Re: Triple Access Control

Am 01.09.2011 um 01:24 schrieb bergi:
Dear bergi and all,

> I have already mentioned the vocab I'm using for triple access control
> on the RWW blog. Here is a improved example of my proposed WAC extension.
> 
> Beside the "acl:accessTo" property there is now a "tac:accessToTriple"
> property where all the magic happens. This property has it's own
> "acl:mode" property. This is required to change the access mode in
> deeper levels. For example if you have blog entries in AtomOwl, it's
> possible to give read access to the feed and write access to comment an
> entry. The "tac:filter" property contains a "tac:Filter" to select the
> valid triples. The "tac:Filter" can contain the properties
> "rdf:subject", "rdf:predicate" or "rdf:object" in any combination.
> Traversing is handled by the "tac:children" property. This property
> points to an "acl:Authorization". The "acl:Authorization" can contain
> another "tac:accessToTriple" property. The filter to this
> "tac:accessToTriple" inherits the subject from the upper triple object.
> With the "tac:required" property it's possible to give access depending
> on triples in deeper levels. Only if all required children have at least
> one matching triple, access to the parent triple is granted.
> 
> What do you think about my proposal? Somebody has a different approach?


In general I like the approach, but I have some comments:
1. Did you take into account the performance of working with such access control lists in a practical system? Things that look nice in modelling often impose serious performance problems.
2. Generally, I don't like the use of reification for modelling these kinds of things, because the original triple gets disassembled into parts. The idea with filtering is interesting, tough.

Greetings,

Sebastian
-- 
| Dr. Sebastian Schaffert          sebastian.schaffert@salzburgresearch.at
| Salzburg Research Forschungsgesellschaft  http://www.salzburgresearch.at
| Head of Knowledge and Media Technologies Group          +43 662 2288 423
| Jakob-Haringer Strasse 5/II
| A-5020 Salzburg

Received on Monday, 5 September 2011 07:52:38 UTC