RE: On classes and property permissions from Michael Schneider on 2007-09-28 (public-owl-dev@w3.org from July to September 2007)

From: Michael Schneider <schneid@fzi.de>
Date: Fri, 28 Sep 2007 09:29:34 +0200
To: "Emanuele D'Arrigo" <manu3d@gmail.com>
Cc: "OWL developers public list" <public-owl-dev@w3.org>
Message-ID: <0EF30CAA69519C4CB91D01481AEA06A040A409@judith.fzi.de>

A correction!

I wrote:

> Emanuele D'Arrigo wrote:
>
>>Should all these axioms be stored in the ontology
>>so that whatever application manipulates the instances
>>can make use of them directly? Or should they be
>>instances themselves, of a separate "permission"
>>ontology somehow applied to the ontology "files"?
>>Or are there other options?
>
>If you decide for the AnnotationProperty method, I would 
>prefer to put these
>metadata annotations directly into the ontology.

This was *not* the best advice! I have missed a few significant points
yesterday night:

    1) Access rights, like which user or group is allowed to manipulate
which class or property, should better be kept separate from the ontology
itself. Then these access rights can be updated, while the ontology itself
keeps untouched.

    2) An access rights vocabulary is of general interest, not only to the
specific "File" ontology. Hence, it should be separate from such a domain
specific ontology. One could then build support into ontology editors for
generically handling access rights to arbitrary entities in arbitrary
ontologies.

So my new recommendation would be the following:

A) Create an ontology <fileont>, which contains the 'file' class, and the
'size' and 'name' properties.

B) Create an ontology <accessont>, which defines the AnnotationPropertyS
discussed in my last post, like 'isEditable' and 'allowedUser'.

C) Build an ontology <myfileaccess>, wherein you define the concrete access
rights, like that the property 'name' may only be edited by the users U1 and
U2. This ontology should /import/ the two other ontologies, so put in the
following ontology header:

    <myfileaccess> a owl:Ontology ;
        owl:imports <fileont> ;
        owl:imports <accessont> .

Now, if you load the ontology <myfileaccess> into some ontology editor, the
editor will also read in the <fileont> and the <accessont> ontologies, and
it will merge all three ontologies into a single one. So you will still have
the same /view/ as if you had all information been stored in the same
ontology, but the new approach with three separate ontologies is much more
flexible.

Cheers,
Michael

--
Dipl.-Inform. Michael Schneider
FZI Forschungszentrum Informatik Karlsruhe
Abtl. Information Process Engineering (IPE)
Tel  : +49-721-9654-726
Fax  : +49-721-9654-727
Email: Michael.Schneider@fzi.de
Web  : http://www.fzi.de/ipe/eng/mitarbeiter.php?id=555

FZI Forschungszentrum Informatik an der Universität Karlsruhe
Haid-und-Neu-Str. 10-14, D-76131 Karlsruhe
Tel.: +49-721-9654-0, Fax: +49-721-9654-959
Stiftung des bürgerlichen Rechts
Az: 14-0563.1 Regierungspräsidium Karlsruhe
Vorstand: Rüdiger Dillmann, Michael Flor, Jivka Ovtcharova, Rudi Studer
Vorsitzender des Kuratoriums: Ministerialdirigent Günther Leßnerkraus

Received on Friday, 28 September 2007 07:29:48 UTC