Re: Access Control Lists, Policies and Business Models from Adrian Walker on 2012-08-17 (public-lod@w3.org from August 2012)

From: Adrian Walker <adriandwalker@gmail.com>
Date: Fri, 17 Aug 2012 19:05:17 -0400
To: Kingsley Idehen <kidehen@openlinksw.com>
Cc: "public-lod@w3.org" <public-lod@w3.org>
Message-ID: <CABbsEScSxG6W9fQqD_BqgQ7nJ4MOHZ_XsLPw6PAWzB4HdZ9qDg@mail.gmail.com>
Hi Kingsley,

Here's how your example looks in Executable English.  You can view, run and
change the example by pointing a browser to www.reengineeringllc.com and
choosing SocialAccess1 .

|  Kingsley wrote:
|  1. you can only sign up if you are no greater than 1 degree of
separation from TimBL, in a social network
|  2. you can only access a resource if you are known by TimBL
|  3. you can alter (e.g. extend membership) a resource ACL rule if
you claim to know TimBL and he also claims to know you.
|
|  Here's how to specify that in Executable English


a-person and TimBL are at 1 degree of separation in a social network
--------------------------------------------------------------------
1. that-person is permitted to sign up


TimBL knows a-person
----------------------------------------------
2. that-person is allowed to access a resource


a-person claims to know TimBL
TimBL claims to know that-person
--------------------------------------------
3. that-person can alter a resource ACL rule


a-person and an-other-person are friends in Facebook
-----------------------------------------------------------------------------------
that-person and that-other-person are at 1 degree of separation in a
social network


an-other-person and a-person are friends in Facebook
-----------------------------------------------------------------------------------
that-person and that-other-person are at 1 degree of separation in a
social network


this-person and this-other-person are friends in Facebook
==========================================================
   TimBL           Kinglsey
   Adrian          Kinglsey


TimBL knows this-person
========================
              Kingsley


this-person claims to know this-other-person
============================================
  TimBL                     Kingsley
  Kingsley                  TimBL


| This file is an application written in the language Executable English.
| You can view, run and change it by pointing a browser
| to www.reengineeringllc.com and selecting SocialAccess1.


Thanks for comments.

                                                    -- Adrian

Internet Business Logic
A Wiki and SOA Endpoint for Executable Open Vocabulary English Q/A over SQL
and RDF
Online at www.reengineeringllc.com
Shared use is free, and there are no advertisements

Adrian Walker
Reengineering

On Fri, Aug 17, 2012 at 9:14 AM, Kingsley Idehen <kidehen@openlinksw.com>wrote:

>  On 8/17/12 9:00 AM, Adrian Walker wrote:
>
> Hi Kingsley & All,
>
> Facebook Access Tokens have a fairly fine grain, but for flexibility, and
> for explaining complex access decisions, the reasoning approach in the
> following example may be worth a look:
>
>       www.reengineeringllc.com/demo_agents/Access.agent
>
> As you may see, with this approach one can reason about an organization
> chart, and about which roles can delegate which permissions.
>
>
> Simple example, how do I express the following:
>
> 1. you can only sign up if you are no greater than 1 degree of separation
> from TimBL, in a social network
> 2. you can only access a resource if you are known by TimBL
> 3. you can alter (e.g. extend membership) a resource ACL rule if you claim
> to know TimBL and he also claims to know you.
>
> Those rules are just the elementary level stuff. I can assure you that
> there are no OAuth solutions in the Web 2.0 realm that can handle that, let
> alone the kind of dexterity that Linked Data, WebID, and the SPARQL
> protocol bring to the table re. ACLs and data access policies :-)
>
> Links:
>
> 1. https://plus.google.com/s/acl%20webid%20sparql%20idehen -- posts about
> WebID, ACLs, Linked Data, and SPARQL .
>
> Kingsley
>
>
> Cheers,  -- Adrian
>
> Internet Business Logic
> A Wiki and SOA Endpoint for Executable Open Vocabulary English Q/A over
> SQL and RDF
> Online at www.reengineeringllc.com
> Shared use is free, and there are no advertisements
>
> Adrian Walker
> Reengineering
>
>
> On Thu, Aug 16, 2012 at 7:39 PM, Kingsley Idehen <kidehen@openlinksw.com>wrote:
>
>> All,
>>
>> Here's Twitter pretty much expressing the inevitable reality re.
>> Web-scale business models:
>> https://dev.twitter.com/blog/changes-coming-to-twitter-api
>>
>> There's no escaping the importance of access control lists and policy
>> based data access.
>>
>> --
>>
>> Regards,
>>
>> Kingsley Idehen
>> Founder & CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com
>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>>
>>
>
>
> --
>
> Regards,
>
> Kingsley Idehen	
> Founder & CEO
> OpenLink Software
> Company Web: http://www.openlinksw.com
> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
> Twitter/Identi.ca handle: @kidehen
> Google+ Profile: https://plus.google.com/112399767740508618350/about
> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>
>
>
>
Received on Friday, 17 August 2012 23:05:45 UTC