- From: Ashok Malhotra <ashok.malhotra@oracle.com>
- Date: Mon, 28 Apr 2014 17:41:16 -0400
- To: public-ldp-wg@w3.org
- Message-ID: <535ECAFC.1070706@oracle.com>
Good comments! If we feel it's best not to get into attribute-level access control, I'm OK with that. But we need to have AC on a group of documents so I can say the equivalent of "all registered attendees of the conference have read access to all its papers" There has been a great deal of interest in a policy-based approach to AC. See http://www.w3.org/2004/09/Policy-Aware-Web-acl.pdf AC needs to be lightweight and efficient and computing policy conformance is typically not lightweight. Appreciate any reactions you may have. All the best, Ashok On 4/28/2014 12:35 PM, Kingsley Idehen wrote: > On 4/28/14 11:52 AM, Sandro Hawke wrote: >>> >>> [*] I am not certain what the atomic level really is here -- >>> document, triple, subject, subject+predicate -- but I am >>> fairly certain it's at least document, and being able to >>> say that "most documents are WORLD-READ, but *this one* >>> is OWNER-READ, WORLD-NONE" seems key. >> >> My inclination is to just do per-document access control. > > Yes. > >> If you want something more fine-grained, then use smaller documents. > > Yes. > >> I think it is reasonable, however, to track access control through merging -- so you might have a graph formed by merging 100 different graphs, and so a given user who can only see some of those hundred can only see part of the merged graph. > > A view over several named graphs, subject to acls on each of the named graphs. > >> If you do the merge at request time, its easy enough. If you want to pre-calculate the merge, it gets very tricky. Do you let the user know he's seeing a partially-obscured graph? Probably. > > In the definition of the view. > > Named Graph Identifiers denote documents that might be accessible from an HTTP URL or some internal DBMS location (which is really an internal DBMS specific identifier too). > > > -- > > Regards, > > Kingsley Idehen > Founder & CEO > OpenLink Software > Company Web:http://www.openlinksw.com > Personal Weblog:http://www.openlinksw.com/blog/~kidehen > Twitter Profile:https://twitter.com/kidehen > Google+ Profile:https://plus.google.com/+KingsleyIdehen/about > LinkedIn Profile:http://www.linkedin.com/in/kidehen > > > >
Received on Monday, 28 April 2014 21:42:59 UTC