Re: OWL Restrictions and RDF Named Graphs from Nathan on 2010-04-22 (public-owl-dev@w3.org from April to June 2010)

From: Nathan <nathan@webr3.org>
Date: Thu, 22 Apr 2010 10:44:20 +0100
To: Michael Schneider <schneid@fzi.de>
CC: public-owl-dev@w3.org
Message-ID: <4BD01A74.4010800@webr3.org>

Michael Schneider wrote:
> Hi Nathan!
> 
> It is not clear to me what your actual question is and what you want to
> achieve. But I can see several issues that I want to make you aware of. This
> may help you to rephrase your question, or to reconsider your ideas.
> 
> 1) Named graphs are not supported by OWL, neither semantically nor
> syntactically.

That's the problem I fear!

> 2) The two restriction classes are equivalent to each other. I don't know
> whether you have intended this. The two class expressions only differ in the
> owl:onProperty part. But, as you state in your mail, the properties
> sioc:member_of and sioc:has_member are inverse to each other, so the
> property expressions "sioc:member_of" and "[ owl:inverseOf sioc:has_member
> ]" that occur in the owl:onProperty parts are equivalent to each other.
> Hence both restriction classes are equivalent.
> 
> 3) I don't know what you mean when you say that a certain class "equates to
> asking" a named graph. I also don't know what you mean by "if [the class]
> asserts [some statement]" (classes don't assert anything). But what I can
> see is that the two given statements
> 
>   <http://ex.org/john#me> sioc:member_of <http://ex.org/groups#g1>
> 
> and
> 
>   <http://ex.org/groups#g1> sioc:has_member <http://ex.org/john#me>
> 
> are equivalent, since the properties sioc:member_of and sioc:has_member are
> equivalent. So you cannot use these statements as selection criteria, since
> if one statement is asserted/inferred (by whatever means), the other will be
> asserted/inferred as well.

exactly, yet "john says he is a member of group-g1" is very different to
"group-g1 says that one of it's members is john". Belief states, truth,
unsure the precise term.

context:

I've hit this problem a few times, specifically this time it's do with
processing the ACL ontology at runtime for access control, where a user
(identified by <users-uri>) is allowed access if it is deemed to be a:

_:myfriends owl:equivalentClass [
	a owl:Restriction ;
	owl:hasValue <http://ex.org/groups#group1> ;
	owl:onProperty [ owl:inverseOf sioc:has_member ]
] .

at runtime we have two graphs available to check, either the graph
containing <users-uri> or the graph containing <http://ex.org/groups#group1>

this would equate either:

ASK {
  GRAPH <group> {
    <group> <has_member> <webid> .
  }
}

or:

ASK {
  GRAPH <webid> {
    <webid> <member_of> <graph> .
  }
}

(or both)

due to the delicate nature of access control, it is critically important
to be able to assert which graph(s) to check (or maybe trust?) at runtime.

In the above, perhaps if we swapped the term graph for resource it would
make more sense.. For some reason I feel that rdfs:isDefinedBy could be
leveraged in an owl:Restriction, but I could easily be (and often am) wrong.

Best,

Nathan

Received on Thursday, 22 April 2010 09:51:39 UTC