W3C home > Mailing lists > Public > www-rdf-calendar@w3.org > December 2002

Re: RDF semantics, access control description and timeranges

From: Graham Klyne <GK@ninebynine.org>
Date: Mon, 16 Dec 2002 13:08:41 +0000
Message-Id: <>
To: tim finin <finin@cs.umbc.edu>
Cc: www-rdf-calendar <www-rdf-calendar@w3.org>

At 11:11 AM 12/15/02 -0500, tim finin wrote:

> > So I might write something like:
> >   ex:Host ex:access                         (1)
> >      [ a ex:AccessPermission ;
> >        ex:allowProtocol ex:HTTP ;
> >        ex:allowProtocol ex:FTP ;
> >        ex:allowProtocol ex:SSH ] .
> > which may be intended to mean that the host ex:Host is permitted to
> > use protocol HTTP _or_ FTP _or_ SSH.
> > ...
> >  So now we may have this graph asserted to be true:
> >   ex:Host ex:access                         (4)
> >      [ a ex:AccessPermission ;
> >        ex:allowProtocol ex:HTTP ] .
> >   ex:HTTP  a ex:AccessProtocol ;
> >        ex:ipProtocol ex:TCP ;
> >        ex:portNumber "80" .
> > Then, by the subgraph lemma, this is true:
> >   ex:Host ex:access                         (5)
> >      [ a ex:AccessPermission ;
> >        ex:allowProtocol ex:HTTP ] .
> >   ex:HTTP  a ex:AccessProtocol ;
> >        ex:ipProtocol ex:TCP .
> > But what does this mean?  It would be tempting to say that by omitting
> > the port number that no port-number constraint is given.  But clearly,
> > it is not true that by permitting use of HTTP that we mean to permit use
> > of all TCP protocols on all port numbers.  So this new subgraph must be
> > interpreted as granting permission to nothing more than HTTP, and
> > probably less.  Absent specification of a port number (which all TCP
> > protocols must use) I think it should mean that no permissions are granted.
>IMHO, (5) means that access is permitted by TCP but we can't say by
>which ports. ...

That's what I had been thinking, but the RDF model theory doesn't support 
that view.

>  ... I'm not sure, given the current RDF model theory if it
>implies that there exists *some* port through which TCP access is allowed.

To say that there exists *some* TCP port, something like this would be needed:

   ex:SomeTCPProtocol  a ex:AccessProtocol ;
            ex:ipProtocol ex:TCP ;
            ex:ipPortNumber [] .

(Which, if I'm not mistaken, would by virtue of the interpolation lemma be 
entailed by:

   ex:SomeTCPProtocol  a ex:AccessProtocol ;
            ex:ipProtocol ex:TCP ;
            ex:ipPortNumber "80" .

> > (So, in this scheme, by expressing an access permission in RDF, under
> > open world assumptions, says nothing about what access is not
> > permitted;  by saying that HTTP is permitted, we don't say whether or
> > not FTP is permitted.  At some stage, to be useful, an access permission
> > description may need to be closed off, so that all access not explicitly
> > permitted is denied.  This may involve mechanisms that go beyond basic
> > RDF core semantics.)
>I'm with you here.  We definitely need some kind of default reasoning.
>The decision has been made, AFAIK, that this will not be in RDF or in
>OWL. If we need it, we will have to do it outside of RDF and OWL.

Yes, I think that's important, because having non-monotonicity all over RDF 
would be a big problem:  you'd never be able to rely upon the fundamental 
RDF inferences because you don't know what new information may be coming.

> > What has confused me in all this is that it appears to muddle
> > conjunctive and disjunctive semantics semantics for RDF statements;
> > e.g. example (1) above meaning that permissions to use HTTP, FTP *or*
> > SSH, but example (3) describing a protocol for which the IP protocol is
> > TCP *and* the port number is 80.  Considered from the point of view of
> > semantic interpretations, it's all conjunctive semantics, but that
> > hasn't prevented me from getting confused about the details at times.
>I'd say the *and* reading is right for (1).  The host has an
>accessPermission _G0042.  _G0042 has an allowProtocol http *and*
>_G0042 has an allowProtocol ftp *and* _G0042 has an allowProtocol ssh.
>I think the confusion is on the natural language side (which is
>probably closely related to our common sense reasoning).  Most people
>would take the following two sentences to have the same meaning:
>   My computer accepts http, ftp and ssh connections
>   My computer accepts http, ftp or ssh connections

Yes, I think you're right about that.  It's so easy to get confused.  Doing 
the natural language to formal language translation isn't always easy, I've 


Graham Klyne
Received on Monday, 16 December 2002 08:11:04 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:14:11 UTC