[foaf-protocols] access control vocabulary
melvincarvalho at gmail.com
Wed May 6 19:50:45 CEST 2009
The ontology indicated below allows read/write/control access to a
give resource. I think this is a great basis to start using access
control, based on a Web ID.
But let's say I want to give read access of my personal mailbox
(foaf:mbox) to my friends only, would this be possible?
On Wed, Nov 26, 2008 at 4:10 PM, Story Henry <henry.story at bblfish.net> wrote:
> I thought it would be useful to have some very simple access control
> vocabulary. This could be useful to let people know ahead of time if
> they should bother accessing a resource, or if there is a bug in the
> software that does not let them access it. This would be completely
> optional of course.
> So for example let us take Juliette's public foaf to contain something
> like this
> :juliette a foaf:Person;
> rdfs:seeAlso <https://www.pipian.com/rdf/tami/juliette-protected-location.n3
> > .
> Currently anyone that has foaf+ssl enabled browser can access that
> resource. But what if at a later time Juliette decides only to allow
> here friends or Friends of Friends to access it. It would be good if
> she could express that, so that clients could know that they have to
> befriend one of Juliette's friends, as opposed to changing servers,
> checking the connection, checking their X509 key, etc...
> So we could go off an build a hugely flexible system to make it
> possible to describe groups in any number of ways. But I don't think
> we should start off that way. In the end who is able to access the
> resource will be expressible as a Group or Class. So we need to define
> an relation from a resource to a foaf:Group or owl:Class . Something
> like this
> acl:restrictedTo ?grp .
> Now there is one group we might as well define immediately: The group
> of all agents that can use foaf+ssl to connect to a resource
> acl:FoafSSLGroup a owl:Class; //or a subclass of foaf:Group?
> rdfs:comment "the group of all agents that can access a resource
> using foaf+ssl" .
> There are two other groups I think one will want to define:
> - the group of all friends of a person
> - the group of all friends of a friend of a person
> - the group of all family members (nth degree)
> How best to do those?
> Anyway, something like this would help us create user interfaces where
> people could work out what they need to do to access a resource. And
> it will help us debug each other's applications.
> Home page: http://bblfish.net/
> foaf-protocols mailing list
> foaf-protocols at lists.foaf-project.org
More information about the foaf-protocols