi
>
> Speech Applications - Language Management - Translation - Reader's and Writer's Tools - Text Tools - E-books and M-books
>
> Mikael Pesonen
> System Engineer
>
> e-mail: mikael.pesonen@lingsoft.fi
> Tel. +358 2 279 3300
>
> Time zone: GMT+2
>
> Helsinki Office
> Eteläranta 10
> FI-00130 Helsinki
> FINLAND
>
> Turku Office
> Kauppiaskatu 5 A
> FI-20100 Turku
> FINLAND
>
Received on Tuesday, 17 September 2019 08:40:52 UTC