- From: Michael Schneider <schneid@fzi.de>
- Date: Sat, 5 Mar 2011 22:24:38 +0000
- To: "yrodriguezma@uci.cu" <yrodriguezma@uci.cu>
- CC: "public-owl-dev@w3.org" <public-owl-dev@w3.org>
Hi Yoandy, concerning the second question, I still need to make sure whether I correctly understand you:
>-----Original Message-----
>From: Yoandy Rodriguez [mailto:yrodriguezma@uci.cu]
>Sent: Friday, March 04, 2011 8:45 PM
>To: Michael Schneider
>Cc: public-owl-dev@w3.org
>Subject: RE: beginer question about inferencing
>
>El vie, 04-03-2011 a las 12:17 +0000, Michael Schneider escribió:
>> Hi Yoandy!
>>
>> Not an answer, but I need to ask for clarification. See below:
[...]
>> >also
>> >"if user have read access to a file then reading the file is allowed
>> >else it is forbidden"
>>
>> Do you mean:
>>
>> [1] "if there /exists/ at least one user ?u
>> who has read access to the specific file ?f,
>> then ?f is generally readable ("readable(?f)")"
>>
>> ? Or do you mean:
>>
>> [2] "if the /specific/ user ?u has read access
>> to the specific file ?f, then ?u is allowed
>> to read ?f ("allowedToRead(?u,?f)")
>>
>> ? In the case of [1], reading file ?f would then be forbidden
>("forbidden(?f)"), if there is no such user having read access to it. In
>case [2], if the /negation/ of the assertion "hasReadAccess(?u,?f)"
>holds, then the assertion "forbidden(?u,?f)" is entailed. Which one do
>you want to express (or maybe a third scenario)?
[...]
>Hello Michael,
[...]
>In the second expression I want to, if a given user ?user has a
>permission ?perm who matches any of ?file permissions, then state that
>the ?user can access the ?file, else state that he can't.
So, is it the following scenario?
* There are several individual users;
* there are several individual files;
* there is a fixed collection of file permissions (e.g. "read", "write", "delete", etc.);
* every file provides a certain sub set of file permissions;
* every user owns a certain sub set of file permissions, where, if he owns a permission ?p, he is then allowed to access /any/ file that provides ?p.
The last point above is the most important one for me to understand the scenario.
To give an example with user Alice and files dailymirror.pdf, phdthesis.tex, and topsecret.pdf:
Alice --ownsPermissions--> { read, write }
dailymirror.pdf --providesPermissions--> { read, delete }
phdthesis.tex --providesPermissions--> { write, read }
topsecret.doc --providesPermissions--> { delete }
So, since Alice has generic "read" permission, she may access dailymirror.pdf and phdthesis.tex, which both provide "read" permission. In addition, since Alice also owns "write" permission, there is a second option for her to access phdthesis.tex, which still wants to be written. However, since topsecret.doc only provides "delete" permission and Alice does not own the "delete" permission, she is /not/ allowed to access topsecret.doc.
Is this what you mean?
Cheers,
Michael
--
Dipl.-Inform. Michael Schneider
Research Scientist, Information Process Engineering (IPE)
Tel : +49-721-9654-726
Fax : +49-721-9654-727
Email: michael.schneider@fzi.de
WWW : http://www.fzi.de/michael.schneider
==============================================================================
FZI Forschungszentrum Informatik an der Universität Karlsruhe
Haid-und-Neu-Str. 10-14, D-76131 Karlsruhe
Tel.: +49-721-9654-0, Fax: +49-721-9654-959
Stiftung des bürgerlichen Rechts
Stiftung Az: 14-0563.1 Regierungspräsidium Karlsruhe
Vorstand: Dipl. Wi.-Ing. Michael Flor, Prof. Dr. rer. nat. Ralf Reussner,
Prof. Dr. rer. nat. Dr. h.c. Wolffried Stucky, Prof. Dr. rer. nat. Rudi Studer
Vorsitzender des Kuratoriums: Ministerialdirigent Günther Leßnerkraus
==============================================================================
Received on Saturday, 5 March 2011 22:25:14 UTC