Re: RDF semantics, access control description and timeranges from Graham Klyne on 2002-12-16 (www-rdf-calendar@w3.org from December 2002)

From: Graham Klyne <GK@ninebynine.org>
Date: Mon, 16 Dec 2002 13:08:41 +0000
To: tim finin <finin@cs.umbc.edu>
Cc: www-rdf-calendar <www-rdf-calendar@w3.org>
Message-Id: <5.1.0.14.2.20021216130018.03b554e0@127.0.0.1>
At 11:11 AM 12/15/02 -0500, tim finin wrote:

> > So I might write something like:
> >   ex:Host ex:access                         (1)
> >      [ a ex:AccessPermission ;
> >        ex:allowProtocol ex:HTTP ;
> >        ex:allowProtocol ex:FTP ;
> >        ex:allowProtocol ex:SSH ] .
> > which may be intended to mean that the host ex:Host is permitted to
> > use protocol HTTP _or_ FTP _or_ SSH.
> > ...
> >  So now we may have this graph asserted to be true:
> >   ex:Host ex:access                         (4)
> >      [ a ex:AccessPermission ;
> >        ex:allowProtocol ex:HTTP ] .
> >   ex:HTTP  a ex:AccessProtocol ;
> >        ex:ipProtocol ex:TCP ;
> >        ex:portNumber "80" .
> > Then, by the subgraph lemma, this is true:
> >   ex:Host ex:access                         (5)
> >      [ a ex:AccessPermission ;
> >        ex:allowProtocol ex:HTTP ] .
> >   ex:HTTP  a ex:AccessProtocol ;
> >        ex:ipProtocol ex:TCP .
> > But what does this mean?  It would be tempting to say that by omitting
> > the port number that no port-number constraint is given.  But clearly,
> > it is not true that by permitting use of HTTP that we mean to permit use
> > of all TCP protocols on all port numbers.  So this new subgraph must be
> > interpreted as granting permission to nothing more than HTTP, and
> > probably less.  Absent specification of a port number (which all TCP
> > protocols must use) I think it should mean that no permissions are granted.
>
>IMHO, (5) means that access is permitted by TCP but we can't say by
>which ports. ...

That's what I had been thinking, but the RDF model theory doesn't support 
that view.

>  ... I'm not sure, given the current RDF model theory if it
>implies that there exists *some* port through which TCP access is allowed.

To say that there exists *some* TCP port, something like this would be needed:

   ex:SomeTCPProtocol  a ex:AccessProtocol ;
            ex:ipProtocol ex:TCP ;
            ex:ipPortNumber [] .

(Which, if I'm not mistaken, would by virtue of the interpolation lemma be 
entailed by:

   ex:SomeTCPProtocol  a ex:AccessProtocol ;
            ex:ipProtocol ex:TCP ;
            ex:ipPortNumber "80" .


> > (So, in this scheme, by expressing an access permission in RDF, under
> > open world assumptions, says nothing about what access is not
> > permitted;  by saying that HTTP is permitted, we don't say whether or
> > not FTP is permitted.  At some stage, to be useful, an access permission
> > description may need to be closed off, so that all access not explicitly
> > permitted is denied.  This may involve mechanisms that go beyond basic
> > RDF core semantics.)
>
>I'm with you here.  We definitely need some kind of default reasoning.
>The decision has been made, AFAIK, that this will not be in RDF or in
>OWL. If we need it, we will have to do it outside of RDF and OWL.

Yes, I think that's important, because having non-monotonicity all over RDF 
would be a big problem:  you'd never be able to rely upon the fundamental 
RDF inferences because you don't know what new information may be coming.

> > What has confused me in all this is that it appears to muddle
> > conjunctive and disjunctive semantics semantics for RDF statements;
> > e.g. example (1) above meaning that permissions to use HTTP, FTP *or*
> > SSH, but example (3) describing a protocol for which the IP protocol is
> > TCP *and* the port number is 80.  Considered from the point of view of
> > semantic interpretations, it's all conjunctive semantics, but that
> > hasn't prevented me from getting confused about the details at times.
>
>I'd say the *and* reading is right for (1).  The host has an
>accessPermission _G0042.  _G0042 has an allowProtocol http *and*
>_G0042 has an allowProtocol ftp *and* _G0042 has an allowProtocol ssh.
>
>I think the confusion is on the natural language side (which is
>probably closely related to our common sense reasoning).  Most people
>would take the following two sentences to have the same meaning:
>
>   My computer accepts http, ftp and ssh connections
>   My computer accepts http, ftp or ssh connections

Yes, I think you're right about that.  It's so easy to get confused.  Doing 
the natural language to formal language translation isn't always easy, I've 
noticed.

#g


-------------------
Graham Klyne
<GK@NineByNine.org>
Received on Monday, 16 December 2002 08:11:04 UTC