- From: bergi <bergi@axolotlfarm.org>
- Date: Fri, 31 Aug 2012 21:14:45 +0200
- To: Dominik Tomaszuk <ddooss@wp.pl>
- CC: Read-Write-Web <public-rww@w3.org>, nathan <nathan@webr3.org>, Emmanuel Dreux <edreux@cloudiway.com>
The RDFS/OWL is now available in RDF/XML and Turtle format. I tried to create a useful HTML document via XSPARQL without success. So I used Protege/OWLDoc to generate a simple HTML documentation. http://ns.bergnet.org/uac/0.1/universal-access-control Last time no one proposed times for a Skype conference. So here two proposals from my side: 2012-09-02 15:00-16:00 UTC, 17:00-18:00 Berlin http://timeanddate.com/worldclock/fixedtime.html?month=09&day=02&year=2012&hour=15&min=00&sec=0&p1=0 2012-09-04 16:00-17:00 UTC, 18:00-19:00 Berlin http://timeanddate.com/worldclock/fixedtime.html?month=09&day=04&year=2012&hour=16&min=00&sec=0&p1=0 Am 16.08.2012 01:01, schrieb Dominik Tomaszuk: > bergi, > > It will be great if you provide RDFS/OWL. My first impression is that > it's quite complex. > > Maybe the person interested in this topic should get together on Skype? > > Cheers, > Dominik > > > On 15.08.2012 21:42, bergi wrote: >> More and more people on the mailing list are talking about access >> control. I'm already working on the ACL topic of the rww scope [1]. Even >> if it's not yet feature complete, I wanted to show you my current >> version. This work is based on the TripleAccessControl Ontology [2]. >> Please have a look at the TAC Ontology documentation if you haven't done >> this before. The main focus was my use case with a single/default graph, >> but named graphs should also be covered in the final version. If you >> also have already a concept please share your ideas. I will try to >> integrated them. At the end we hopefully have an ontology that works for >> must of us. This is important because I would like to use the uac:Role >> class also for the Request for Access topic [3]. >> >> >> Simple Example >> >> Here a simple example for my FOAF profile with nested roles for my WebID >> keys and Pingback. The blank nodes _:group_anonymous and _:group_anybody >> are used by the ResourceMe login modules for anonymous users and any >> logged in user. >> >> # role for WebID keys: >> _:RoleReadWebid a uac:Role; >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate cert:key; >> ]; >> uac:children [ >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate rdf:type; >> uac:object cert:RSAPublicKey; >> ], [ a uac:SimpleFilter; >> uac:predicate cert:modulus; >> ], [ a uac:SimpleFilter; >> uac:predicate cert:exponent; >> ]]]]. >> >> # role for Pingback: >> _:RoleReadPingback a uac:Role; >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate pingback:to; >> ]]. >> >> # role for FOAF profile: >> _:RoleReadProfile a uac:Role; >> uac:hasRole >> _:RoleReadWebid, >> _:RoleReadPingback; >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate rdf:type; >> uac:object foaf:Person; >> ], [ a uac:SimpleFilter; >> uac:predicate foaf:name; >> ], [ a uac:SimpleFilter; >> uac:predicate foaf:firstName; >> ], [ a uac:SimpleFilter; >> uac:predicate foaf:lastName; >> ], [ a uac:SimpleFilter; >> uac:predicate foaf:nick; >> ], [ a uac:SimpleFilter; >> uac:predicate foaf:img; >> ], [ a uac:SimpleFilter; >> uac:predicate foaf:homepage; >> ], [ a uac:SimpleFilter; >> uac:predicate pingback:to; >> ]]. >> >> # assign the roles to agents and subject >> _:AuthzAllProfile a uac:Authorization; >> uac:agent _:group_anonymous; >> uac:agent _:group_anybody; >> uac:subject<https://www.bergnet.org/people/bergi/card#me>; >> uac:hasRole _:RoleReadProfile. >> >> >> Write Blog Comment >> >> In some cases a filter value should be filled dynamically. For this use >> case the uac:VariableFilter can be used. In this example the >> uac:VariableFilter is used to avoid user spoofing in blog comments. The >> agent variable is automatically filled with the authenticated user URL. >> >> _:RoleWriteBlogComment a uac:Role; >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate s:blogPosts; >> ]; >> uac:children [ >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Write; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate s:comment; >> ]; >> uac:children [ >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Write; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate rdf:type; >> uac:object s:UserComments; >> ], [ a uac:SimpleFilter; >> uac:predicate s:commentTime; >> ], [ a uac:SimpleFilter; >> uac:predicate s:commentText; >> ]; >> ], [ a uac:TripleAuthorization; >> uac:mode uac:Write; >> uac:filter [ a uac:VariableFilter; >> uac:predicate [ >> uac:value s:creator; >> ]; >> uac:object [ >> uac:variable "agent"; >> ]; >> ]; >> uac:required "true"; >> ]]]]]. >> >> _:AuthzAnybodyBlog a uac:Authorization; >> uac:agent _:group_anybody; >> uac:subject<https://www.bergnet.org/people/bergi/blog/#blog>; >> uac:hasRole _:RoleWriteBlogComment. >> >> >> Image Gallery >> >> This example shows how to reuse RDF data defined for a gallery. Based on >> the s:contentURL property access to the linked pictures is granted. >> >> _:RoleReadGallery a uac:Role; >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate rdf:type; >> uac:object s:ImageGallery; >> ]; >> ], [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate s:significantLink; >> ]; >> uac:children [ >> uac:accessToTriple [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate rdf:type; >> uac:object s:ImageObject; >> ], [ a uac:SimpleFilter; >> uac:predicate s:author; >> ], [ a uac:SimpleFilter; >> uac:predicate s:dateCreated; >> ], [ a uac:SimpleFilter; >> uac:predicate s:text; >> ]; >> ], [ a uac:TripleAuthorization; >> uac:mode uac:Read; >> uac:filter [ a uac:SimpleFilter; >> uac:predicate s:contentURL; >> ]; >> uac:children [ >> uac:accessToResource [ a uac:ResourceAuthorization; >> uac:mode uac:Read; >> ]]]]]. >> >> _:AuthzFriendsReadGallery a uac:Authorization; >> uac:agent<https://www.bergnet.org/people/bergi/card#friends>; >> uac:subject >> <https://www.bergnet.org/people/bergi/gallery/2012-06-14/>, >> <https://www.bergnet.org/people/bergi/gallery/2012-07-07/>; >> uac:hasRole _:RoleReadGallery. >> >> >> Why No Deny? >> >> There is no uac:denyAccessToTriple property because it would just cause >> trouble. Think about foaf:group provided by a server which is temporary >> not reachable. If you would deny access for this group you have a >> problem. A concept of deny just will not work with distributed data. >> >> >> Protecting Only Resources >> >> There are different opinions about the concept of filtering the content >> of a resource. This concept should also work without triple filtering. I >> was already thinking about merging the uac:accesstoTriple and >> uac:accessToResource properties to a uac:access property. Beside the >> uac:TripleAuthorization and uac:ResourceAuthorization class a >> uac:TripleSet class could be defined, just to collect triples for a >> uac:ResourceAuthorization child. >> >> >> Prefixes >> >> Here are the prefix definitions, if you want to view the examples in >> your favorite turtle editor: >> >> @prefix bio:<http://purl.org/vocab/bio/0.1/>. >> @prefix cert:<http://www.w3.org/ns/auth/cert#>. >> @prefix dct:<http://purl.org/dc/terms/>. >> @prefix foaf:<http://xmlns.com/foaf/0.1/>. >> @prefix like:<http://ontologi.es/like#>. >> @prefix pingback:<http://purl.org/net/pingback/>. >> @prefix s:<http://schema.org/>. >> @prefix time:<http://www.w3.org/2006/time#>. >> @prefix rdf:<http://www.w3.org/1999/02/22-rdf-syntax-ns#>. >> @prefix uac:<http://ns.bergnet.org/uac/0.1/universal-access-control#>. >> >> >> [1] http://www.w3.org/community/rww/wiki/Scope#ACL >> [2] http://ns.bergnet.org/tac/0.1/triple-access-control >> [3] http://www.w3.org/community/rww/wiki/Scope#Request_for_Access >> >> >> > >
Received on Friday, 31 August 2012 19:15:09 UTC