rww:Control from Henry Story on 2012-12-11 (public-rww@w3.org from December 2012)

From: Henry Story <henry.story@bblfish.net>
Date: Tue, 11 Dec 2012 13:02:48 +0100
To: Read-Write-Web <public-rww@w3.org>
Message-Id: <2992802E-AABB-48DE-B95D-0471C0980EB9@bblfish.net>

The ACL ontology contains the Control class, which is not very 
well explained either in the ontology or in the wiki. All I 
could get on it is this:

$ curl http://www.w3.org/ns/auth/acl.n3 | less  
      
Control a rdfs:Class;
    rdfs:subClassOf Access;
    rdfs:label  "control"@en;
    rdfs:comment "Allows read/write access to the ACL for the resource(s)".

So if I had the following ACL in <meta/card.meta>

 [] :accessTo <card> ; 
    :mode :Control, :Read, :Write ; 
    :agent <card#me> .

Then that would mean that <card#me> had read/write access to <card> 
and to <meta/card.meta> .

So then we have two cases:
1- when a request is made on <card> the server knows to look in 
  <meta/card.meta> for the acl rules, and looks for :Read, :Write.
2- when a request in made on <meta/card.meta> the server knows 
  this is a meta data file, ( and so knows not to look at 
  meta/card.meta/card.meta.meta ). That is one such a file is one
  that is in relation:  
    <> accessControl <> .
  In such a case the only relevant rules  are those that have 
 a ?x mode Control relation in them. 


In 2 the  server cannot really do anything with the :accessTo 
relation because the metadata work is done directly on the metadata 
resource. The server has no way of knowing when a request is made on
a metadata resource, what the client was accessing this through. 
( Perhaps with some of the much less used WebDAV methods this is 
possible, but I don't think that this is consciously what is being aimed
for here ) It is important to see that this is unlike the filesystem
where when one changes properties it is always done with the name
of the object resources. Eg:

$ chmod g+rw file.txt 
$ ls -l -@ NeoOffice-3.1.1-Patch-1-Intel.dmg 
-rw-r--r--@ 1 admin  staff  8899825 Jul 20  2010 NeoOffice-3.1.1-Patch-1-Intel.dmg
	com.apple.diskimages.fsck	     20 
	com.apple.diskimages.recentcksum	     80 
	com.apple.metadata:kMDItemWhereFroms	    232 
	com.apple.quarantine	     74 

( -@ in the second command is an apple OSX extension to 'ls' 
that allows one to see attributes on a file set with xattr )

But in the case of basic HTTP here we are acting directly on the 
(metadata) file itself. So we should rather have an access control 
rule such as:

[] :accessTo <> ; 
   :mode :Read, :Write ; 
   :agent <card#me> .

But in that case my feeling is that the :Control mode is not really 
useful. ( Or only using some very rarely used WebDAV methods, that would
require a lot more work to develop ).

It does seem to add a lot of relations. 

But perhaps not. Both can be fused with

 [] :accessTo <card>, <> ; 
    :mode :Read, :Write ; 
    :agent <card#me> .

And here we have the same number of relations.

  Henry

Social Web Architect
http://bblfish.net/

Attachments

application/pkcs7-signature attachment: smime.p7s

Received on Tuesday, 11 December 2012 12:03:31 UTC