Re: generic acl idea from Martynas Jusevicius on 2013-11-02 (public-rww@w3.org from November 2013)

From: Martynas Jusevicius <martynas@graphity.org>
Date: Sat, 2 Nov 2013 01:44:14 +0100
To: Henry Story <henry.story@bblfish.net>
Cc: Read-Write-Web <public-rww@w3.org>
Message-ID: <CAE35Vmwv_mHo1kBYp4URJ2oKeLdXRbz0jVp6bWsA8uJRdgiz6A@mail.gmail.com>

I think it would be better covered with SPARQL queries that go along.
I have an example which checks if the requested resource has public
access (agent class is foaf:Agent):

PREFIX acl: <http://www.w3.org/ns/auth/acl#>
PREFIX foaf: <http://xmlns.com/foaf/0.1/>

ASK
{
  ?auth acl:mode ?mode ;
        acl:agentClass foaf:Agent .
  {
    ?auth acl:accessTo ?this .
  }
  UNION
  {
    ?auth acl:accessToClass ?class .
    SERVICE ?service
    {
        {
            ?this a ?class
        }
        UNION
        {
            GRAPH ?g { ?this a ?class }
        }
    }
  }
}

With the following authorization

[] a acl:Authorization ;
    acl:accessToClass foaf:Document ;
    acl:mode acl:Read, acl:Append, acl:Write ;
    acl:agentClass foaf:Agent .

all foaf:Document instances have public access for all modes. This can
be evaluated with the SPARQL query by setting the following variables:
?this the request URI
?mode access mode

The query is executed on a meta-endpoint containing authorizations and
user accounts, while ?service refers to the main application endpoint.

Martynas
graphityhq.com

On Fri, Nov 1, 2013 at 9:14 PM, Henry Story <henry.story@bblfish.net> wrote:
> It would be nice if we could have acls that could be re-used by many people.
> EG:
> 1. an acl that says that all documents whose acl point to it are public.
> 2. an acl that says that all documents whose acls point to it are visible only to its creator
> - ...
>
> Perhaps this could be done like the following
>
> a. create a class of all documents whose acls point to a document.
>   class this
>
> @prefix : <http://www.w3.org/ns/auth/acl#> .
> @prefix foaf: <http://xmlns.com/foaf/0.1/> .
>
> :WorldReadable :accessToClass :DocumentsWhoseACLPointsToHere;
>     :agentClass foaf:Agent;
>     :mode :Read .
>
> This is not quite right, but it could be nice to have a few of the main use cases
> covered like this. What do you think?
>
> Henry
>
> Social Web Architect
> http://bblfish.net/
>
>

Received on Saturday, 2 November 2013 00:44:41 UTC