- From: Henry Story <henry.story@bblfish.net>
- Date: Tue, 11 Dec 2012 13:16:08 +0100
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- Cc: Read-Write-Web <public-rww@w3.org>
- Message-Id: <15298359-F735-41D0-A45F-4663FEA5D9C1@bblfish.net>
On 11 Dec 2012, at 13:13, Melvin Carvalho <melvincarvalho@gmail.com> wrote: > > > On 11 December 2012 13:02, Henry Story <henry.story@bblfish.net> wrote: > The ACL ontology contains the Control class, which is not very > well explained either in the ontology or in the wiki. All I > could get on it is this: > > $ curl http://www.w3.org/ns/auth/acl.n3 | less > > Control a rdfs:Class; > rdfs:subClassOf Access; > rdfs:label "control"@en; > rdfs:comment "Allows read/write access to the ACL for the resource(s)". > > So if I had the following ACL in <meta/card.meta> > > [] :accessTo <card> ; > :mode :Control, :Read, :Write ; > :agent <card#me> . > > Then that would mean that <card#me> had read/write access to <card> > and to <meta/card.meta> . > > Quick question: where does meta/card.meta come from? > > I think we just use .meta in data.fm using the following link relation: > > Link: </.meta>; rel=meta Here: http://www.w3.org/wiki/WebAccessControl#Modifying_Access_Control_information It does not really matter how you name the resource that contains the metadata. It could also be on another server. > > > > So then we have two cases: > 1- when a request is made on <card> the server knows to look in > <meta/card.meta> for the acl rules, and looks for :Read, :Write. > 2- when a request in made on <meta/card.meta> the server knows > this is a meta data file, ( and so knows not to look at > meta/card.meta/card.meta.meta ). That is one such a file is one > that is in relation: > <> accessControl <> . > In such a case the only relevant rules are those that have > a ?x mode Control relation in them. > > > In 2 the server cannot really do anything with the :accessTo > relation because the metadata work is done directly on the metadata > resource. The server has no way of knowing when a request is made on > a metadata resource, what the client was accessing this through. > ( Perhaps with some of the much less used WebDAV methods this is > possible, but I don't think that this is consciously what is being aimed > for here ) It is important to see that this is unlike the filesystem > where when one changes properties it is always done with the name > of the object resources. Eg: > > $ chmod g+rw file.txt > $ ls -l -@ NeoOffice-3.1.1-Patch-1-Intel.dmg > -rw-r--r--@ 1 admin staff 8899825 Jul 20 2010 NeoOffice-3.1.1-Patch-1-Intel.dmg > com.apple.diskimages.fsck 20 > com.apple.diskimages.recentcksum 80 > com.apple.metadata:kMDItemWhereFroms 232 > com.apple.quarantine 74 > > ( -@ in the second command is an apple OSX extension to 'ls' > that allows one to see attributes on a file set with xattr ) > > But in the case of basic HTTP here we are acting directly on the > (metadata) file itself. So we should rather have an access control > rule such as: > > [] :accessTo <> ; > :mode :Read, :Write ; > :agent <card#me> . > > But in that case my feeling is that the :Control mode is not really > useful. ( Or only using some very rarely used WebDAV methods, that would > require a lot more work to develop ). > > It does seem to add a lot of relations. > > But perhaps not. Both can be fused with > > [] :accessTo <card>, <> ; > :mode :Read, :Write ; > :agent <card#me> . > > And here we have the same number of relations. > > Henry > > Social Web Architect > http://bblfish.net/ > > Social Web Architect http://bblfish.net/
Attachments
- application/pkcs7-signature attachment: smime.p7s
Received on Tuesday, 11 December 2012 12:41:57 UTC