- From: Nathan <nathan@webr3.org>
- Date: Wed, 21 Apr 2010 19:26:26 +0100
- To: Story Henry <henry.story@bblfish.net>
- CC: Joe Presbrey <presbrey@gmail.com>, Linked Data community <public-lod@w3.org>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
Story Henry wrote: > On 21 Apr 2010, at 16:58, Joe Presbrey wrote: > >>> Sadly, I'm going to have to implement the above in the short term though >>> as can't for the life of me see any other way of expressing: >>> >>> if graph <Gx> holds the triple <group> <has_member> <webid> . >>> where <Gx> is found by dereferencing <group> >>> where <group> and <has_member> are defined in the ACL >>> where <webid> is only known at runtime after checking foaf+ssl. >> I'm not sure about the Gx dereference at this point. I guess this is >> analogous to multiple groups being defined in the same graph and >> distinguished by fragment. Are you planning to do this like: more GET uri, parse rdf and then check resulting triples. >> defrag(group)? Along these lines I think Apache people like >> AuthGroupFile in .htaccess which explicitly declares what "graphs" are >> trusted for authorization. Maybe you aren't counting this as another >> way of expressing, but in SPARQL I would say: >> >> ASK { >> GRAPH <acl> { >> ?acl acl:accessTo <uri>; acl:mode acl:Read; acl:accessClass <group> . >> } >> GRAPH <group> { >> <group> <has_member> <webid> . >> } >> } > > yes, a SPARQL query such as the above, if the engine knows to go and dereference the Graph ids, > is close to the N3 rules I was thinking of. > > The OWL inferencing is then done inside the graphs such as <group>. This brings me full circle to.. what's the easier way? I'm all for learning etc, but at the end of the day I'm just a developer and should be able to specify + implement something as simple as a rule to say who can access and who can't without this much trouble. so how do i write "check to see if { <http://ex.org/members#1> sioc:has_member> $var } exists and if so grant access" simply in acl? (take for granted that system has insight to deref <http://ex.org/members#1> to get the graph) seems like what i suggested / figured is nothing more than a hack, so surely there must be a simple way - if not, why not and what can be done about it? ps: solution rdf/xml compat please :) Best, Nathan
Received on Wednesday, 21 April 2010 18:53:50 UTC