- From: Graham Klyne <gk@ninebynine.org>
- Date: Tue, 09 Mar 2004 09:51:13 +0000
- To: public-cwm-talk <public-cwm-talk@w3.org>
I've been reading the paper by Heflin/Munoz-Avila [1] on using local closed world declarations (LCW) with semantic web reasoners, and thinking about how the ideas might apply to Notation3 and cwm. I'm (again) looking at processing network access-related descriptions, and wish to deduce that a particular connection is not allowed if it is not explicitly permitted. This presumes that a given list of permitted connections is complete. Originally, I thought to use the "closed" property of a collection (list), but then realized that when the list contains compound values, expressed like: [ prop val ; prop val ] in N3, the list closure potentially breaks down because there may be other statements that have the list-member resource as a subject. Roughly, the LCW approach asserts that some locally scoped information is complete, and that absence of some information is sufficient to deduce its falsehood. Examples given are based on DAML+OIL and SHOE, noting that DAML (also OWL) can express these ideas but to do so is somewhat cumbersome. I went rummaging at: http://www.w3.org/2000/10/swap/doc/CwmBuiltins thinking that there was something there about log:Falsehood and/or negation, which might be a way of latching onto the LCW ideas, but am finding nothing there. Are there any common techniques for dealing with closed information in CWM? Specifically, in the example below, I can deduce that :conn1 is a wc:AllowedConnection, but I wish to deduce that :conn2 is a wc:DisallowedConnection. Ideas? (My current thoughts are along the lines thus: { <pattern1> . { <pattern2> } a log:LCW_Falsehood . } => { <conclusion using variables from <pattern1>> } Where there is a presumption that the formula declared to be an LCW_Falsehood contains complete information in relation to nodes bound by <pattern1>.) #g -- [1] LCW-Based Agent Planning for the Semantic Web Jeff Heflin and Hector Muņoz-Avila http://www.cse.lehigh.edu/~heflin/pubs/lcw-aaai02.pdf ... Example data: [[ # 20040308-wlan-connection.n3 # # Meeting 20040308 # # Data for WLAN connections example discussed in meeting # # ----- # Declare namespace prefixes # @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> . @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> . @prefix rdft: <http://id.ninebynine.org/2003/rdfext/rdft#> . @prefix wd: <http://id.ninebynine.org/wip/2003/wlanDevices/> . @prefix wp: <http://id.ninebynine.org/wip/2003/wlanPolicy/> . @prefix wc: <http://id.ninebynine.org/wip/2003/wlanConnection/> . @prefix log: <http://www.w3.org/2000/10/swap/log#> . # CWM built-in @prefix : <#> . # Declare data about wlan-connected devices wd:BossComputer a wd:Device ; rdfs:label "Boss computer" ; # Brief description wd:devid "1" ; # Asset schedule identifier wd:wlanif [ wd:macadrs "00:00:00:00:00:11" ] ; rdfs:comment """ This resource is a laptop computer belonging to "big boss", who is not technically literate but may have sensitive data on his/her computer. """ . wd:AdminComputer a wd:Device ; rdfs:label "Admin computer" ; # Brief description wd:devid "2" ; # Asset schedule identifier wd:wlanif [ wd:macadrs "00:00:00:00:00:22" ] ; rdfs:comment """ This resource is a laptop computer belonging to a system administrator, who is assumed to know how to protect it from casual attack. """ . wd:SerfComputer a wd:Device ; rdfs:label "Serf computer" ; # Brief description wd:devid "3" ; # Asset schedule identifier wd:wlanif [ wd:macadrs "00:00:00:00:00:33" ] ; rdfs:comment """ This resource is a laptop computer belonging to a company slave, who is regarded as an active risk to the company's network. """ . wd:PublicAccess a wd:Device ; rdfs:label "Public AP" ; # Brief description wd:devid "8" ; # Asset schedule identifier wd:wlanif [ wd:macadrs "00:00:00:00:00:88" ] ; rdfs:comment """ This resource is a wireless access point connected to the public facing side of a company's network. """ . wd:PrivateAccess a wd:Device ; rdfs:label "Private AP" ; # Brief description wd:devid "9" ; # Asset schedule identifier wd:wlanif [ wd:macadrs "00:00:00:00:00:99" ] ; rdfs:comment """ This resource is a wireless access point connected to the internal part of a company's network. """ . # Declare data about company access policy. # Any connection not explicitly allowed is forbidden. wp:WlanPolicy a wp:ConnectionPolicy ; wp:allowedConnection [ wd:devid "1" , "9" ], [ wd:devid "2" , "8" ], [ wd:devid "2" , "9" ] ; rdfs:comment """ Boss can connect to private network. Admin can connect to private and public networks. Serf can connect to none. """ . # Describe some potential connections :conn1 a wc:Connection ; wd:macadrs "00:00:00:00:00:11" ; wd:macadrs "00:00:00:00:00:99" ; rdfs:comment """ Boss connects to private network. OK. """ . :conn2 a wc:Connection ; wd:macadrs "00:00:00:00:00:11" ; wd:macadrs "00:00:00:00:00:88" ; rdfs:comment """ Boss connects to public network. not OK. """ . # Describe inference rules to define acceptability of a connection. # 1. Deduce device connections from MAC address connections { ?c a wc:Connection ; wd:macadrs ?ma1, ?ma2 . ?d1 a wd:Device ; wd:devid ?di1 ; wd:wlanif [ wd:macadrs ?ma1 ] . ?d2 a wd:Device ; wd:devid ?di2 ; wd:wlanif [ wd:macadrs ?ma2 ] . } => { ?c wd:devid ?di1 , ?di2 . } . # 2. Rule to define that connection is OK. { ?c a wc:Connection ; wd:devid ?di1 , ?di2 . ?cp a wp:ConnectionPolicy ; wp:allowedConnection [ wd:devid ?di1, ?di2 ] . ?di1 log:notEqualTo ?di2 . } => { ?c a wc:AllowedConnection . } . ]] ------------ Graham Klyne For email: http://www.ninebynine.org/#Contact
Received on Tuesday, 9 March 2004 04:51:59 UTC