The ACL ontology contains the Control class, which is not very 
well explained either in the ontology or in the wiki. All I 
could get on it is this:

$ curl | less  
Control a rdfs:Class;
    rdfs:subClassOf Access;
    rdfs:label  "control"@en;
    rdfs:comment "Allows read/write access to the ACL for the resource(s)".

So if I had the following ACL in <meta/card.meta>

 [] :accessTo <card> ; 
    :mode :Control, :Read, :Write ; 
    :agent <card#me> .

Then that would mean that <card#me> had read/write access to <card> 
and to <meta/card.meta> .

So then we have two cases:
1- when a request is made on <card> the server knows to look in 
  <meta/card.meta> for the acl rules, and looks for :Read, :Write.
2- when a request in made on <meta/card.meta> the server knows 
  this is a meta data file, ( and so knows not to look at 
  meta/card.meta/card.meta.meta ). That is one such a file is one
  that is in relation:  
    <> accessControl <> .
  In such a case the only relevant rules  are those that have 
 a ?x mode Control relation in them. 

In 2 the  server cannot really do anything with the :accessTo 
relation because the metadata work is done directly on the metadata 
resource. The server has no way of knowing when a request is made on
a metadata resource, what the client was accessing this through. 
( Perhaps with some of the much less used WebDAV methods this is 
possible, but I don't think that this is consciously what is being aimed
for here ) It is important to see that this is unlike the filesystem
where when one changes properties it is always done with the name
of the object resources. Eg:

$ chmod g+rw file.txt 
$ ls -l -@ NeoOffice-3.1.1-Patch-1-Intel.dmg 
-rw-r--r--@ 1 admin  staff  8899825 Jul 20  2010 NeoOffice-3.1.1-Patch-1-Intel.dmg	     20	     80	    232	     74 

( -@ in the second command is an apple OSX extension to 'ls' 
that allows one to see attributes on a file set with xattr )

But in the case of basic HTTP here we are acting directly on the 
(metadata) file itself. So we should rather have an access control 
rule such as:

[] :accessTo <> ; 
   :mode :Read, :Write ; 
   :agent <card#me> .

But in that case my feeling is that the :Control mode is not really 
useful. ( Or only using some very rarely used WebDAV methods, that would
require a lot more work to develop ).

It does seem to add a lot of relations. 

But perhaps not. Both can be fused with

 [] :accessTo <card>, <> ; 
    :mode :Read, :Write ; 
    :agent <card#me> .

And here we have the same number of relations.


Social Web Architect

Received on Tuesday, 11 December 2012 12:03:31 UTC