Re: [foaf-protocols] owl:Restrictions in ACL - was Re: ACL Ontology and Discussion from Nathan on 2010-04-21 (public-lod@w3.org from April 2010)

From: Nathan <nathan@webr3.org>
Date: Wed, 21 Apr 2010 23:05:32 +0100
To: Story Henry <henry.story@bblfish.net>
CC: Joe Presbrey <presbrey@gmail.com>, Linked Data community <public-lod@w3.org>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
Message-ID: <4BCF76AC.6070105@webr3.org>

Story Henry wrote:
> This is why we were writing the authorization out not as you have above, but
> as 
> 
> [] a acl:Authorization ;
> 	acl:accessTo <https://ssl.data.fm/index.php> ;
> 	acl:agentClass [ owl:equivalentClass [ a owl:Restriction;
>               	owl:hasValue <http://example.org/usergroups#group1> ;
>     	        owl:onProperty [ owl:inverseOf sioc:has_member ]
>             ];
> 	acl:mode acl:Read .
> 
> But you if you want to do things procedurally, you can just define that set
> by getting the results from the query 
> or by writing out the procedural equivalent of it, as mentioned in a previous email. 

but that's what I have, and have implemented already over on
https://ssl.data.fm/ - and have done since the first time i mentioned this!

you can't access because i don't foaf:knows you, whereas melvin,
kingsley, michael can; similarly I'm the only one who can actually read
the acl because i have acl:Control over it. the acl is exposed via the
Link header using a rel of the acl ontology.

acl:

@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .

[] a acl:Authorization ;
	acl:accessTo <https://ssl.data.fm/index.php> ;
	acl:agent <http://webr3.org/nathan#me> ;
	acl:mode acl:Control, acl:Read, acl:Write .

[] a acl:Authorization ;
	acl:accessTo <https://ssl.data.fm/index.php> ;
	acl:agentClass _:myfriends ;
	acl:mode acl:Read .

_:myfriends owl:equivalentClass [
	a owl:Restriction ;
	owl:hasValue <http://webr3.org/nathan#me> ;
	owl:onProperty [ owl:inverseOf foaf:knows ]
	] .

exactly the same code works for the above sioc:Usergroups acl, if you
want any proof then simply fire through a usergroup you are a member of
and I'll throw up a resource w/ acl / give you acl:Control if you want,
or I can always foaf:knows you.

you can have the code immediately if you want (even though it's wip) but
i was going to opensource the whole lot after the sparql-less foaf+ssl
auth is in to libAithenticate.

nothing against sparql - just wanted 0 dependencies (other than arc at
this time).

Henry I fear this has been one big misunderstanding other, than the odd
typo and a mad idea of saying an Individual is Class earlier, i follow -
the problem at heart is what IanD was asking on semantic overflow the
other day [1] and nicely explained by danbri, dave reynolds and john
erickson

[1]
http://www.semanticoverflow.com/questions/757/which-owl-reasoners-understand-named-graphs

will leave this here and possibly just drop in a <group-uri>
rdfs:isDefinedBy <dereferenced-group-uri> to atleast delegate some kind
of trust / indicate where to look.

Nathan

Received on Wednesday, 21 April 2010 22:12:51 UTC