- From: Sandro Hawke <sandro@w3.org>
- Date: Mon, 28 Apr 2014 18:39:39 -0400
- To: ashok.malhotra@oracle.com,Ashok Malhotra <ashok.malhotra@oracle.com>,public-ldp-wg@w3.org
On April 28, 2014 5:41:16 PM EDT, Ashok Malhotra <ashok.malhotra@oracle.com> wrote:
>Good comments!
>
>If we feel it's best not to get into attribute-level access control,
>I'm OK with that.
>But we need to have AC on a group of documents so I can say the
>equivalent of
>"all registered attendees of the conference have read access to all its
>papers"
>
That's certainly useful. And that rule is easy enough to express with OWL RL (I think), but if you want to have one exception, one person or one paper who is excluded, that gets very tough. The simplest treatment I've seen of defeasible logic that might be compatible is Ben Grosof's Courteous Logic Programming, which compiles ordinary logic programs, but I'm really not an expert in this.
>There has been a great deal of interest in a policy-based approach to
>AC. See
>http://www.w3.org/2004/09/Policy-Aware-Web-acl.pdf
Yes, I was vaguely associated with that project.... from memory, I believe the logic was never really formalized and was not defeasible.
RIF might be our best bet if we really want a standard defeasible logic. I know Oracle had an implementation at some point, but I bet it was in a completely different part of the architecture than access control.
>AC needs to be lightweight and efficient and computing policy
>conformance is
>typically not lightweight. Appreciate any reactions you may have.
>
Yeah, I believe the w3.org code materializes all the triples so the access check system just had to do one indexed lookup.
- Sandro
>All the best, Ashok
>
>On 4/28/2014 12:35 PM, Kingsley Idehen wrote:
>> On 4/28/14 11:52 AM, Sandro Hawke wrote:
>>>>
>>>> [*] I am not certain what the atomic level really is here --
>>>> document, triple, subject, subject+predicate -- but I am
>>>> fairly certain it's at least document, and being able to
>>>> say that "most documents are WORLD-READ, but *this one*
>>>> is OWNER-READ, WORLD-NONE" seems key.
>>>
>>> My inclination is to just do per-document access control.
>>
>> Yes.
>>
>>> If you want something more fine-grained, then use smaller documents.
>>
>> Yes.
>>
>>> I think it is reasonable, however, to track access control
>through merging -- so you might have a graph formed by merging 100
>different graphs, and so a given user who can only see some of those
>hundred can only see part of the merged graph.
>>
>> A view over several named graphs, subject to acls on each of the
>named graphs.
>>
>>> If you do the merge at request time, its easy enough. If you want
>to pre-calculate the merge, it gets very tricky. Do you let the user
>know he's seeing a partially-obscured graph? Probably.
>>
>> In the definition of the view.
>>
>> Named Graph Identifiers denote documents that might be accessible
>from an HTTP URL or some internal DBMS location (which is really an
>internal DBMS specific identifier too).
>>
>>
>> --
>>
>> Regards,
>>
>> Kingsley Idehen
>> Founder & CEO
>> OpenLink Software
>> Company Web:http://www.openlinksw.com
>> Personal Weblog:http://www.openlinksw.com/blog/~kidehen
>> Twitter Profile:https://twitter.com/kidehen
>> Google+ Profile:https://plus.google.com/+KingsleyIdehen/about
>> LinkedIn Profile:http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
Received on Monday, 28 April 2014 22:39:51 UTC