W3C home > Mailing lists > Public > public-xg-webid@w3.org > January 2011

RE: ACL

From: Martin Gaedke <martin.gaedke@informatik.tu-chemnitz.de>
Date: Wed, 26 Jan 2011 00:32:06 +0100
To: "'Dan Brickley'" <danbri@danbri.org>, "'Henry Story'" <henry.story@bblfish.net>
Cc: 'St├ęphane Corlosquet' <scorlosquet@gmail.com>, "'Alexandre Passant'" <alexandre.passant@deri.org>, <nathan@webr3.org>, "'WebID XG'" <public-xg-webid@w3.org>
Message-ID: <00f801cbbce8$15937150$40ba53f0$@informatik.tu-chemnitz.de>
Alexandre Passant wrote:
> My feeling is that we could get WebID (authentication) without ACL issues. 
> What people do when the user is authenticated (e.g. use ACL ontology to deliver X or Y) is IMO a matter of the implementation, not of WebID itself.

Yes, I agree as well on that - But I also like what Dan was suggesting regarding ACLs and the FOAF-ish perspective. While I strongly believe that WebID should clearly be authentication only, we should demonstrate its full potential by making use of powerful examples including ACLs (besides the easy ones to get into it).

So, in this context, the question is what do we have to take care of when defining WebID? Is there anything we should provide in WebID that otherwise makes application of e.g. OWL2 scenarios more complicated? What about trust delegation scenarios?

Cheers,
Martin



> -----Original Message-----
> From: public-xg-webid-request@w3.org [mailto:public-xg-webid-
> request@w3.org] On Behalf Of Dan Brickley
> Sent: Dienstag, 25. Januar 2011 21:36
> To: Henry Story
> Cc: St├ęphane Corlosquet; Alexandre Passant; nathan@webr3.org; WebID XG
> Subject: Re: ACL
> 
> [interesting discussion snipped]
> 
> A quick comment re ACLs from a FOAF-ish perspect:
> 
> Most RDF linked data work has tended not to use OWL, except for
> owl:sameAs statements for expressing numerical identity (one-and-the-
> same-thing-ness).
> 
> However OWL is very powerful for describing rules for picking out classes of
> things in terms of their properties. This has some natural application to
> expression of ACLs. In many ways this is orthogonal from the details of the
> core WebID protocol, which just (like OpenID, some uses of OAuth) lets
> people prove that they control some online account / document. So I think
> there is a case for working out some OWL-based approaches to expressing
> ACLs in terms of RDF and OWL and OWL rules, in a way that works with *any*
> technique for demonstrating evidence of who someone is. Once done, this
> could of course be exploited in WebID-based interactions with a site,
> something along the 'proof carrying authorization' direction eg.
> http://www.ece.cmu.edu/~lbauer/papers/pcaprototr.pdf
> 
> So I'd really encourage folk to revisit the OWL tools, especially OWL2 which
> allows some convenient idioms. See http://lists.foaf-
> project.org/pipermail/foaf-dev/2010-November/010488.html
> for examples that model FOAF Group as [via punning] simultaneously a class,
> and as an individual. The earlier FOAF idioms used separate entities for
> those, linked by foaf:membershipClass. But that idiom didn't get much use.
> 
> What I'm thinking is we should investigate a kind of nice gui for talking about
> (sub-) classes of Person, Organization etc., not a general purpose ontology
> editor but one biased towards these particular kinds of object, and with
> more focus on provenance/truth/evidence for claims.
> 
> So for example (in a made up language),
> 
> Let gsent = persons I sent mail to, more than twice on most weeks, according
> to my gmail account danbrickley@gmail.com Let blogok = persons whose
> comments I accepted on my blog http://danbri.org/words/ Let dopplr =
> persons who i share my locations with on dopplr [more complicated stuff
> that would map down to OWL could go here, but keeping a simple example
> for now] Let group1 = gsent + blogok + dopplr
> 
> ...ie. to be able to use some UI (or domain specific language)  to characterise
> groups of people/agents, typically by ref to some authority or service ....then
> to compose those (with OWL's building blocks), ... and use the result to
> express ACL rules.
> 
> So I could tell a Wiki to give "edit" privileges to 'group1'. Whether this is a
> static compiled snapshot of group1, or whether it accepts anyone who can
> prove they match that group's rules, ... is very much open to debate. I can
> see value in both.
> 
> (let me know when it's time to switch lists :)
> 
> cheers,
> 
> Dan
> 
> ps. and congrats on launching the group!
Received on Wednesday, 26 January 2011 12:37:35 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 26 January 2011 12:40:39 GMT