[RDF] Authorization

[Jonas Liljegren]

Graham Klyne <GK@Dial.pipex.com> writes:

> Suppose I wish to use RDF to model a security access scheme.  Suppose
> access controls are defined in terms of (a) a resource that may be
> accessed, (b) an actor who may gain some access to the resource, and
> (c) an operation type that describes the kind of access granted.  (In
> case this seems unduly artificial, this is exactly the access control
> framework proposed for the IMXP instant messaging proposal [1].)
> 
> How is such a system to be modelled in RDF?  I present the following
> as a reasonably obvious and direct way:
> 
>    [ACE] --rdf:type---> [AccessControlElement]
>    [   ] --actor------> [AccessorIdent]
>    [   ] --resource---> [AccessedResource]
>    [   ] --operation--> [AccessGranted]

Have you done more on this?

What are the possible types of operations?  Is the actor and resource
specified as types, collections or something else?

Who has the right to state these rules about this?


I and Stefan have thought and talked alot about systems there you only
add information, and that lets anybody say anything. (I think that is
a oart of the semantic web.)

This means that you can say that a previous stating is false.  In your
context, the statement is false.  But others may not trust you and may
regard the statement as true.

This leads to the question on what type of statements can be trusted
from diffrent staters.  Take for example a list of persons with phone
numbers.  There may be a number of people you trust on giving accurate
information.  Those persons would in a closed system been given
administration access to the database.

But you will also want to trust information that people gives about
themself, as long as you know that they are who they say they are.
How do you model that?

And what happens if two trusted statings disagree?



What other types of authorization criterions could there bee?


-- 
/ Jonas Liljegren

The Wraf project http://www.uxn.nu/wraf/
Sponsored by http://www.rit.se/