Copyright © 2011 Thomas Bergwinkl |
This work is licensed under a Creative Commons Attribution License. This copyright applies to the TripleAccessControl Ontology Specification and accompanying documentation in RDF. Regarding underlying technology, the TripleAccessControl Ontology uses W3C's RDF technology, an open Web standard that can be freely used by anyone.
The TripleAccessControl Ontology is an extension to WebAccessControl Ontology to describe access control rules for RDF triples.
The template of this specification is derived from the FOAF Vocabulary Specification, which was created by Dan Brickley and Libby Miller, and the Music Ontology Specification, which was created by Yves Raimond. It was modified and extended by Bob Ferris. Furthermore, a modified and extended version of Danbri's SpecGen version was used to generate most of the RDFa statements of the TripleAccessControl Ontology for this specification (see here for SpecGen version 6 by Bob Ferris).
This document is created by combining the RDFS/OWL machine-readable TripleAccessControl Ontology with a human-readable HTML representation that includes RDFa annotations. Future versions may incorporate multilingual translations of term definitions. The RDF/XML version of the specification is also available directly from the namespace URI. RDF/TTL representations could be access via the links above.
The authors welcome comments on this document, preferably via the author's email addresses.
An a-z index of TripleAccessControl Ontology terms, by class (categories or types) and by property.
Classes: | Filter | TripleAuthorization |
Properties: | accessToTriple | children | filter | graph | mode | object | predicate | required | statement | subject |
RDF/Turtle representation of a simple example vCard, two FOAF groups and the related TripleAccessControl definition (see also RDF and TTL for downloadable representations of this example):
01 @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#>. 02 @prefix acl: <http://www.w3.org/ns/auth/acl#>. 03 @prefix tac: <http://ns.bergnet.org/tac/0.1/triple-access-control#>. 04 @prefix foaf: <http://xmlns.com/foaf/0.1/>. 05 @prefix vcard: <http://www.w3.org/2006/vcard/ns#>. 06 @prefix mywebid: <http://www.example.tld/card#>. 07 08 # owner has full control 09 [] a acl:Authorization; 10 tac:accessToTriple [ a tac:TripleAuthorization; 11 tac:mode acl:Read; 12 tac:mode acl:Write; 13 tac:filter [ a tac:Filter; 14 tac:subject mywebid:me ]]; 15 acl:agent mywebid:me. 16 17 18 # friends have read access to 19 # the fullname, nickname and all telephone numbers 20 [] a acl:Authorization; 21 tac:accessToTriple [ a tac:TripleAuthorization; 22 tac:mode acl:Read; 23 tac:filter [ a tac:Filter; 24 tac:subject mywebid:me; 25 tac:predicate vcard:fn ] 26 ], [ 27 tac:mode acl:Read; 28 tac:filter [ a tac:Filter; 29 tac:subject mywebid:me; 30 tac:predicate vcard:nickname ] 31 ], [ 32 tac:mode acl:Read; 33 tac:filter [ a tac:Filter; 34 tac:subject mywebid:me; 35 tac:predicate vcard:tel ]; 36 tac:children [ a acl:Authorization; 37 tac:accessToTriple [ a tac:TripleAuthorization; 38 tac:filter [ a tac:Filter; 39 tac:predicate rdf:type ] 40 ], [ 41 tac:filter [ a tac:Filter; 42 tac:predicate rdf:value ]]]]; 43 acl:agent _:friends. 44 45 46 # business contacts have read access 47 # to the fullname and work telephone numbers 48 [] a acl:Authorization; 49 tac:accessToTriple [ a tac:TripleAuthorization; 50 tac:mode acl:Read; 51 tac:filter [ a tac:Filter; 52 tac:subject mywebid:me; 53 tac:predicate vcard:fn ] 54 ], [ 55 tac:mode acl:Read; 56 tac:filter [ a tac:Filter; 57 tac:subject mywebid:me; 58 tac:predicate vcard:tel ]; 59 tac:children [ a acl:Authorization; 60 tac:accessToTriple [ a tac:TripleAuthorization; 61 tac:filter [ a tac:Filter; 62 tac:predicate rdf:type; 63 tac:object vcard:Work ]; 64 tac:required "true" 65 ], [ 66 tac:filter [ 67 tac:predicate rdf:type ] 68 ], [ 69 tac:filter [ 70 rdf:predicate rdf:value ]]]]; 71 acl:agent _:businessContacts. 72 73 74 # data 75 mywebid:me a foaf:Person; 76 vcard:fn "John Doe"; 77 vcard:nickname "Johnny"; 78 vcard:tel [ 79 a vcard:Voice; 80 a vcard:Home; 81 rdf:value "+49 8765 4321" 82 ], [ 83 a vcard:Voice; 84 a vcard:Work; 85 rdf:value "+49 8765 5555" ]. 86 87 # groups 88 _:friends a foaf:Group; 89 foaf:name "list of friends". 90 91 _:businessContacts a foaf:Group; 92 foaf:name "business contacts".
A member of the group friends wants to access the telephone data. This diagram shows how access is granted.
A member of the group businessContacts wants to access the telephone data. This diagram shows how access is granted.
The TripleAccessControl Ontology introduces the following classes and properties. There is a link at the top of this document to the RDF/XML and Turtle versions.
Classes: | Filter | TripleAuthorization |
Properties: | accessToTriple | children | filter | graph | mode | object | predicate | required | statement | subject |
| Status: | testing | |
|---|---|---|
| Properties include: | statement object predicate graph subject | |
| Used with: | filter | |
| OWL Class | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Properties include: | required accessToTriple children mode filter | |
| Used with: | accessToTriple | |
| Sub class of | http://www.w3.org/ns/auth/acl#:Authorization | |
| OWL Class | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | TripleAuthorization http://www.w3.org/ns/auth/acl#:Authorization | |
| Range: | TripleAuthorization | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | TripleAuthorization | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | TripleAuthorization | |
| Range: | Filter | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | Filter | |
| Range: | http://www.w3.org/2004/03/trix/rdfg-1/:Graph | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | TripleAuthorization | |
| Sub property of | http://www.w3.org/ns/auth/acl#:mode | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | Filter | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | Filter | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | TripleAuthorization | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | Filter | |
| Object Property | ||
[#] [back to top]
| Status: | testing | |
|---|---|---|
| Domain: | Filter | |
| Object Property | ||
[#] [back to top]
Each term in the TripleAccessControl Ontology is annotated with properties from the SemWeb Vocab Status Ontology
Note that this mechanism is itself somewhat experimental and evolvin. The definitions of 'stable', 'unstable', 'archaic' and 'testing' cannot be defined as global absolutes, but only in relationship to the practices, expectations and social structures around some vocabulary. For their use in the TripleAccessControl Ontology, future versions of this specification could usefully offer more detail about what to expect from a term labelled 'stable'.
I would like to thank Bob Ferris and Dominik Tomaszuk for their contributions. Furthermore the authors of specgen to provide the basis for this specification.