Re: Contd: Using WebID ACLs to control access to my Google Drive, SkyDrive, DropBox, and Amazon S3 from Kingsley Idehen on 2012-07-02 (public-rww@w3.org from July 2012)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 02 Jul 2012 13:46:48 -0400
To: public-rww@w3.org
Message-ID: <4FF1DE88.6060401@openlinksw.com>

On 7/2/12 11:50 AM, Jürgen Jakobitsch wrote:
> hi henry,
>
> i remember we talked about that a year or so ago..
>
> the problem is that you give control out of hands, which i can imagine is unwanted in most cases.
> if i grant access to a resource to a group, access to that resource can be changed by whoever has
> control over the group.

There are many ways to have fun here. Here are some examples:

1. start with an ACL group with few members, but give those seed members 
read-write privileges of the actual resource holding the ACL rules
2. make an ACL based on conditions (identity elements culled from x.509 
cert) mapped to CRUD privileges
3. use SPARQL ASK to set conditions such as what Henry suggested -- 
conditionally apply CRUD privileges to an entity known by at least one 
member of the group, and this relation is verified go as far as not only 
giving them access to a resource, repeat for the ACL resource too..

Once the basics are in place i.e., folks engaging in these ACL 
exercises, the deeper magic of all of this will become clear.

Semantic Web and Linked Data realm experience has taught me to be VERY 
patient. Start mega SIMPLE :-)

Kingsley
>
> wkr turnguard
>
> ----- Original Message -----
> From: "Henry Story" <henry.story@bblfish.net>
> To: "Kingsley Idehen" <kidehen@openlinksw.com>
> Cc: public-rww@w3.org
> Sent: Monday, July 2, 2012 5:37:36 PM
> Subject: Re: Contd: Using WebID ACLs to control access to my Google Drive,   SkyDrive, DropBox, and Amazon S3
>
>
> On 2 Jul 2012, at 16:58, Kingsley Idehen wrote:
>
>> All,
>>
>> I've now added Amazon Simple Storage System (S3) to the running demo [1] re., WebID ACLs applied to mounted folders via SaaS storage services.
>>
>> URL of the mounted resource collection (folder): <https://kingsley.idehen.net/DAV/home/kidehen/Public/AmazonS3/> .
>>
>> Let me know if it works for you, ditto if you would like your WebID added to my ACL.
> Works. But I think more fun is if your Access control policy allowed friends of your friends,
> and perhaps members and friends of the WebID and rww community groups (as specified by foaf files
> to be written).
>
> That is when this starts becoming a lot more easy to understand.
>
> Henry
>
>
>> Links:
>>
>> 1. http://bit.ly/NNOkNB -- original post which now has S3 added
>> 2. https://kingsley.idehen.net/DAV/home/kidehen/Public/BoxNet/ -- Box.Net addition.
>>
>> -- 
>>
>> Regards,
>>
>> Kingsley Idehen 
>> Founder & CEO
>> OpenLink Software
>> Company Web: http://www.openlinksw.com
>> Personal Weblog: http://www.openlinksw.com/blog/~kidehen
>> Twitter/Identi.ca handle: @kidehen
>> Google+ Profile: https://plus.google.com/112399767740508618350/about
>> LinkedIn Profile: http://www.linkedin.com/in/kidehen
>>
>>
>>
>>
>>
> Social Web Architect
> http://bblfish.net/
>
>
>


-- 

Regards,

Kingsley Idehen 
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen

Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on Monday, 2 July 2012 17:47:10 UTC