puzzle: Surfaces and Access Control Rules

[bblfish]

The Solid Web Access Control ontology - described in Solid WAC allows one to describe essentially rules stating which sets of people can access which sets of resources.

@prefix : <https://www.w3.org/ns/auth/acl#> .

<#pub> a :Authorization;
   acl:mode :Read;
   acl:accessToClass [ regex:uriSet "https://bblfish.net/public/**" ];
   acl:agentClass foaf:Person .

<#family> a acl:Authorization;
   acl:mode :Read;
   acl:accessToClass [ regex:uriSet "https://bblfish.net/family/**" ];
   acl:agentClass </family#My> .

I invented the regex:uriSet relation. I am trying to express that it specifies all resources whose uris match the pattern. This could be expressed in OWL too, but I want to keep things simple and not bring OWL in at this point.

There are a few striking things about these two rules, which made me wonder.

1. Each rule is making universally quantified statements. <#pub> is saying that all </public/**> resources can by read by anyone. <#family> is stating that that all </family/**> resources can be read by all family members.
2. A request only needs to satisfy one of those two rules, so we have a disjunction of rules it seems
3. If none of the rules is satisfied by a request, then it fails.

Put this way it looks like we are dealing with the dual of what Evan Patterson calls in Knowledge Representation in Bicategories of Relations regular logic. Negation, disjunction and universal quantification seem to be present here...

[phochste]

Yes, indeed. The first two rules are disjunctions with universal quantification. The last rule is a negation, but not a strong negation (as in first-order logic), but a weak negation (as is available in databases and programming languages). "If none of the rules satisfies a request", assumes a closed world where all the rules are known.

Such a weak negation can be added to an implementation, for instance in the form of built-in functions. Notation3 has such built-in functions: log:notIncludes, log:collectAllIn. The EYE implementation of RDF Surfaces supports all Notation3 built-ins.

In the RDF Surfaces specification, for now, we don't mention built-ins and restrict ourselves first on a pure first-order logic expressed as RDF (or an extension thereof).

[bblfish]

yes, I see the value of doing this by going down to absolute basics. Especially here, as I have been thinking of using OWL constructs (see some social networking examples) and I think it would really help to understand what is going on and if this creates problems for this use of OWL.