[RDF] Re: Authorization

[Graham Klyne]

Craig,

This little exchange highlights something that I think may be one of the 
next important steps (beyond initial implementation) for research using 
your RDF-driven expert system.

#g
--


Jonas,

I've lost the context for this so my responses may be incomplete...

I think the whole area of trust modelling is a key application for RDF, and 
one that I plan to explore over the coming months.  Skip to [**] below for 
some (few) thoughts on this.

At 12:12 AM 12/29/00 +0100, Jonas Liljegren wrote:
>Graham Klyne <GK@Dial.pipex.com> writes:
>
> > Suppose I wish to use RDF to model a security access scheme.  Suppose
> > access controls are defined in terms of (a) a resource that may be
> > accessed, (b) an actor who may gain some access to the resource, and
> > (c) an operation type that describes the kind of access granted.  (In
> > case this seems unduly artificial, this is exactly the access control
> > framework proposed for the IMXP instant messaging proposal [1].)
> >
> > How is such a system to be modelled in RDF?  I present the following
> > as a reasonably obvious and direct way:
> >
> >    [ACE] --rdf:type---> [AccessControlElement]
> >    [   ] --actor------> [AccessorIdent]
> >    [   ] --resource---> [AccessedResource]
> >    [   ] --operation--> [AccessGranted]
>
>Have you done more on this?

Not the RDF stuff:  that bit was entirely speculative.

>What are the possible types of operations?  Is the actor and resource
>specified as types, collections or something else?

As far as the IMXP (to be renamed APEX) work is concerned, they're just 
strings.  Actors and resources are identified by email address like 
strings:  <localpart@domain>

>Who has the right to state these rules about this?

The access rules are under control of the administrative domain to which 
they refer.  The whole security model here involves an idea of "each domain 
keeping its own house in order".


The remaining points I shall comment on without reference to IMXP/APEX...

>I and Stefan have thought and talked alot about systems there you only
>add information, and that lets anybody say anything. (I think that is
>a oart of the semantic web.)

That fits my mental model, too.

>This means that you can say that a previous stating is false.  In your
>context, the statement is false.  But others may not trust you and may
>regard the statement as true.

Yup.  This is one of the ideas that started me thinking about contexts.

>This leads to the question on what type of statements can be trusted
>from diffrent staters.  Take for example a list of persons with phone
>numbers.  There may be a number of people you trust on giving accurate
>information.  Those persons would in a closed system been given
>administration access to the database.

[**]

I think that this is all information that has to be coded in some way.  An 
RDF-based trust assessment framework should also describe its own trust 
model, I think.  I don't think there are any universal answers (though 
there probably will be some useful trust models that will be commonly used).

>But you will also want to trust information that people gives about
>themself, as long as you know that they are who they say they are.
>How do you model that?

I haven't got there yet, but I am hoping that within 2-3 months we'll have 
some software that will allow us to model and experiment with these ideas.

>And what happens if two trusted statings disagree?

Same problem.  Same answer ([**] above)

>What other types of authorization criterions could there bee?

Without limit.  Again, see [**] above.

#g

------------
Graham Klyne
(GK@ACM.ORG)