Re: [foaf-protocols] owl:Restrictions in ACL - was Re: ACL Ontology and Discussion from Nathan on 2010-04-21 (public-lod@w3.org from April 2010)

From: Nathan <nathan@webr3.org>
Date: Wed, 21 Apr 2010 01:38:29 +0100
CC: Story Henry <henry.story@bblfish.net>, Linked Data community <public-lod@w3.org>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
Message-ID: <4BCE4905.2070504@webr3.org>
Nathan wrote:
> Request for a bit of help / clarification - started implementing.. see
> in-line from here..
> 
> Story Henry wrote:
>> On 20 Apr 2010, at 21:13, Nathan wrote:
>>
>>> Story Henry wrote:
>>>> On 20 Apr 2010, at 15:52, Nathan wrote:
>>>>> I'd like to propose a few new additions to the ACL Ontology, I won't be
>>>>> specific on names but will describe each one and the associated need.
>>>>>
>>>>> The addition of "groups" - personally I see no need to define a set
>>>>> ontology for what constitutes a group when dealing with ACL, however it
>>>>> would be fantastic to be able to point to the URI of a "Group of WebIDs"
>>>>> and the relation, or predicate, that should be used. For example:
>>>>>
>>>>> [] a acl:Authorization ;
>>>>> acl:accessTo </pictures-of-me> ;
>>>>> acl:mode acl:Read ;
>>>>> acl:agentGroupSource <http://webr3.org/nathan#me> ;
>>>>> acl:agentGroupLink foaf:knows .
>>>> I think you can get what you want by using owl reasoning
>>>>
>>>> @prefix owl: <http://www.w3.org/2002/07/owl#> .
>>>> @prefix acl: <http://www.w3.org/ns/auth/acl#> .
>>>>
>>>> [] a acl:Authorization ;
>>>> acl:accessTo </pictures-of-me> ;
>>>> acl:mode acl:Read ;
>>>> acl:agentClass :myfriends .
>>>>
>>>> :myfriends owl:equivalentClass [ 
>>>>      a owl:Restriction;
>>>>      owl:onProperty [ owl:inverseOf foaf:knows ];
>>>>      owl:hasValue <http://webr3.org/nathan#me> 
>>>> ] .
> 
> managed to get the above implemented and working, basically this equates
> to find the triple:
> 
>  <http://webr3.org/nathan#me> foaf:knows <users-webid> .
> 
> if it's there then grant access, else not.
> 
> is that correct?? or should it equate to looking for:
> 
>  <users-webid> foaf:knows <http://webr3.org/nathan#me> .
> 
>>>>> in this scenario the agentGroupSource is a foaf:Person (me) and the
>>>>> relation to be used as members who have acl:Read access is everybody i
>>>>> foaf:knows.
>>>>>
>>>>> [] a acl:Authorization ;
>>>>> acl:accessTo </working-group> ;
>>>>> acl:mode acl:Read , acl:Write ;
>>>>> acl:agentGroupSource </groups#working-group-members> ;
>>>> you probably want a 
>>>>
>>>>   acl:agentGroupSource </groups/#userGroup1> ;
>>>>
>>>>> acl:agentGroupLink sioc:has_member .
>>>> [] a acl:Authorization ;
>>>> acl:accessTo </working-group> ;
>>>> acl:mode acl:Read , acl:Write ;
>>>> acl:agentClass :wkgrp.
>>>>
>>>> :wkgrp owl:equivalentClass [
>>>>    a owl:restriction;
>>>>    owl:onProperty sioc:member_of;
>>>>    owl:hasValue </groups/#userGroup1> .
> 
> managed to get this one in too.. equates to needing:
> 
>  <users-webid> sioc:member_of </groups/#userGroup1> .
> 
> (hopefully)!
> 
> but what I needed in the first place was the opposite, to find the
> following triple:
> 
>  <http://example.org/usergroups#group1> sioc:has_member <users-webid> .
> 
> my first thought was..
> 
> [] a acl:Authorization ;
> 	acl:accessTo <https://ssl.data.fm/index.php> ;
> 	acl:agentClass _:group ;
> 	acl:mode acl:Read .
> 	
> _:group owl:equivalentClass [
> 	a owl:Restriction ;
> 	owl:hasValue <http://example.org/usergroups#group1> ;
> 	owl:onProperty [ owl:inverseOf sioc:member_of ]
> 	] .
> 
> is that correct?
> 
> if so then the foaf:knows implementation above is a bit of a special
> case isn't it.. because the inverse of { <a> foaf:knows <b> } is { <b>
> foaf:knows <a> } but the inverse of { <c> sioc:member_of <d> } is { <d>
> sioc:has_member <c> } - different predicates.
> 
> I could be (and probably am) wildly wrong here, any clarification?

figured a bit out i think..

above..
:myfriends owl:equivalentClass [
      a owl:Restriction;
      owl:onProperty [ owl:inverseOf foaf:knows ];
      owl:hasValue <http://webr3.org/nathan#me>
] .

would equal:

<users-webid> foaf:isKnownBy <http://webr3.org/nathan#me> .

if such a thing existed, but it doesn't so to check if <users-webid> is
known by :me then we have to

<http://webr3.org/nathan#me> foaf:knows <users-webid> .

but I think I've just inferred that last bit of knowledge myself, and
that it'd be impossible for a machine to figure that bit out.. because
surely in the case of:

_:group owl:equivalentClass [
	a owl:Restriction ;
	owl:hasValue <http://example.org/usergroups#group1> ;
	owl:onProperty [ owl:inverseOf sioc:member_of ]
	] .

I'd have to dereference sioc, see if there was an inverse property of it
and then look for:

<users-webid> sioc:has_member <http://example.org/usergroups#group1> .

which isn't what i want and means the two cases above seem impossible to
me at the minute.. looks like I don't need onProperty hasValue but
rather some other something..?

back to owl spec!

Nathan
Received on Wednesday, 21 April 2010 00:39:07 UTC