- From: Nathan <nathan@webr3.org>
- Date: Wed, 21 Apr 2010 23:05:32 +0100
- To: Story Henry <henry.story@bblfish.net>
- CC: Joe Presbrey <presbrey@gmail.com>, Linked Data community <public-lod@w3.org>, foaf-protocols <foaf-protocols@lists.foaf-project.org>
Story Henry wrote: > This is why we were writing the authorization out not as you have above, but > as > > [] a acl:Authorization ; > acl:accessTo <https://ssl.data.fm/index.php> ; > acl:agentClass [ owl:equivalentClass [ a owl:Restriction; > owl:hasValue <http://example.org/usergroups#group1> ; > owl:onProperty [ owl:inverseOf sioc:has_member ] > ]; > acl:mode acl:Read . > > But you if you want to do things procedurally, you can just define that set > by getting the results from the query > or by writing out the procedural equivalent of it, as mentioned in a previous email. but that's what I have, and have implemented already over on https://ssl.data.fm/ - and have done since the first time i mentioned this! you can't access because i don't foaf:knows you, whereas melvin, kingsley, michael can; similarly I'm the only one who can actually read the acl because i have acl:Control over it. the acl is exposed via the Link header using a rel of the acl ontology. acl: @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> . @prefix acl: <http://www.w3.org/ns/auth/acl#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . @prefix owl: <http://www.w3.org/2002/07/owl#> . [] a acl:Authorization ; acl:accessTo <https://ssl.data.fm/index.php> ; acl:agent <http://webr3.org/nathan#me> ; acl:mode acl:Control, acl:Read, acl:Write . [] a acl:Authorization ; acl:accessTo <https://ssl.data.fm/index.php> ; acl:agentClass _:myfriends ; acl:mode acl:Read . _:myfriends owl:equivalentClass [ a owl:Restriction ; owl:hasValue <http://webr3.org/nathan#me> ; owl:onProperty [ owl:inverseOf foaf:knows ] ] . exactly the same code works for the above sioc:Usergroups acl, if you want any proof then simply fire through a usergroup you are a member of and I'll throw up a resource w/ acl / give you acl:Control if you want, or I can always foaf:knows you. you can have the code immediately if you want (even though it's wip) but i was going to opensource the whole lot after the sparql-less foaf+ssl auth is in to libAithenticate. nothing against sparql - just wanted 0 dependencies (other than arc at this time). Henry I fear this has been one big misunderstanding other, than the odd typo and a mad idea of saying an Individual is Class earlier, i follow - the problem at heart is what IanD was asking on semantic overflow the other day [1] and nicely explained by danbri, dave reynolds and john erickson [1] http://www.semanticoverflow.com/questions/757/which-owl-reasoners-understand-named-graphs will leave this here and possibly just drop in a <group-uri> rdfs:isDefinedBy <dereferenced-group-uri> to atleast delegate some kind of trust / indicate where to look. Nathan
Received on Wednesday, 21 April 2010 22:12:51 UTC