W3C home > Mailing lists > Public > public-rww@w3.org > November 2012

Using existing triples for resource access control

From: bergi <bergi@axolotlfarm.org>
Date: Thu, 29 Nov 2012 17:20:53 +0100
Message-ID: <50B78B65.8050207@axolotlfarm.org>
To: Read-Write-Web <public-rww@w3.org>, WebID <public-webid@w3.org>
In the last teleconf, we didn't come to a conclusion if it's possible to
use existing triples for resource access control using the WAC ontology.
Here is an UAC example, which is use for my ResourceMe tests. In this
example the _:RoleReadGallery role grants read access to the resources
defined by following the s:significantLink and s:contentURL properties.
Start point is a uac:Authorization, which assigns roles and subjects to
an agent/group.

Could WAC also do this? How would the access control rule look like?


@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>.
@prefix s: <http://schema.org/>.
@prefix uac: <http://ns.bergnet.org/uac/0.1/universal-access-control#>.

#
# my gallery triples:
#
<https://www.bergnet.org/people/bergi/gallery/test/gallery#gallery>
 a s:ImageGallery;
 s:significantLink [
  a s:ImageObject;
  s:contentURL <https://www.bergnet.org/people/bergi/file/IMG_9391.jpg>;
 ], [
  a s:ImageObject;
  s:contentURL <https://www.bergnet.org/people/bergi/file/IMG_9401.jpg>;
 ].

#
# read access to gallery pictures
#
_:RoleReadGallery a uac:Role;
 uac:access [
  uac:filter [ a uac:SimpleFilter;
   uac:predicate s:significantLink;
  ];
  uac:children [
   uac:access [
    uac:filter [ a uac:SimpleFilter;
     uac:predicate s:contentURL;					
    ];
    uac:children [
     uac:access [ a uac:ResourceAuthorization;
      uac:mode uac:Read;
     ];
    ];
   ];
  ];
 ].

#
# assign role + gallery to a foaf group
#
_:AuthzFriendsReadGallery a uac:Authorization;
 uac:agent <https://www.bergnet.org/people/bergi/card#friends>;
 uac:subject
  <https://www.bergnet.org/people/bergi/gallery/test/gallery#gallery>;
 uac:hasRole _:RoleReadGallery.
Received on Thursday, 29 November 2012 16:21:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 29 November 2012 16:21:34 GMT