discontinued / server · Files

acl.n3 4.6 KB
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 
@prefix dc: <http://purl.org/dc/elements/1.1/> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>.
@prefix gen: <http://www.w3.org/2006/gen/ont#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@keywords is, a, of.
@prefix : <http://www.w3.org/ns/auth/acl#>.

# Design Issue: Use classes of agents or use sioc:member of group?

<> dc:title "Basic Access Control ontology";
    rdfs:comment """Defines the element of Authorization and its essential properties,
    and also some classes of access such as read and write. """.



Authorization a rdfs:Class;
    rdfs:label  "authorization";
    rdfs:comment """An element of access control,
    allowing agent to agents access of some kind to resources or classes of resources""".

agent   a rdf:Property;
        rdfs:label "agent";
        rdfs:comment "A person or social entity to being given the right";
        rdfs:domain     Authorization;
        rdfs:range      foaf:Agent.
        
agentClass   a rdf:Property;
        rdfs:label "agent";
        rdfs:comment "A class of persons or social entities to being given the right";
        rdfs:domain     Authorization;
        rdfs:range      rdfs:Class.  # Must be subclass of foaf:Agent. 
                        # For public access, use foaf:Agent.
        
accessTo
    a rdf:Property;
        rdfs:label "to";
        rdfs:comment "The information resource to which access is being granted.";
        rdfs:domain     Authorization;
        rdfs:range      gen:InformationResource.
        
accessToClass
    a rdf:Property;
        rdfs:label "to all in";
        rdfs:comment "A class of information resources to which access is being granted.";
        rdfs:domain     Authorization;
        rdfs:range      rdfs:Class.
    
defaultForNew
    a rdf:Property;
        rdfs:label "default access for new things in";
        rdfs:comment "A directory for which this authorization is used for new files in the directory.";
        rdfs:domain     Authorization.
    
mode
    a rdf:Property;
        rdfs:label "access mode";
        rdfs:comment "A mode of access such as read or write.";
        rdfs:domain     Authorization;
        rdfs:range      rdfs:Class.

#################################### Access modes

Access a rdfs:Class;
    label "access"@en;
    rdfs:comment """Any kind of access to a resource. Don't use this, use R W and RW""".

Read a rdfs:Class;
    rdfs:label  "read"@en;
    rdfs:subClassOf Access;
    rdfs:comment    """The class of read operations""".
        
Write a rdfs:Class;
    rdfs:subClassOf Access;
    rdfs:label  "write"@en.
        
Append a rdfs:Class;
    rdfs:subClassOf Access, Write;
    rdfs:label  "append"@en;
    rdfs:comment """Append accesses are specific write access which only add information, and do not remove information.
    For text files, for example, append access allows bytes to be added onto the end of the file.
    For RDF graphs, Append access allows adds triples to the graph but does not remove any.
    Append access is useful for dropbox functionality.
    Dropbox can be used for link notification, which the information added is a notification
    that a some link has been made elsewhere relevant to the given resource.
    """.
        
Control a rdfs:Class;
    rdfs:subClassOf Access;
    rdfs:label  "control"@en;
    rdfs:comment """Allows read/write access to the ACL for the resource(s)""".
    
#ReadWrite a rdfs:Class;
#    rdfs:label  "read, write"@en.
#    rdfs:subClassOf Access; is subClassOf of Read, Write. # Any action in R or W is in RW
# Initial implementations will NOT do RDFS inference and so one should NOT use superclasses like this
# in ACL files.
#
# Question -- should we allow read of the ACL by anyone with Read for the resource?



# Linking a resource to its access control information
accessControl 
    a rdf:Property;
        rdfs:label "access control";
        rdfs:subPropertyOf rdfs:seeAlso;
        rdfs:comment """The Access Control file for this information resource.
        This may of course be a virtual resorce implemented by the access control system.
        Note also HTTP's header  Link:  foo.meta ;rel=meta can be used for this.""";
        rdfs:domain      gen:InformationResource;       
        rdfs:range      gen:InformationResource.        

######################## Ownership

owner a rdf:Property;
    rdfs:label "owner"@en;
    rdfs:range foaf:Agent;
    rdfs:comment """The person or other agent which owns this. 
    For example, the owner of a file in a filesystem.
    There is a sense of right to control.   Typically defaults to the agent who craeted
    something but can be changed.""".


# ENDS