[foaf-protocols] access control vocabulary

Melvin Carvalho melvincarvalho at gmail.com
Wed May 6 19:50:45 CEST 2009


The ontology indicated below allows read/write/control access to a
give resource.  I think this is a great basis to start using access
control, based on a Web ID.

http://esw.w3.org/topic/WebAccessControl

But let's say I want to give read access of my personal mailbox
(foaf:mbox) to my friends only, would this be possible?


On Wed, Nov 26, 2008 at 4:10 PM, Story Henry <henry.story at bblfish.net> wrote:
> Hi,
>
>        I thought it would be useful to have some very simple access control
> vocabulary. This could be useful to let people know ahead of time if
> they should bother accessing a resource, or if there is a bug in the
> software that does not let them access it. This would be completely
> optional of course.
>
> So for example let us take Juliette's public foaf to contain something
> like this
>
> :juliette a foaf:Person;
>    rdfs:seeAlso <https://www.pipian.com/rdf/tami/juliette-protected-location.n3
>  > .
>
> Currently anyone that has foaf+ssl enabled browser can access that
> resource. But what if at a later time Juliette decides only to allow
> here friends or Friends of Friends to access it. It would be good if
> she could express that, so that clients could know that they have to
> befriend one of Juliette's friends, as opposed to changing servers,
> checking the connection, checking their X509 key, etc...
>
> So we could go off an build a hugely flexible system to make it
> possible to describe groups in any number of ways. But I don't think
> we should start off that way. In the end who is able to access the
> resource will be expressible as a Group or Class. So we need to define
> an relation from a resource to a foaf:Group or owl:Class . Something
> like this
>
> <https://www.pipian.com/rdf/tami/juliette-protected-location.n3>
> acl:restrictedTo ?grp .
>
> Now there is one group we might as well define immediately: The group
> of all agents that can use foaf+ssl to connect to a resource
>
> acl:FoafSSLGroup a owl:Class; //or a subclass of foaf:Group?
>     rdfs:comment "the group of all agents that can access a resource
> using foaf+ssl" .
>
> There are two other groups I think one will want to define:
>    - the group of all friends of a person
>    - the group of all friends of a friend of a person
>    - the group of all family members (nth degree)
>
> How best to do those?
>
> Anyway, something like this would help us create user interfaces where
> people could work out what they need to do to access a resource. And
> it will help us debug each other's applications.
>
>        Henry
>
> Home page: http://bblfish.net/
>
> _______________________________________________
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
> http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
>


More information about the foaf-protocols mailing list