- From: Dave Beckett <dave.beckett@bristol.ac.uk>
- Date: Tue, 24 Jun 2003 15:42:40 +0100
- To: Jeff Heflin <heflin@cse.lehigh.edu>
- Cc: public-webont-comments@w3.org
On Fri, 20 Jun 2003 10:05:35 -0400 Jeff Heflin <heflin@cse.lehigh.edu> wrote: > Dear Dave, > > Thank you for you comment. As the original issue owner for imports, I > have been asked to respond to you. > > You say: > > > Firstly it seems that owl:imports potentially will import the entire > > semantic web of OWL Ontologies. Have you considered the security and > > denial-of-service implications of this mechanism? > > It may be true that the imports closure of some documents will be very > large. However, it is not likely to be much larger than the set of > documents found by following all the URIs in each document, and in many > cases will > be smaller than that. Still the result may be so large that applications > have to give up after a certain point and like search engines, which > don't truly cover the whole Web, admit that they only provide partial > results. To make it clear that not every OWL tool need to load every > ontology, we will add the following text to "OWL Web Ontology Language > 1.0 Reference": > > "Note that whether or not an OWL tool must load an imported ontology > depends on the purpose of the tool. If the tool is a complete reasoner > (including complete consistency checkers) then it must load all of the > imported ontologies. Other tools, such as simple editors and incomplete > reasoners, may choose to load only some or even none of the imported > ontologies." > > I assume by denial-of-service implications you are imagining a scenario > where someone creates an ontology or set of ontologies that imports a > target some large number of times, causing any application that loads > the ontology to "attack" the target. Note that an application gains no > benefit from reloading an ontology, so it is expected that efficient > applications will cache their ontologies and only load the target a > single time, severely hampering any attempt at denial-of-service via the > imports mechanism. It also affects the client. network delays and failures. What happens when an ontology can't be downloaded? When I read about owl:imports I was reminded of how the IETF makes all RFCs have to address security implications, and since OWL includes this network-based processing model, I saw an analogy. > You also comment: > > > Secondly, is not clear at what stage that this (Imports Closure > > http://www.w3.org/TR/2003/WD-owl-semantics-20030331/rdfs.html#5.3 ) > > should be done. In an example where you have some RDF/XML that will > > map to RDF triples describing an OWL ontology, what are the steps > > that you expect to happen? > > There was a minor omission in 5.3 that explains how imports relates to > entailment. The last definition should say that K and Q are > imports-closed. I propose to change it to: > > "Definitions: Let K and Q be imports-closed collections of RDF graphs. > Then K OWL Full entails Q whenever every OWL Full interpretation (of any > vocabulary V that includes the RDF and RDFS vocabularies and the OWL > vocabulary that satisfies all the RDF graphs in K also satisfies all the > RDF graphs in Q. K is OWL Full consistent if there is some OWL Full > interpretation that satisfies all the RDF graphs in K." > > There would also be a similar change in section 5.4 for OWL DL. > > Note that these changes mean that in order to compute entailment, you > must first compute the import closure (as defined earlier in Section > 5.3). As I mentioned before not every tool needs to process imports. For > those that do, a straight-forward approach is to recursively load the > documents imported by each document you load and then execute any > reasoning. However, it is not the purpose of the Semantics > document to mandate a particular processing strategy. It might be nice to state that in a declarative form rather than infered form after interpreting the satisfaction definitions. > Finally, thank you for pointing out that the issues list did not include > a link to the formal objection. It has now been updated. > > Thank you again for you comments. Please respond to this mailing list to > let me know if I have adequately addressed your concerns. Thank you - this is satisfactory. Dave
Received on Tuesday, 24 June 2003 10:45:24 UTC