Using Language & Logic to Drive Access Controls  

A(n) ldp:RDFSource, within Data Space : associated with source document(s)

No Abstract

Date Created
  • 2018-09-14T17:00:13+00:00
Date Modified
  • 2018-09-14T17:00:13+00:00
  • Using Language & Logic to Drive Access Controls
has creator
  • Attribute-based Access Controls (ABAC) provide a more fine-grained mechanism for protecting resources (documents) on any network than the commonly used Role-based Access Controls (RBAC) alternative. In regards to HTTP-based networks, ABAC are successfully created and exploited by harnessing the power of a Semantic Web i.e., use of human- and machine-readable logic woven into the resources (courtesy of RDF language) that manifest as the aformentioned Web variant. You create and contribute to a Semantic Web by creating document content using RDF sentences that adhere to the following rules: 1. Identify everything (real or imagined) using a hyperlink (specifically, a HTTP URI) 2. Describe anything using RDF sentences where subjects and predicates are identified using hyperlinks while objects are identified using an HTTP URI or a Literal (typed or untyped). **Note:** Adding "#{some-indexical}" to an HTTP URL automagically turns a URL (a Document Location) into a URI where entity and entity description document a connected while also disambiguated i.e., the power of entity-name=>entity-description-document indirection is unleashed!! Leveraging the above, here are three documents situated in different locations on the Web that describe a group labeled the "RWWCrew" : * [RWWCrew Group Listing from one of my Solid Pods]( * [RWWCrew Group Listing from my Personal Data Space]([RWWCrew Group Listing from one of my Solid Pods]( * [RWWCrew Group Listing from my Personal Data Space (Plain Text File)]([RWWCrew Group Listing from one of my Solid Pods]( Now that I have the Group Descriptions in place, I can also describe an Attribute-based Access Control (a/k/a WebACL in this context) along the following lines: ``` # ACL resource for the public folder @prefix acl: <>. @prefix foaf: <>. @prefix rww-group-acl: <rww-crew-group.ttl#> . # The owner has all permissions <#owner> a acl:Authorization; acl:agent <>; acl:agent <>; acl:accessTo <./>; acl:defaultForNew <./>; acl:mode acl:Read, acl:Write, acl:Control. # The public has read permissions <#public> a acl:Authorization; acl:agentClass foaf:Agent; acl:accessTo <./>; acl:defaultForNew <./>; acl:mode acl:Read. <#group> a acl:Authorization; acl:agentGroup rww-group-acl:RWWCrew ; acl:accessTo <./>; acl:defaultForNew <./>; acl:mode acl:Read, acl:Write . ``` To finish this all off, I simply place the WebACL document content in a special file in the Data Space provided by Linked Data deployment platform (e.g., solid-sever or ODS-Briefcase or anything else that understands these fundamental principles).
is ldp:contains of

Alternative Linked Data Documents: PivotViewer | iSPARQL | ODE    About   
This material is Open Knowledge   W3C Semantic Web Technology [RDF Data] Valid XHTML + RDFa