Re: "attributes" in ldp-access-control from henry.story@bblfish.net on 2014-07-15 (public-ldp-wg@w3.org from July 2014)

From: <henry.story@bblfish.net>
Date: Tue, 15 Jul 2014 06:55:47 +0200
To: Sandro Hawke <sandro@w3.org>
Cc: ashok malhotra <ashok.malhotra@oracle.com>, public-ldp-wg@w3.org
Message-Id: <D0387B5A-FE16-40D9-B12C-C70FFF1CA5C8@bblfish.net>

On 14 Jul 2014, at 21:43, Sandro Hawke <sandro@w3.org> wrote:

> On July 14, 2014 3:18:49 PM EDT, Ashok Malhotra <ashok.malhotra@oracle.com> wrote:
>> Hi Sandro:
>> I'm glad you are reading the proposal :-)
>> 
>> By "attribute" I mean individual values such as the subject or object
>> of a triple or the value of a link relation.
>> 
> 
> That's frighteningly complicated
> 
>> How about this usecase:  change the namespace prefix all
>> objects in a specific RDF graph or collection of triples?
> 
> I'd just consider that a patch.   No reason to give that special access control.
> 
> In general, application designers have a lot of control over resource granularity, so I think it works well to make resources the smallest unit of access control.
> 
> If I have access to one of two triples in a graph, what response code will you give me when I GET the graph?

I agree. I think there is a orthogonal spec that one could call graph filtering, where one could specify
in a similar way to the one used by Web Access Control, what groups of agents
see what triples of a graph. It is true that Access control is a limit case where there 
is no triple a user can see.

But this type of filtering language brings would bring in a lot more than what is strictly
necessary for LDP. LDP requires a client to be able to go from one server to another by following links
and potentially edit content found there. This means that an agent needs to:

 - be able to authenticate globally
 - be able to create distributed groups belonging to different organisations using LDP and give them access
 - be able to edit the ACL using the same tech as LDP

filtering could be useful thereafter, but it's quite a lot more to think about, so I would tend to if
needed put that in a seperate proposal.

> 
>     - Sandro
> 
>> All the best, Ashok
>> 
>> On 7/14/2014 2:39 PM, Sandro Hawke wrote:
>>> What are "attributes" in 3.1.2 and 3.2.1.2?    Are they HTTP Link
>> headers, triples in the rel=describedby graph, triples with a fixed
>> subject+predicate in the graph, or something else?
>>> 
>>> So far I haven't seen a compelling case for fine-grained access
>> control -- anything smaller than a graph -- and these don't have enough
>> detail for me to know if they would be compelling or not. Concerning UC
>> 3.2.1.2, in my very-limited experience copyright statements are usually
>> put as part of the data.
>>> 
>>>       -- Sandro
>>> 
>>> 
>>> 
> 
> 
> 

Social Web Architect
http://bblfish.net/

Received on Tuesday, 15 July 2014 04:56:30 UTC