- This version:
- http://ns.inria.fr/s4ac/v1/ (rdf)
- Latest version:
- http://ns.inria.fr/s4ac/ (rdf)
- Status:
- Work in progress
- Authors:
- Serena Villata
Nicolas Delaforge
Fabien Gandon
Amelie Gyrard
The following figure provides a schematic representation of S4AC vocabulary. Dashed boxes represent external classes.
Linked Open Data refers to a set of best practices for the publication and interlinking of structured data on the Web. For ensuring that the resources featured in a dataset are richly described and, at the same time, protected against malicious users, the conditions under which a dataset is accessible need to be provided. This is important in order to encourage as many data providers as possible to publish data in their own terms, and not only fully public data.
The definition of access control policies for the Web has been addressed by the Web Access Control vocabulary (WAC), which allows the user to specify access control lists (ACL). This vocabulary grants the access to a whole RDF document. The aim of the S4AC vocabulary is to supply the data providers with means to define fine-grained access control polices which grant the access to specific RDF data, e.g., restrict the access to single named graphs.
S4AC allows the data provider to specify the access privilege he wants to grant, i.e., Read, Update, Create, and Delete. The main component of the vocabulary is the Access Condition which is a SPARQL 1.1. ASK clause that specifies the condition to be satisfied in order to grant the access. Data providers can define Access Tagging Rules where the set of Access Conditions is applied only to the data tagged with the specific tags (AccessTag), and the Access Conditions can be bound on specific values to provide an Access Evaluation Context. The Access Condition is associated also with a temporal validity. A graphical representation of the S4AC vocabulary is visualised below.
This class is used to manage the Access Condition, and the Exception Access.
| Subclass Of | sioc:Item |
|---|
The Access Condition (AC) allows the users to access specific resources. An AC is a SPARQL 1.1 ASK query. If a solution exists, the ASK query returns true, and the AC is said to be verified. If no solution exists, the ASK query returns false, and the AC is said not to be verified.
| Subclass Of | s4ac:Condition |
|---|---|
| In Domain Of | s4ac:hasCategoryLabel,s4ac:hasValidity,s4ac:hasSpatialValidity,s4ac:hasQueryAsk,s4ac:isAccessConditionOf,s4ac:hasParameter |
This class represents the kind of access privileges which is granted to the user (Create, Read, Update, Delete).
| Subclass Of | sioc:Item |
|---|
This class represents a create access on the resource. This class is equivalent to acl:Append.
| Subclass Of | s4ac:AccessPrivilege |
|---|---|
| Is Equivalent To | acl:Append |
This class represents a read access on the resource. This class is equivalent to acl:Read.
| Subclass Of | s4ac:AccessPrivilege |
|---|---|
| Is Equivalent To | acl:Read |
This class represents an update access on the resource.
| Subclass Of | s4ac:AccessPrivilege |
|---|
This class represents an update access on the resource.
| Subclass Of | s4ac:AccessPrivilege |
|---|
This class is used to describe the variables used in the Access Condition.
| In Domain Of | s4ac:hasName,s4ac:hasComment |
|---|
An Access Condition Set (ACS) represents a set of Access Conditions which can be either Conjunctive or Disjunctive.
| Subclass Of | s4ac:Condition |
|---|---|
| In Domain Of | s4ac:hasAccessCondition,s4ac:scopedBy |
A Disjunctive ACS (DACS) is a logical disjunction of Access Conditions, and it is said to be verified if and only if at least one Access Condition it contains is verified.
| Subclass Of | s4ac:AccessConditionSet |
|---|
A Conjunctive ACS (CACS) is a logical conjunction of Access Conditions, and it is said to be verified if and only if every Access Condition it contains is verified.
| Subclass Of | s4ac:AccessConditionSet |
|---|
This class is used to define the set of tags such that the Access Conditions apply to any resource tagged with one or more tags form AccessTag.
| Subclass Of | scot:Tag |
|---|---|
| In Domain Of | s4ac:scopes |
This class is used to forbid or authorize a specific user to access a resource.
| Subclass Of | s4ac:AccessCondition |
|---|
This class is used to add an exception to an Access Condition Set, in order to authorize a specific user to access.
| Subclass Of | s4ac:ExceptionAccess |
|---|
This class is used to add an exception to an Access Condition Set, in order to unauthorize a specific user to access.
| Subclass Of | s4ac:ExceptionAccess |
|---|
An Access Tagging Rule (ATR) is a triple (ACS, TagSet, Binding) where ACS is an Access Condition Set, TagSet is as set of Access Tags, and Binding is an Access Evaluation Context.
| In Domain Of | s4ac:hasAccessConditionSet,s4ac:hasTag,s4ac:hasAccessEvaluationContext,s4ac:hasAccessPrivilege |
|---|
An Access Evaluation Context (AEC) is a list L of predetermined bound variables names of the form (var1, val1) for which a SPARQL 1.1 Binding Clause constrains the ASK query evaluation when verifying the Access Conditions.
| In Domain Of | s4ac:hasVariable,s4ac:hasValue |
|---|
This class defines a maximum number of accesses on one or more resources.
| In Domain Of | s4ac:hasMaxResource |
|---|
This property adds the access privileges to the access tagging rules.
| Domain: | s4ac:AccessTaggingRule |
|---|---|
| Range: | s4ac:AccessPrivilege |
The property defines the variables used in the Access Condition, and a comment explaining their use.
| Domain: | s4ac:AccessCondition |
|---|---|
| Range: | s4ac:Variable |
This property associates a name to the variable used in the Access Condition.
| Domain: | s4ac:Variable |
|---|---|
| Range: | rdfs:Literal |
This property associates a comment to the variable used in the Access Condition to explain their use in the definition of the policies.
| Domain: | s4ac:AccessEvaluationContext |
|---|---|
| Range: | rdfs:Literal |
This property represents the pre-order among the access privileges.
| Domain: | s4ac:AccessPrivilege |
|---|---|
| Range: | s4ac:AccessPrivilege |
This property is used to add a label in natural language to the Access Condition.
| Domain: | s4ac:AccessCondition |
|---|---|
| Range: | skos:prefLabel |
The property defines the temporal constraints under which an Access Condition is valid. The validity can be expressed as a specific date, or as a time interval.
| Domain: | s4ac:AccessCondition |
|---|---|
| Range: | time:TemporalEntity |
The property defines the location constraints under which an AccessCondition is valid.
| Domain: | s4ac:AccessCondition |
|---|---|
| Range: | geo:SpatialThing |
This property adds an Access Condition to an Access Condition Set.
| Domain: | s4ac:AccessConditionSet |
|---|---|
| Range: | s4ac:AccessCondition |
This property says that an Access Condition is part of an Access Condition Set.
| Domain: | s4ac:AccessCondition |
|---|---|
| Range: | s4ac:AccessConditionSet |
This property defines when an Access Condition Set is scoped by a tag.
| Domain: | s4ac:AccessConditionSet |
|---|---|
| Range: | s4ac:AccessTag |
This property defines when a tag scopes an Access Condition Set.
| Domain: | s4ac:AccessTag |
|---|---|
| Range: | s4ac:AccessConditionSet |
This property defines the SPARQL 1.1 ASK queries of the Access Conditions.
| Domain: | s4ac:AccessCondition |
|---|---|
| Range: | rdfs:Literal |
This property associates an Access Condition Set with a Negative Exception Access.
| Domain: | s4ac:AccessConditionSet |
|---|---|
| Range: | s4ac:NegativeExceptionAccess |
This property associates an Access Condition Set with a Positive Exception Access.
| Domain: | s4ac:AccessConditionSet |
|---|---|
| Range: | s4ac:PositiveExceptionAccess |
This property defines whether the ACS of an Access Tagging Rule is a Conjunctive ACS, or a Disjunctive ACS.
| Domain: | s4ac:AccessTaggingRule |
|---|---|
| Range: | s4ac:AccessConditionSet |
This property associates an Access Tagging Rule with the set of Access Tags which constrain it.
| Domain: | s4ac:AccessTaggingRule |
|---|---|
| Range: | s4ac:AccessTag |
This property associates an Access Tagging Rule with an Access Evaluation Context.
| Domain: | s4ac:AccessTaggingRule |
|---|---|
| Range: | s4ac:AccessEvaluationContext |
This property associates a name of the variable used in the SPARQL 1.1 Bindings to an Access Evaluation Context.
| Domain: | s4ac:AccessEvaluationContext |
|---|---|
| Range: | rdfs:Literal |
This property associates the value associated to the variable used in the SPARQL 1.1 Bindings to an Access Evaluation Context.
| Domain: | s4ac:AccessEvaluationContext |
|---|---|
| Range: | rdfs:Literal |
This property provides the number of times a user can consult one or all the resources.
| Domain: | s4ac:MaxResource |
|---|---|
| Range: | rdfs:Literal |
This property is used to precise which resource is accessible by a limited number of accesses.
| Domain: | s4ac:MaxResource |
|---|
sioc:Item,acl:Append,acl:Read,scot:Tag,skos:prefLabel,time:TemporalEntity,rdfs:Literal