W3C home > Mailing lists > Public > public-rww@w3.org > November 2012

Re: AccessControl : update + inference

From: Jürgen Jakobitsch <j.jakobitsch@semantic-web.at>
Date: Mon, 12 Nov 2012 23:33:22 +0100
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: public-rww@w3.org
Message-ID: <1352759602.5241.48.camel@linux-1rgw.site>
hi,

you are right (i somehow felt i'm missing something, when writing the
mail), i can of course ASK for more or less anything and determine
access rights.

the problem, is that i hardly can ASK for all possibilities everytime.

please note that i have this usecase in mind where different people in
different roles (incubator, domain-expert, publisher) are working on a
server that hosts different projects (skos-thesauri or blogs,...)

there might be possibilities with ~"functional acls", for example
where the object of an access predicate is a sparql query (-template)
itself.

at least i now know what i do at witching hour in the coming weeks ;-)

wkr jürgen




On Mon, 2012-11-12 at 17:16 -0500, Kingsley Idehen wrote:
> On 11/12/12 4:52 PM, Jürgen Jakobitsch wrote:
> > hi,
> >
> > since the discussion on AC is apparently taking shape, it might be a
> > good time for my questions.
> >
> > until now we more or less only had examples of AC in action on the
> > data-retrieval side (as far as i know at least).
> >
> > do acl-engines only really work with inference-engines when updating or
> > are there recommended ways of dealing with the following example?
> >
> > prereq.: acl - denies access to resource "x" (say a skos:Concept)
> >
> > what should happen, when i add the triple?
> >
> > resource "y" skos:broader resource "x"?
> >
> >
> > there are several scenarios in which this could take place :
> >
> > 1. should the update request be rejected with full inferencing, because
> > it becomes clear the resource "x" is touched?
> > 2. what happens in a non-inferencing environment? with that is created a
> > relation between the two resources and i could construct (sparql-wise)
> > whatever i want, which brings me to the idea of never trusting
> > application/sparql-results+*...
> >
> >
> > so the crucial point seems to be that ACLs can handle updates more
> > flexible, a read and write access denied for a single resource might not
> > be enough.
> >
> > any pointer to the most flexible acl-ontology?
> > i'm thinking about something like :
> >
> > denyWriteAccess where resource "x" is the object.
> >
> > any pointer really appreciated..
> 
> We we do is have SPARQL ASK as an option for determining conditions. 
> That way, you handle all your desired scenarios as the data (resource) 
> publisher. Basically, we offer:
> 
> 1. basic WebID lists
> 2. WebIDs as members of foaf:Groups
> 3. SPARQL ASK -- for most complex conditions and custom conditions.
> 
> As for inference, we have this loosely bound to the SPARQL processor 
> which is why we use pragmas to enable inference context in our SPARQL 
> implementation. I know of not other way to handle the contextual 
> fluidity associated with this subject matter :-)
> >
> > wkr turnguard
> >
> >
> >
> >
> >
> 
> 

-- 
| Jürgen Jakobitsch, 
| Software Developer
| Semantic Web Company GmbH
| Mariahilfer Straße 70 / Neubaugasse 1, Top 8
| A - 1070 Wien, Austria
| Mob +43 676 62 12 710 | Fax +43.1.402 12 35 - 22

COMPANY INFORMATION
| web       : http://www.semantic-web.at/
| foaf      : http://company.semantic-web.at/person/juergen_jakobitsch
PERSONAL INFORMATION
| web       : http://www.turnguard.com
| foaf      : http://www.turnguard.com/turnguard
| g+        : https://plus.google.com/111233759991616358206/posts
| skype     : jakobitsch-punkt
| xmlns:tg  = "http://www.turnguard.com/turnguard#"

Received on Monday, 12 November 2012 22:33:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 12 November 2012 22:33:52 GMT