Re: [WAC] regexps in WebAccessControl from Stasinos Konstantopoulos on 2012-11-23 (public-rww@w3.org from November 2012)

From: Stasinos Konstantopoulos <konstant@iit.demokritos.gr>
Date: Fri, 23 Nov 2012 15:24:29 +0200
To: Phil Archer <phila@w3.org>
Cc: Henry Story <henry.story@bblfish.net>, Nathan <nathan@webr3.org>, Read-Write-Web <public-rww@w3.org>, Ruben Verborgh <ruben.verborgh@ugent.be>, Alexandre Bertails <bertails@w3.org>
Message-ID: <20121123132429.GB17159@iit.demokritos.gr>

Phil, all,

thank you for bringing me into the loop.

Please see some comments inline.

On 22 November 2012 18:07, Phil Archer <phila@w3.org> wrote:
> Henry, everyone, some additional comments inline below.
>
> On 21/11/2012 11:09, Henry Story wrote:
>>
>> Hi Phil,
>>
>>     Thanks for the very helpful overview on POWDER. From the comments
>> earlier on this thread
>> I heard people worry about full regex being
>>
>>    1. too complicated to parse/write
>>    2. memory intensive ( a server would need to keep a cache of regexps )
>>    3. dangerous if one fetches them off the web, as currently it would be
>> possible to with WebACLs
>>
>> So for all of the above your answer is that you have an XML syntax that is
>> easy to write.

You could also define superficial and efficient to check restrictions on
the admitted regular expressions in order to ensure that no DoS attack
can be staged by feeding the server hard to parse expressions.

This could also mean using a different (simpler or more intuitive or
otherwise preferrable) string pattern language altogether, such as the
globbers mentioned elsewhere in the email, as long as such language can
be machine-translated into regular expressions.

>> So as we want to be able to work with the results of the LDP group [8], we
>> need to have
>> a syntax to express your xml in Turtle. Something like this:
>>
>> :joesNS a p:IriSet;
>>     p:includeHost "example.org";
>>     p:includePathStartsWith "/foo" .
>>
>> I was wondering if this simple semantics is something the POWDER WG could
>> feasibly publish.
>
> That tells you that there is a class with those properties, yes, but you'd
> still need to make the transformation into OWL for the POWDER semantics. You
> can't treat that as being semantically equivalent to the OWL class you
> correctly gave above - it isn't.
>
> The XML dialect *is* semantically equivalent because of the GRDDL
> transformation that is linked from the namespace document (that generates
> the OWL).
>
> Now, of course, you can say that you do this and actually not bother, just
> take those strings and use them without all the transformation stuff, that's
> an internal matter, but it would be custom software that would not be
> conformant with the Semantic Web at large.

As Phil mentioned, POWDER WG is now closed, but no change in POWDER
itself is needed in order to re-use the POWDER foundations to build
something else. Since, from what I gathered, this group in not looking
into defining an XML schema but an RDF vacabulary, the POWDER and
POWDER-BASE XML schemas are not good for anything more than inspiration
anyway.

My suggestion is that the group define a vocabulary along the lines of
the example above except in the wac: namespace so that this:

:joesNS wac:includeHost "example.org";
        wac:includePathStartsWith "/foo" .

would make "http://example.org/foo/42.html" a member of :joesNS. You can
then use wac:accessToClass, wac:mode, etc. to confer access rights upon
the members of :joesNS.

In such a situation, you would need to define wac:includeHost and any
other wac:include* properties you require as semantic extensions that
refer to wdrs:matchesregex in order to achieve placing resources into a
class by virtue of their URI's matching a regular expression.

Which brings into focus Nathan's comment that:

>>>>>> I'm unsure how we'd actually create a Class of things based on the
>>>>>> lexical form of a URI though, or even, whether it's a good idea to do
>>>>>> so
>>>>>> - we are basically saying that if a URI has a lexical form which
>>>>>> matches
>>>>>> the regular expression x, then that URI denotes something which is of
>>>>>> the class y. This feels wrong.

This has, indeed, been extensively discussed, objected to, and defended
during the WG and the transition to Rec. This is a discussion I
personally find interesting and can easily be drawn into, but at this
stage let us keep at the bottomline being that if RWW needs a way to say
"everything under example.com/foo", then wdrs:matchesregex is the W3C
sanctioned and formalized way to do so.

You might also find [1] interesting, if you will excuse the
self-advocacy. It discusses POWDER, its future extensions mechanism, and
and iPOWDER implementations and deployments.

Best,
Stasinos

[1] Stasinos Konstantopoulos, Phil Archer, Pythagoras Karampiperis, and
Vangelis Karkaletsis, The POWDER protocol as infrastructure to serving
and compressing semantic data. International Journal of Metadata,
Semantics and Ontologies 7(1):1-15. 2012. Pre-print available at
http://www.iit.demokritos.gr/~konstant/dload/Pubs/ijmso.pdf

Received on Friday, 23 November 2012 13:20:37 UTC