W3C home > Mailing lists > Public > www-rdf-calendar@w3.org > December 2002

Re: RDF semantics, access control description and timeranges

From: tim finin <finin@cs.umbc.edu>
Date: Sun, 15 Dec 2002 11:11:47 -0500
Message-ID: <3DFCA9C3.9020704@cs.umbc.edu>
To: Graham Klyne <GK@NineByNine.org>
Cc: www-rdf-calendar <www-rdf-calendar@w3.org>

 > So I might write something like:
 >   ex:Host ex:access                         (1)
 >      [ a ex:AccessPermission ;
 >        ex:allowProtocol ex:HTTP ;
 >        ex:allowProtocol ex:FTP ;
 >        ex:allowProtocol ex:SSH ] .
 > which may be intended to mean that the host ex:Host is permitted to
 > use protocol HTTP _or_ FTP _or_ SSH.
 > ...
 >  So now we may have this graph asserted to be true:
 >   ex:Host ex:access                         (4)
 >      [ a ex:AccessPermission ;
 >        ex:allowProtocol ex:HTTP ] .
 >   ex:HTTP  a ex:AccessProtocol ;
 >        ex:ipProtocol ex:TCP ;
 >        ex:portNumber "80" .
 > Then, by the subgraph lemma, this is true:
 >   ex:Host ex:access                         (5)
 >      [ a ex:AccessPermission ;
 >        ex:allowProtocol ex:HTTP ] .
 >   ex:HTTP  a ex:AccessProtocol ;
 >        ex:ipProtocol ex:TCP .
 > But what does this mean?  It would be tempting to say that by omitting
 > the port number that no port-number constraint is given.  But clearly,
 > it is not true that by permitting use of HTTP that we mean to permit use
 > of all TCP protocols on all port numbers.  So this new subgraph must be
 > interpreted as granting permission to nothing more than HTTP, and
 > probably less.  Absent specification of a port number (which all TCP
 > protocols must use) I think it should mean that no permissions are granted.

IMHO, (5) means that access is permitted by TCP but we can't say by
which ports.  I'm not sure, given the current RDF model theory if it
implies that there exists *some* port through which TCP access is allowed.

 > (So, in this scheme, by expressing an access permission in RDF, under
 > open world assumptions, says nothing about what access is not
 > permitted;  by saying that HTTP is permitted, we don't say whether or
 > not FTP is permitted.  At some stage, to be useful, an access permission
 > description may need to be closed off, so that all access not explicitly
 > permitted is denied.  This may involve mechanisms that go beyond basic
 > RDF core semantics.)

I'm with you here.  We definitely need some kind of default reasoning.
The decision has been made, AFAIK, that this will not be in RDF or in
OWL. If we need it, we will have to do it outside of RDF and OWL.

 > What has confused me in all this is that it appears to muddle
 > conjunctive and disjunctive semantics semantics for RDF statements;
 > e.g. example (1) above meaning that permissions to use HTTP, FTP *or*
 > SSH, but example (3) describing a protocol for which the IP protocol is
 > TCP *and* the port number is 80.  Considered from the point of view of
 > semantic interpretations, it's all conjunctive semantics, but that
 > hasn't prevented me from getting confused about the details at times.

I'd say the *and* reading is right for (1).  The host has an
accessPermission _G0042.  _G0042 has an allowProtocol http *and*
_G0042 has an allowProtocol ftp *and* _G0042 has an allowProtocol ssh.

I think the confusion is on the natural language side (which is
probably closely related to our common sense reasoning).  Most people
would take the following two sentences to have the same meaning:

   My computer accepts http, ftp and ssh connections
   My computer accepts http, ftp or ssh connections

Tim

--
  Tim Finin, Prof Computer Science & Elect Eng, Univ of Maryland,
  Baltimore County, 1000 Hilltop Circle, Baltimore MD 21250.
  +1-410-455-3522 fax:-3969 finin@umbc.edu http://umbc.edu/~finin/
Received on Sunday, 15 December 2002 11:14:12 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:14:11 UTC