RDF Query for Policy Enforcement

Eric Prud'hommeaux
Policy Management for the Web
a WWW2005 Workshop — 10 May 2005, Chiba, Japan
$Revision: 1.3 $ of $Date: 2005/05/10 07:07:34 $

See also:


Hand-tailored Policy Queries

Simple Policy - W3C ACLs

Given a simple rule:

A person may PUT to the W3C website resource if:
  the W3C ACLs database says that:
    there is a rule that grants the holder of their public key PUT access to that resource.

Simple Policy - W3C ACLs

If the web server gives us the public key, the desired operation (PUT) and the resource:

PREFIX s: <http://www.w3.org/2001/02/acls/ns#>
 WHERE { GRAPH <http://www.w3.org/2005/02/14-PMQuery/,access?w3c_display=13>
         { ?policy s:access s:put .
           ?policy s:accessor ?group .
           ?policy s:hasAccessTo <http://www.w3.org/2005/02/14-PMQuery/> .
           ?group s:includes ?user .
           ?user s:publicKey "30 82 01 0a 02 82 01 01 00..." } }

SPARQL Expressivity

Optional + unbound gives something like NAF.

What to Do With This

Calculated Queries

Proofs provide a path through rules:

Deploy calculated queries.
Fall back to inferencing only when necessary.