Re: Using existing triples for resource access control from Nathan on 2012-11-29 (public-webid@w3.org from November 2012)

From: Nathan <nathan@webr3.org>
Date: Thu, 29 Nov 2012 16:52:05 +0000
To: bergi <bergi@axolotlfarm.org>
CC: Read-Write-Web <public-rww@w3.org>, WebID <public-webid@w3.org>
Message-ID: <50B792B5.40507@webr3.org>

bergi wrote:
> In the last teleconf, we didn't come to a conclusion if it's possible to
> use existing triples for resource access control using the WAC ontology.
> Here is an UAC example, which is use for my ResourceMe tests. In this
> example the _:RoleReadGallery role grants read access to the resources
> defined by following the s:significantLink and s:contentURL properties.
> Start point is a uac:Authorization, which assigns roles and subjects to
> an agent/group.
> 
> Could WAC also do this? How would the access control rule look like?
> 
> 
> @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>.
> @prefix s: <http://schema.org/>.
> @prefix uac: <http://ns.bergnet.org/uac/0.1/universal-access-control#>.
> 
> #
> # my gallery triples:
> #
> <https://www.bergnet.org/people/bergi/gallery/test/gallery#gallery>
>  a s:ImageGallery;
>  s:significantLink [
>   a s:ImageObject;
>   s:contentURL <https://www.bergnet.org/people/bergi/file/IMG_9391.jpg>;
>  ], [
>   a s:ImageObject;
>   s:contentURL <https://www.bergnet.org/people/bergi/file/IMG_9401.jpg>;
>  ].
> 
> #
> # read access to gallery pictures
> #
> _:RoleReadGallery a uac:Role;
>  uac:access [
>   uac:filter [ a uac:SimpleFilter;
>    uac:predicate s:significantLink;
>   ];
>   uac:children [
>    uac:access [
>     uac:filter [ a uac:SimpleFilter;
>      uac:predicate s:contentURL;					
>     ];
>     uac:children [
>      uac:access [ a uac:ResourceAuthorization;
>       uac:mode uac:Read;
>      ];
>     ];
>    ];
>   ];
>  ].
> 
> #
> # assign role + gallery to a foaf group
> #
> _:AuthzFriendsReadGallery a uac:Authorization;
>  uac:agent <https://www.bergnet.org/people/bergi/card#friends>;
>  uac:subject
>   <https://www.bergnet.org/people/bergi/gallery/test/gallery#gallery>;
>  uac:hasRole _:RoleReadGallery.

Yes, by using OWL machinery to create an equivalent class which is 
filtered ont he same properties, then use the result in an agentClass.

Received on Thursday, 29 November 2012 16:52:41 UTC