Re: Inclusion of additional (non dereferencable) data?
On 10 Jun 2010, at 17:24, Nathan wrote: Here's a common example of what I'm referring to, suppose we have a (foaf) documenthttp://ex.org/bobsmith which includes the following triples: :me foaf:knows http://example.org/joe_bloggs#me . http://example.org/joe_bloggs#me a foaf:Person ; foaf:name Joe Bloggs@en . This is ok by me. Adding more information is useful, as mentioned as it helps reduce connections. If you had a 1000 in your foaf file without any information, your client would need to make 1000 calls to get the info. Pragmatically there is no need to make a big fuss about this. People add what they want. If what they do goes out of date, then people will notice this. Your task as a UI designer is to allow people to 1. see where the information came from 2. remove information from graphs they don't trust Like sig.ma. But if you don't crawl the whole web, you will get a much better effect. Resources that make claims about other people that keeps changing, will be a nussance and avoided. So there will be social pressure to get that right. Henry
Re: Please stop massive crawling against http://openean.kaufkauf.net/id/
One could put the data behind foaf+ssl, and so identify agents :-) Henry On 8 Jun 2010, at 10:03, Martin Hepp (UniBW) wrote: Dear all: The volunteer who is hosting http://openean.kaufkauf.net/id/, a huge set of GoodRelations product model data, is experiencing a problematic amount of traffic from unidentified crawlers located in Ireland (DERI?), the Netherlands (VUA?), and the USA. The crawling has been so intense that he had to temporarily block all traffic to this dataset. In case you are operating any kind of Semantic Web crawlers that tried to access this dataset, please 1. check your crawler for bugs that create excessive traffic (e.g. by redundant requests), 2. identify your crawler agent properly in the HTTP header, indicating a contact person, and 3. implement some bandwidth throttling technique that limits the bandwidth consumption on a single host to a moderate amount. Note that the full dataset is always up to date in the LOD SPARQL endpoint at http://lod.openlinksw.com/sparql Thus, there is rarely a need to crawl the complete dataset. Thanks for your consideration. Best wishes Martin Hepp -- -- -- martin hepp e-business web science research group universitaet der bundeswehr muenchen e-mail: h...@ebusiness-unibw.org phone: +49-(0)89-6004-4217 fax: +49-(0)89-6004-4620 www: http://www.unibw.de/ebusiness/ (group) http://www.heppnetz.de/ (personal) skype: mfhepp twitter: mfhepp Check out GoodRelations for E-Commerce on the Web of Linked Data! = Project page: http://purl.org/goodrelations/ Resources for developers: http://www.ebusiness-unibw.org/wiki/GoodRelations Webcasts: Overview - http://www.heppnetz.de/projects/goodrelations/webcast/ How-to - http://vimeo.com/7583816 Recipe for Yahoo SearchMonkey: http://www.ebusiness-unibw.org/wiki/GoodRelations_and_Yahoo_SearchMonkey Talk at the Semantic Technology Conference 2009: Semantic Web-based E-Commerce: The GoodRelations Ontology http://www.slideshare.net/mhepp/semantic-webbased-ecommerce-the-goodrelations-ontology-1535287 Overview article on Semantic Universe: http://www.semanticuniverse.com/articles-semantic-web-based-e-commerce-webmasters-get-ready.html Tutorial materials: ISWC 2009 Tutorial: The Web of Data for E-Commerce in Brief: A Hands-on Introduction to the GoodRelations Ontology, RDFa, and Yahoo! SearchMonkey http://www.ebusiness-unibw.org/wiki/Web_of_Data_for_E-Commerce_Tutorial_ISWC2009
Re: An idea I need help with, or told to stop wasting time on!
On 6 Jun 2010, at 19:54, Reto Bachmann-Gmuer wrote: your way of specifying the type of the literal reminds me the recent discussion started by Henry Story: http://lists.w3.org/Archives/Public/semantic-web/2010Feb/0174.html following this we could also say: :me foaf:name [ xsd:string 'nathan' ; ex:sha_1 'KLSJFS9F7S9D8F7SLADFSLKDJF98SD7' . ] . Yes, it would be possible to extend xsd:string so that this works, as explained in this email http://lists.w3.org/Archives/Public/semantic-web/2010Mar/0037.html But also see the follow up http://lists.w3.org/Archives/Public/semantic-web/2010Mar/0038.html And as we don't control the xsd: namespace, we can't tell if they will use this interpretation or the inverse. In the case of the cert ontology we can define a datatype to also be such a relation. See: http://www.w3.org/ns/auth/cert.n3 Henry
Re: An idea I need help with, or told to stop wasting time on!
On 6 Jun 2010, at 22:22, Nathan wrote: Anything stopping me creating an ex:value which does have a strong meaning and definition where in usage both of the following express the same: :me foaf:name 'nathan'^^xsd:string . :me foaf:name [ ex:value 'nathan'^^xsd:string ] . seems to me you want owl:sameAs . Henry
Re: [foaf-protocols] semantic pingback improvement request for foaf
Sebastian added the pingback relation to the ontology, and it is working now. I added a Pingback page to the esw wiki http://esw.w3.org/Pingback I mention a couple of issues we should look into perhaps. Henry Social Web Architect http://bblfish.net/ On 15 Apr 2010, at 22:36, Story Henry wrote: Hi, I often get asked how one solve the friend request problem on open social networks that use foaf in the hyperdata way. On the closed social networks when you want to make a friend, you send them a request which they can accept or refuse. It is easy to set up, because all the information is located in the same database, owned by the same company. In a distributed social foaf network anyone can link to you, from anywhere, and your acceptance can be expressed most clearly by linking back. The problem is: you need to find out when someone is linking to you. So then the problem is how does one notify people that one is linking to them. Here are the solutions in order of simplicity. 0. Search engine solution - Wait for a search engine to index the web, then ask the search engine which people are linking to you. Problems: - This will tend to be a bit slow, as a search engine optimised to search the whole web will need to be notified first, even if this is only of minor interest to them - It makes the search engine a core part of the communication between two individuals, taking on the role of the central database in closed social networks - It will not work when people deploy foaf+ssl profiles, where they access control who can see their friends. Search engines will not have access to that information, and so will not be able to index it. 1. HTTP Referer Header -- The absolute simplest solution would be just to use the mis-spelled HTTP Referer Header, that was designed to do this job. In a normal HTTP request the location from which the requested URL was found can be placed in the header of the request. http://en.wikipedia.org/wiki/HTTP_referrer The server receiving the request and serving your foaf profile, can then find the answer to the referrer in the web server logs. Perhaps that is all that is needed! When you make a friend request, do the following: 1. add the friend to your foaf profile http://bblfish.net/#hjs foaf:knows http://kingsley.idehen.name/dataspace/person/kidehen#this . 2. Then just do a GET on their Web ID with the Referrer header set to your Web Id. They will then find in their apache logs, something like this: 93.84.41.131 - - [31/Dec/2008:02:36:54 -0600] GET /dataspace/person/kidehen HTTP/1.1 200 19924 http://bblfish.net/; Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 This can then be analysed using incredibly simple scripts such (as described in [1] for example) 3. The server could then just verify that information by a. doing a GET on the Referer URL to find out if indeed it is linking to the users WebId b. do some basic trust analysis (is this WebId known by any of my friends?), in order to rank it before presenting it to the user The nice thing about the above method is that it will work even when the initial linker's server does not have a Ping service for WebIDs. If the pages linking are in html with RDFa most browsers will send the referrer field. There is indeed a Wikipedia entry for this: it is called Refback. http://en.wikipedia.org/wiki/Refback Exactly why Refback is more prone to spam than the ping back or linkback solution is still a bit of a mystery to me. 2. Referer with foaf+ssl In any case the SPAM problem can be reduced by using foaf+ssl [2]. If the WebId is an https WebId - which it really should be! - then the requestor will authentify himself, at least on the protected portion of the foaf profile. So there are the following types of people who could be making the request on your WebId. P1. the person making the friend request Here their WebId and the referer field will match. (this can be useful, as this should be the first request you will receive - a person making a friend request, should at least test the link!) P2. A friend of the person making the friend request Perhaps a friend of P1 goes to his page, comes across your WebId, clicks on it to find out more, and authentifies himself on your page. If P2 is a friend of yours too, then your service would have something somewhat similar to a LinkedIn introduction! P3. Just someone on the web, a crawler... Then you know that he is making his friendship claim public. :-) The above seems to be just some of the interesting information one could get from the analysing the Referer field logs. 3. Pingback --- For some reason though the Referer Header
Re: Java Framework for Content Negotiation
There is the RESTlet framework http://www.restlet.org/ Henry On 20 May 2010, at 10:49, Angelo Veltens wrote: Hello, I am just looking for a framework to do content negotiation in java. Currently I am checking the HttpServletRequest myself quickdirty. Perhaps someone can recommend a framework/library that has solved this already. Thanks in advance, Angelo
Re: Java Framework for Content Negotiation
On 20 May 2010, at 11:18, Michael Hausenblas wrote: There's also Jersey [1] ... +1 to Jersey - had overall very good experience with it. If you want to have a quick look (not saying it's beautiful/exciting, but might helps to kick-start things) see [1] for my hacking with it. Since this is an RDF list, I wrote a blog post on how one could use Jersey to create linked data using annotations on objects http://blogs.sun.com/bblfish/entry/serialising_java_objects_to_rdf Something that could be looked into in more detail I have not had time to pursue it since then, but others are welcome to continue from there Henry Cheers, Michael [1] http://bitbucket.org/mhausenblas/sparestfulql/ -- Dr. Michael Hausenblas LiDRC - Linked Data Research Centre DERI - Digital Enterprise Research Institute NUIG - National University of Ireland, Galway Ireland, Europe Tel. +353 91 495730 http://linkeddata.deri.ie/ http://sw-app.org/about.html From: Dave Reynolds dave.e.reyno...@googlemail.com Date: Thu, 20 May 2010 11:08:03 +0100 To: Angelo Veltens angelo.velt...@online.de Cc: Linked Data community public-lod@w3.org Subject: Re: Java Framework for Content Negotiation Resent-From: Linked Data community public-lod@w3.org Resent-Date: Thu, 20 May 2010 10:08:45 + On 20/05/2010 11:03, Story Henry wrote: There is the RESTlet framework http://www.restlet.org/ There's also Jersey [1] and, for a minimalist solution to just the content matching piece see Mimeparse [2]. Dave [1] https://jersey.dev.java.net/ [2] http://code.google.com/p/mimeparse/ On 20 May 2010, at 10:49, Angelo Veltens wrote: Hello, I am just looking for a framework to do content negotiation in java. Currently I am checking the HttpServletRequest myself quickdirty. Perhaps someone can recommend a framework/library that has solved this already. Thanks in advance, Angelo
Re: GoodRelations vs. Google RDFa vs. Open Graph vs. hProduct/hListing: Using GoodRelations in 10 Triples
On 3 May 2010, at 09:38, Martin Hepp (UniBW) wrote: Dear all: Some people think that the GoodRelations ontology for e-commerce (http://purl.org/goodrelations/) is powerful, but complex. [snip] Turtle/N3: = @prefix foo: http://www.example.com/xyz# . @prefix gr: http://purl.org/goodrelations/v1# . @prefix xsd: http://www.w3.org/2001/XMLSchema# . @prefix rdfs: http://www.w3.org/2000/01/rdf-schema# . foo:company a gr:BusinessEntity; gr:legalName Hepp Space Ventures Inc.; gr:offers foo:offering. foo:offering a gr:Offering; rdfs:label Volkswagen Station Wagon, 4WD, 400 $@en; rdfs:description I sell my old Volkswagen Station Wagon, 4WD, for 400 $@en; gr:hasPriceSpecification [ a gr:UnitPriceSpecification; gr:hasCurrencyValue 400^^xsd:string; gr:hasCurrency USD^^xsd:string. ]. Hi Martin, it does not seem to complex to me. I wonder if the following could make it even simpler though: First I think, why not make the currency a literal? foo:offering a gr:Offering; rdfs:label Volkswagen Station Wagon, 4WD, 400 $@en; rdfs:description I sell my old Volkswagen Station Wagon, 4WD, for 400 $@en; gr:hasPriceSpecification [ a gr:UnitPriceSpecification; gr:value 400^^gr:USD; ] . When you have a relation from a string to a value, you have a literal. monetary values are good examples it seems to me of this. It would remove at least three of your URL usages, as you had to specify the xsd:string twice, and also the type of the currency. Also in your example you could put the company in a different file, and refer to it by reference. Then your example would just be foo:offering a gr:Offering; is gr:offers of foo:company; rdfs:label Volkswagen Station Wagon, 4WD, 400 $@en; rdfs:description I sell my old Volkswagen Station Wagon, 4WD, for 400 $@en; gr:hasPriceSpecification [ a gr:UnitPriceSpecification; gr:value 400^^gr:USD; ] . now we are down to 7 relations.
replacing email with atom and foaf+ssl
In the early days of Atom, people were speaking of using it to replace e-mail. This is in fact easy to do, we just need to try it out. 1. The problem. --- Before explaining the solution, it is important to understand the problem. Currently Atom works like a public mailing list: everyone can read everybody's published email/post/entry. The advantage over mailing lists, is that emails automatically have global identifiers, and that the content does not need to be shoved around global networks, as spam has to be currently. People GET the entry when they want to. What we want is to be able to narrow this down, so that one can publish (email) to only a select number of people: to one's friends for example, or just to one person. Ie we want to do the same with Atom as we do with email. This requires two things: - A way of notifying someone or a group of a new post for them - A way of allowing software to access a atom entry in one simple click 2. The Solution --- 2.1 RESTful Identity and Authentication --- foaf+ssl gives us WebIds, global identifiers tied to a public key, which allows one click authentication. This works in all browsers. There is more here: http://esw.w3.org/Foaf%2Bssl/FAQ You can try some early demos out by going to http://webid.myxwiki.org/ for example or any of the list of Identity Providers http://esw.w3.org/Foaf%2Bssl/IDP Without foaf+ssl this is not really possible. Getting a username/password for each of one's friends web servers would be impossibly complex, tedious and insecure. OpenId is close, but still too complex, though it can also be made to work nicely with foaf+ssl. 2.2 A ping mechanism It just requires one new relation to be added to a foaf file. A link to a simple form, which could be a atompub:Collection / sioc:Container [1]. I went into this in great detail in a recent post where I cover what I know of the pinging mechanism history, and show how this can be simplified further. http://markmail.org/message/kzsg3qntovmqzbje Writing such a pinging mechansim is really really easy. Adding a relation to a foaf is also easy, as we can see from the recent adoption by Facebook, which is rdfa enabling all its web pages. 2.3 Usage - When you want to publish an atom entry to someone, you would just need one of their WebIds, and give access to only that WeBId for that entry. (A good GUI would speak of this in a human way of course) How would you get that WebId? Well if you have a blog for them, you have their atom ID which can be used to find a webid. Or they could just give it to you at a party on a card. Or it could be linked to from one of your friends foaf file When your reader access it, he just connects to your server with https, the server asks the client for the X509 certificate, which can be sent. On authentication the Entry is returned. That's all there is to it. 3. Result - As a result we would have a system that would be pure p2p, RESTful email equivalent. If A sends B a message, only A and B (and routers along the way) need to know about that communication. Nobody else. With email they are routed all over the place, for all kinds of people to observe. Furthermore one would have built in SSL security in as a default. Finally it is really easy to add client cert support to any application, as this is completely standard based. Any thoughts? Henry [1] http://rdfs.org/sioc/spec/ Social Web Architect http://bblfish.net/
Re: [foaf-protocols] replacing email with atom and foaf+ssl
On 3 May 2010, at 21:22, Nathan wrote: Story Henry wrote: [snip 2. The Solution --- 2.1 RESTful Identity and Authentication --- foaf+ssl gives us WebIds, global identifiers tied to a public key, which allows one click authentication. This works in all browsers. There is more here: http://esw.w3.org/Foaf%2Bssl/FAQ You can try some early demos out by going to http://webid.myxwiki.org/ for example or any of the list of Identity Providers http://esw.w3.org/Foaf%2Bssl/IDP Without foaf+ssl this is not really possible. Getting a username/password for each of one's friends web servers would be impossibly complex, tedious and insecure. OpenId is close, but still too complex, though it can also be made to work nicely with foaf+ssl. 2.2 A ping mechanism It just requires one new relation to be added to a foaf file. A link to a simple form, which could be a atompub:Collection / sioc:Container [1]. I went into this in great detail in a recent post where I cover what I know of the pinging mechanism history, and show how this can be simplified further. http://markmail.org/message/kzsg3qntovmqzbje Writing such a pinging mechansim is really really easy. Adding a relation to a foaf is also easy, as we can see from the recent adoption by Facebook, which is rdfa enabling all its web pages. [snip] Henry, Good call, I've been thinking about this a lot recently and there is certainly a huge amount of scope. Things I'm certain of: - FOAF+SSL is needed - HTTP should be the interface - all communications should be handled RESTfully - Resources should be Web Access Controlled (via ACL+WebID) - The receive flow should be: notification of new message, GET message Thing(s) I'm unsure of: - Atom(/Pub) vs LinkedData I am not sure the 'vs' is justfied. Atom is a format, which can be GRDDLed into RDF. See the Atom/OWL work for example: http://bblfish.net/work/atom-owl/2006-06-06/AtomOwl.html Full application of REST leads one inevitably to linked data. RDF provides the semantics for that. (important note, that is still worth repeating: RDF is not a format! proof: the RDFa html markup in the latest Facebook for example http://rdfa.info/2010/04/22/facebook-adopts-rdfa/ ) Linked Data can represent anything we want, surely to use linked data rather than Atom would allow the scope of this to be so much more, allowing any kind of message to be sent. See above. But atom is widely used, widely understood. There is no reason atom cannot join foaf+ssl, so why not work together? Together we can go much further. Sioc:Container and Items together with the additional sioc type extensions would appear to cover 99% of scenarios. Yes, with Atom/Owl they just provide a semantics for Atom xml. The thing is that a lot of blogging clients understand Atom publication protocol. It would be very easy for them to add foaf+ssl support - that would just require at the minimum adding ssl support! Considerations of SPARUL, SPARQL and SPARQL+Pubsubhubbub for custom notification streams. Those are nice. But why use them when they are not needed? They will be useful at some point. Let us use them, where and when they are needed. The time will certainly come for them. But this application does not require them, and it could be really big. But I see you agree with me below... :-) However, Atom(/Pub) is already here, defined, widely accepted and would allow a quick implementation without too much work, and you could ensure that each message could be handled due to having set parameters in Atom (whereas in linked data it could be any ontology with no guaranteed presence of rdfs:label or suchlike) Further, Atom(/Pub) would add in much scope for current work on the likes of activitystrea.ms to be incorporated / made interoperable etc. (and possibly OData/GData..?) Yes. Possibly. I have not followed those that closely, so I can't comment on them. The great thing is that it ties atom very lightly into a global social network, which means that it will be all the more powerful as a result. Side: By defining a standardized HTTP RESTful messaging system with FOAF+SSL and Web Access Control you remove all implementation specific details and make something forwards and backwards compatible, so vendors could easily adopt this whilst remaining in control of backwards compatibility points (routing messages to email, xmpp, sms etc - preferences for notifications of messages from certain sources - prioritization of message deliver messages based on rules). yes. It would be very nicely backward compatible. A very minor tweak, with a huge upside. At the same time it would simplify many types of communication from service to service and encourage adoption of webid's, foaf+ssl. And of Atom itself. :-) All in all: Sounds feasible and pretty much fully spec'd
Re: [foaf-protocols] replacing email with atom and foaf+ssl
On 3 May 2010, at 22:02, Nathan wrote: All in all: Sounds feasible and pretty much fully spec'd if going down the atompub route, perhaps linked data + sparql/sparul/pubsubhubbub is the long term route but I'm quite sure it would take a bit more work to both implement and encourage adoption. Brining the REST and Linked Data communities together is critical though, and can only be a good thing for the future of the web. Thanks for bringing this to the table Henry, Thanks for the feedback, and helping me clarify. My primary question - in order to get on and start prototyping - is what to use as the property to link a webid to the atompub container(s). Not sure you need this to start prototyping, though it would certainly be a useful relation. All you need is a link in the foaf to a ping endpoint. And I think we are just waiting for Sebastian Dietzold to publish that. What the publisher needs to do is ping the agents he is sending the 'mail'/entry to. He knows their WebId. All he needs to do is look there to find the ping endpoint, and send a ping. We may need something a little more advanced than ping, but not much. Does that help? on second thoughts, I'd like to negate the container(s) above with preference going to a single notification stream per webid / persona which they can subscribe to from a variety of clients and devices. fully agree though, this is something that can be adopted very quickly and will have huge benefits. the costs of adopting are negligible compared to the benefits. any other details needing covered? Best,
Re: [foaf-protocols] owl:Restrictions in ACL - was Re: ACL Ontology and Discussion
Sorry for being a bit harsh yesterday evening. It is a bit difficult to work out what tools you have access to and what you don't, and as you can imagine that is going to vary from one person to the other. This might be the problem we are facing here. It is also true come to think of it, that though Working Ontologist will give you a very good background in RDF, RDFS and OWL but last I looked, I don't think it really covers graphs, and belief states. Our answers are in terms of OWL and SPARQL because this allows us to express relatively clearly and concisely what is needed. None of this should require those tools. They are great shorthands for a lot of background coding though, and so are useful in a mailing list discussion. As I understand it now you don't have access to a either a good owl reasoner or a very advanced SPARQL query, the thing to do is to just simulate some of this, and to simplify the problem. But the answers given with SPARQL and OWL should help you a. understand how to simplify without going wrong b. understand what is dependent on inference c. what is dependent on graph selection On 21 Apr 2010, at 23:05, Nathan wrote: Story Henry wrote: This is why we were writing the authorization out not as you have above, but as [] a acl:Authorization ; acl:accessTo https://ssl.data.fm/index.php ; acl:agentClass [ owl:equivalentClass [ a owl:Restriction; owl:hasValue http://example.org/usergroups#group1 ; owl:onProperty [ owl:inverseOf sioc:has_member ] ]; acl:mode acl:Read . But you if you want to do things procedurally, you can just define that set by getting the results from the query or by writing out the procedural equivalent of it, as mentioned in a previous email. but that's what I have, and have implemented already over on https://ssl.data.fm/ - and have done since the first time i mentioned this! good. you can't access because i don't foaf:knows you, whereas melvin, kingsley, michael can; similarly I'm the only one who can actually read the acl because i have acl:Control over it. the acl is exposed via the Link header using a rel of the acl ontology. This is partly what I was thinking. Your setup is going to be initially very much under your own control. This is good, because it should help you simplify things quite a lot. But it can also lead you - if you are not careful - to your making big reasoning mistakes, that you may not notice initially at all. So for example your comments about using the sioc:member_of relation to do one thing, and the sioc:has_member relation to do something else are the types of errors that stem from that. Those are inverse relations so they imply one another. You should not work as if you could have G sioc:has_member p . without having p sioc:member_of G . Of course if you don't have reasoning set up, then you won't notice it. But when later you do start switching it on, the parts of your reasoning that were relying on those non existent distinctions won't work. acl: @prefix rdf: http://www.w3.org/1999/02/22-rdf-syntax-ns# . @prefix acl: http://www.w3.org/ns/auth/acl# . @prefix foaf: http://xmlns.com/foaf/0.1/ . @prefix owl: http://www.w3.org/2002/07/owl# . [] a acl:Authorization ; acl:accessTo https://ssl.data.fm/index.php ; acl:agent http://webr3.org/nathan#me ; acl:mode acl:Control, acl:Read, acl:Write . That looks good. [] a acl:Authorization ; acl:accessTo https://ssl.data.fm/index.php ; acl:agentClass _:myfriends ; acl:mode acl:Read . That looks good. (I have not tried this stuff, so I can only speak theoretically here. I should go and implement this too frankly. I was looking for a reason to do so.) _:myfriends owl:equivalentClass [ a owl:Restriction ; owl:hasValue http://webr3.org/nathan#me ; owl:onProperty [ owl:inverseOf foaf:knows ] ] . Good so this is what I think we were proposing earlier. Clearly if you don't have a good owl reasoner, which few of us have, then you would just use the above to calculate the set of members of the class by using it to write out a query such as CONSTRUCT { ?p a _:myfriends . } WHERE { http://webr3.org/nathan#me foaf:knows ?p . } You would add the results to the graph that the access control engine then uses to make its decision. If you can you should try to cache that graph, so that you don't need to calculate these things all the time. exactly the same code works for the above sioc:Usergroups acl, The concern I was having in some of your previous remarks is that you were treating a sioc:Usergroup as a class. I am not really sure why it is not, and clearly it would make things easier with these owl reasoning tools. But then the foaf:knows case shows more precisely why one will need these intermediate mappers. if you want any proof then simply fire through a usergroup you
Re: [foaf-protocols] owl:Restrictions in ACL - was Re: ACL Ontology and Discussion
On 22 Apr 2010, at 09:55, Nathan wrote: Story Henry wrote: Sorry for being a bit harsh yesterday evening. Likewise :) It is a bit difficult to work out what tools you have access to and what you don't, and as you can imagine that is going to vary from one person to the other. This might be the problem we are facing here. It is also true come to think of it, that though Working Ontologist will give you a very good background in RDF, RDFS and OWL but last I looked, I don't think it really covers graphs, and belief states. that's exactly the right term! belief states. The issue is how to express in which graph/resource to trust, or at least how to delegate that trust in some way (possibly via isDefinedby) with owl is what I need to be able to do. (remembering that the acl is by nature trusted). It may be ok, not to express that directly in any way. You could easily leave that up to your reasoner. That is the way I would go to start off with. The reason being that since your service is the one making the decision, and since very few people will be able to read the more advanced rule set (not just you), publishing it won't be that much use to start off with anyway. If people start using and understanding the acls that will be a huge improvement already, and will help us test the ontology. Longer term using N3 rules as Tim Berners Lee has done for a long time in the cwm directory, and for which I published pointers in my answer to http://www.semanticoverflow.com/questions/757/ would be ideal in my opinion. Why so few RDF libraries have integrated N3 rules I don't know. They are very powerful, concise, form a nice superset with turtle, and could allow one to build in very few lines of code some awesome reasoners. 1. Simple example - Take the simple rule on http://esw.w3.org/WebAccessControl [] acl:accessTo card.rdf; acl:mode acl:Read, acl:Write; acl:agent http://bblfish.net/peopl/henry/card#me . This is easy because when you know the WebId of the user, and having placed all the ACLs in a graph you trust (by just crawling your web server and merging all the files into a graph you could name myTrustedACLs) you can simply query that graph ASK GRAPH myTrustedACLs { [] accessTo card.rdf; acl:mode acl:Read; acl:agent http://bblfish.net/peopl/henry/card#me . } If the answer is yes, the person gets READ access. 2. with a remote reference --- [] a acl:Authorization ; acl:accessTo https://ssl.data.fm/index.php ; acl:agentClass http://ex.org/groups#group1 ; acl:mode acl:Read . Let us say for simplicity that http://ex.org/groups log:semantics { #group1 is rdf:type of http://bblfish.net/peopl/henry/card#me, george, ... } ( the log:semantics is a way of saying that if you dereference the URL you get the graph. The simplicity comes from our not needing to do any inferencing on the class to find its members ) Then you could just merge the information into myTrustedACLs and ask the following query ASK GRAPH myTrustedACLs { [] accessTo card.rdf; acl:mode acl:Read; acl:agentClass ?c . http://bblfish.net/peopl/henry/card#me a ?c . ] . } ==BUT== that would not be a good idea. Because it would be too easy for your whole system to be subverted with http://ex.org/groups log:semantics { #group1 is rdf:type of http://bblfish.net/peopl/henry/card#me, george, ... #DANGER!!! [] a acl:Authorization ; accessTo https://ssl.data.fm/index.php; acl:agentClass #group1 ; acl:mode acl:Read, acl:Write, acl:Control . } Here as you can see, I am adding a twist in that the remotely referenced file is adding its own acl. We can imagine that it does this by mistake, and not necessarily out of evil intentions (perhaps it is the consequence of something else in there, which the author of the file did not forsee) If you just merge that information into your myTrustedACLs in order to query it with the ASK query shown previously, then the remote resource could override your ACL, and could change the meaning of all your other ACLs too. So that is clearly not a good idea. So what is needed is for you to extract the minimum needed from the remote resource. Perhaps the easiest way here would be to proceed in two query steps. 1. You ASK GRAPH http://ex.org/groups { http://bblfish.net/peopl/henry/card#me rdf:type #group1 . } 2. If that is positive you ASK GRAPH myTrustedACLs { [] accessTo card.rdf; acl:mode acl:Read; acl:agentClass http://ex.org/groups#group1 . } That is good, you get just what you want out of the remote graph, and nothing more, and then proceed with your reasoning. Ok so the above seems to require a step 0, where you find out that you need to ask something of myTrustedACLs to find out that you know the agent class but not the agents that belong to it. It would be nice to find a more generic way of boiling
Re: [foaf-protocols] owl:Restrictions in ACL - was Re: ACL Ontology and Discussion
Hi Nathan, it seems to me you need to invest in an introductory book on the semantic web. I suggest Semantic Web for the Working Ontologist by Dean Allemang which I reviewed here http://blogs.sun.com/bblfish/entry/semantic_web_for_the_working It is very nice, it goes over RDF, RDFS, OWL without mentioning rdf/xml, in an intutive but precise way. On 21 Apr 2010, at 03:44, Nathan wrote: Nathan wrote: Nathan wrote: Request for a bit of help / clarification - started implementing.. see in-line from here.. Story Henry wrote: On 20 Apr 2010, at 21:13, Nathan wrote: Story Henry wrote: On 20 Apr 2010, at 15:52, Nathan wrote: I'd like to propose a few new additions to the ACL Ontology, I won't be specific on names but will describe each one and the associated need. The addition of groups - personally I see no need to define a set ontology for what constitutes a group when dealing with ACL, however it would be fantastic to be able to point to the URI of a Group of WebIDs and the relation, or predicate, that should be used. For example: [] a acl:Authorization ; acl:accessTo /pictures-of-me ; acl:mode acl:Read ; acl:agentGroupSource http://webr3.org/nathan#me ; acl:agentGroupLink foaf:knows . I think you can get what you want by using owl reasoning @prefix owl: http://www.w3.org/2002/07/owl# . @prefix acl: http://www.w3.org/ns/auth/acl# . [] a acl:Authorization ; acl:accessTo /pictures-of-me ; acl:mode acl:Read ; acl:agentClass :myfriends . :myfriends owl:equivalentClass [ a owl:Restriction; owl:onProperty [ owl:inverseOf foaf:knows ]; owl:hasValue http://webr3.org/nathan#me ] . managed to get the above implemented and working, basically this equates to find the triple: What the above is saying is that :myfriends is a class that has exactly the same members as the class that can be found by asking the following query SELECT ?mem WHERE { http://webr3.org/nathan#me foaf:knows ?mem . } and adding all ?mem to the set. http://webr3.org/nathan#me foaf:knows users-webid . if it's there then grant access, else not. is that correct?? or should it equate to looking for: users-webid foaf:knows http://webr3.org/nathan#me . in this scenario the agentGroupSource is a foaf:Person (me) and the relation to be used as members who have acl:Read access is everybody i foaf:knows. [] a acl:Authorization ; acl:accessTo /working-group ; acl:mode acl:Read , acl:Write ; acl:agentGroupSource /groups#working-group-members ; you probably want a acl:agentGroupSource /groups/#userGroup1 ; acl:agentGroupLink sioc:has_member . [] a acl:Authorization ; acl:accessTo /working-group ; acl:mode acl:Read , acl:Write ; acl:agentClass :wkgrp. :wkgrp owl:equivalentClass [ a owl:restriction; owl:onProperty sioc:member_of; owl:hasValue /groups/#userGroup1 . managed to get this one in too.. equates to needing: users-webid sioc:member_of /groups/#userGroup1 . SELECT ?mem WHERE { ?mem sioc:member_of /groups/#userGroup1 . } (hopefully)! but what I needed in the first place was the opposite, to find the following triple: http://example.org/usergroups#group1 sioc:has_member users-webid . sioc:has_member is the owl:inverseOf sioc:member_of . So that is indeed what you got. my first thought was.. [] a acl:Authorization ; acl:accessTo https://ssl.data.fm/index.php ; acl:agentClass _:group ; acl:mode acl:Read . _:group owl:equivalentClass [ a owl:Restriction ; owl:hasValue http://example.org/usergroups#group1 ; owl:onProperty [ owl:inverseOf sioc:member_of ] ] . is that correct? That is semantically the same as the above. if so then the foaf:knows implementation above is a bit of a special case isn't it.. because the inverse of { a foaf:knows b } is { b foaf:knows a } but the inverse of { c sioc:member_of d } is { d sioc:has_member c } - different predicates. Not a problem. Sometimes the inverses, don't have the same names. :-) I could be (and probably am) wildly wrong here, any clarification? figured a bit out i think.. above.. :myfriends owl:equivalentClass [ a owl:Restriction; owl:onProperty [ owl:inverseOf foaf:knows ]; owl:hasValue http://webr3.org/nathan#me ] . would equal: users-webid foaf:isKnownBy http://webr3.org/nathan#me . if such a thing existed, but it doesn't so to check if users-webid is known by :me then we have to http://webr3.org/nathan#me foaf:knows users-webid . but I think I've just inferred that last bit of knowledge myself, and that it'd be impossible for a machine to figure that bit out.. because surely in the case of: _:group owl:equivalentClass [ a owl:Restriction ; owl:hasValue http://example.org/usergroups#group1 ; owl:onProperty [ owl:inverseOf sioc:member_of ] ] . I'd have to dereference sioc, see if there was an inverse property of it and then look
Re: [foaf-protocols] owl:Restrictions in ACL - was Re: ACL Ontology and Discussion
On 21 Apr 2010, at 09:17, Nathan wrote: Story Henry wrote: On 21 Apr 2010, at 03:44, Nathan wrote: [ ✄ ] figured it - finally.. (?) _:group owl:equivalentClass [ a owl:Restriction ; owl:hasValue http://example.org/usergroups#group1 ; owl:onProperty [ owl:inverseOf sioc:has_member ] ] . which leaves you looking for the following : users-webid _:y http://example.org/usergroups#group1 . _:y owl:inverseOf sioc:has_member . which afaict does not entail: users-webid sioc:member_of http://example.org/usergroups#group1 . It does because sioc:member_of owl:equivalentProperty [ owl:inverseOf sioc:has_member ] . because that would be specified by: _:group owl:equivalentClass [ a owl:Restriction ; owl:hasValue http://example.org/usergroups#group1 ; owl:onProperty sioc:member_of ] . must be different surely - I know what you are saying about equivalentProperty; but the above should = SELECT ?mem WHERE { ?mem sioc:member_of http://example.org/usergroups#group1 . } _:group is indeed a class equivalent to any class that contains all the bindings to ?mem in your query above. Note that as you add more information you may also get more results. What I forgot to mention is that at runtime when we are processing the ACL we have two (or more) graphs to pull information from; the users foaf file and an unknown graph. yes, that is the whole point of the semantic web. But it is not because you can merge information from every graph that you should, just like it is not because you can believe what everyone tells you that you should. So once you have tied the WebId to the user at the end of the ssl connection, you know what he is telling you about himself. Your access control information is something you will not want to merge with what he says, unless you completely trust him. I'm suggesting that the above equates to: SELECT ?mem FROM users-foaf WHERE { ?mem sioc:member_of http://example.org/usergroups#group1 . FILTER( ?mem = users-webid ) } whilst an acl w/ the following: _:group owl:equivalentClass [ a owl:Restriction ; owl:hasValue http://example.org/usergroups#group1 ; owl:onProperty [ owl:inverseOf sioc:has_member ] ] . would equate to: SELECT ?mem FROM http://example.org/usergroups WHERE { http://example.org/usergroups#group1 sioc:has_member ?mem . FILTER( ?mem = users-webid ) } You seem to think that the relations are fixed in how they can be used, in that only one document type can publish one of the relation. But that is not the case, both your ACL or the users' document could publish either sioc:has_member or sioc:member_of. In any case, whenever you have one relation the other one is true too. That is just like when if I say Joe is the father of Harry, it is simultaneously true to say that Harry's father is Joe, or that Harry is the child of Joe. The same facts make all those true: the are logically equivalent. The two queries are obviously v different because they are asking different graphs the question, and we need a way to be able to infer which graph to ask based on the limited information available in the equivalentClass, Restriction pairing. You may indeed want to ask both graphs a question. We first have to work out what you are trying to do. Does it make more sense now why I'm saying that it doesn't entail..? I think I am starting to see where your conceptual problem is coming from. You are looking in the wrong place for a solution to a problem that I think you have not yet got. (you should come across it later). To summarize you have are the following graphs G1. Access control rules you trust G2. User Information (which you get from the WebId) G3. Information about what user you are dealing with (you have a WebID handle on the user at the end of the connection) ( btw. This is laid out in detail in FOAF+SSL: RESTful authentication for the social web http://bblfish.net/tmp/2009/05/spot2009_submission_15.pdf ) So you now are at the authorisation stage. We imagine you have the resource the user wants access to is protected by the following or equivalent acl @prefix owl: http://www.w3.org/2002/07/owl# . @prefix acl: http://www.w3.org/ns/auth/acl# . [] a acl:Authorization ; acl:accessTo /pictures-of-me ; acl:mode acl:Read ; acl:agentClass :myfriends . :myfriends owl:equivalentClass [ a owl:Restriction; owl:onProperty [ owl:inverseOf foaf:knows ]; owl:hasValue http://webr3.org/nathan#me ] . So your acl uses the http://webr3.org/nathan#me WebId to identify you. Presumably it trusts the document http://webr3.org/nathan to correctly declare the foaf:knows relationships. So it can probably just create a list (set) of WebIds from there and check if the users' WebId is part of that list. Notice that you merge the information from the acl G1 and what http://webr3.org/nathan#me declares
Re: [foaf-protocols] owl:Restrictions in ACL - was Re: ACL Ontology and Discussion
On 21 Apr 2010, at 16:58, Joe Presbrey wrote: Sadly, I'm going to have to implement the above in the short term though as can't for the life of me see any other way of expressing: if graph Gx holds the triple group has_member webid . where Gx is found by dereferencing group where group and has_member are defined in the ACL where webid is only known at runtime after checking foaf+ssl. I'm not sure about the Gx dereference at this point. I guess this is analogous to multiple groups being defined in the same graph and distinguished by fragment. Are you planning to do this like: defrag(group)? Along these lines I think Apache people like AuthGroupFile in .htaccess which explicitly declares what graphs are trusted for authorization. Maybe you aren't counting this as another way of expressing, but in SPARQL I would say: ASK { GRAPH acl { ?acl acl:accessTo uri; acl:mode acl:Read; acl:accessClass group . } GRAPH group { group has_member webid . } } yes, a SPARQL query such as the above, if the engine knows to go and dereference the Graph ids, is close to the N3 rules I was thinking of. The OWL inferencing is then done inside the graphs such as group. Henry
Re: [foaf-protocols] owl:Restrictions in ACL - was Re: ACL Ontology and Discussion
I think it would be nice if you went off to study Semantic Web for the Working Ontologist before asking any more questions on this group. Currently it would be like a php person coming to a php group, who never really even looked at a php grammar, syntax, or got a simple php program to run. And then kept asking questions which were due mostly to the person's trying to guess how php was meant to work from his experience in Visual Basic. That book should help you get going. I learnt a lot from it. Nevertheless I will answer you question one last time below. On 21 Apr 2010, at 20:35, Nathan wrote: Joe Presbrey wrote: On Wed, Apr 21, 2010 at 2:26 PM, Nathan nat...@webr3.org wrote: I'm not sure about the Gx dereference at this point. I guess this is analogous to multiple groups being defined in the same graph and distinguished by fragment. Are you planning to do this like: more GET uri, parse rdf and then check resulting triples. Say my group is groups#users. When I go HTTP GET groups#users, don't I actually get groups? If my rule had been simply: group says who is in group GRAPH groups#users { groups#users has_member webid . } it would fail. It should have been: groups file says who is in users GRAPH groups { groups#users has_member webid . } Of course had my source been TriG or SPARQL endpoint, the former may have been just fine depending on my schema. Is your plan to determine authorized named graphs automagically from the ACL or require them declared explicitly? determine automagically, and sparql-less implementation - should be as simple as: why sparql-less? GET http://ex.org/groups#users parse in to triples foreach( triples as triple ) { if( triple-s == http://ex.org/groups#users ) { if( triple-p == has_member ) { if( triple-o == webid ) { return TRUE; } } } } With SPARQL it clearly would be easier to ask ASK { GRAPH http://ex.org/groups { http://ex.org/groups#users sioc:has_member webid . } } But if you don't have SPARQL then well, you can do graph traversal, which also will work. It's just more work programmatically. but how to express that in acl+owl.. here's the full abridged run down of the problem, rewritten to be as unambiguous as possible. OWL reasoning helps you to find inferences. So you can ask queries on graphs that would contain equivalent information written in other ways, and map it. OWL gives you more power. Of course you need tools to get the extra power. If you don't have the tools, then simplify the problem so that the tools are not necessary. There are many different ways to do that. It requires asking users to be more consistent in how they express the data. This is probably ok, to start off with as you will be the first to try this out. Start simple with a few things, then move to more complciated versions. But start with something. For the moment we don't see any of your code, or any service you have put online. The problem is (should be) a very simple one.. I'm implementing ACL using the acl ontology, all I want to do is handle a very simple group based system where the uri of the group and the predicate are specified in the acl file / graph. If the representation returned by the http://ex.org/groups contains the triples http://ex.org/groups#group1 sioc:has_member :joe, :henry, jack, jim, george ... Then you are done. IE the ASK query mentioned above will return TRUE if the webid is a member of the group which has the restiction you have used. ASK { GRAPH http://ex.org/groups { http://ex.org/groups#users sioc:has_member webid . } } in fact if you ask your query directly to the graph http://ex.org/groups then you can just ask ASK { http://ex.org/groups#users sioc:has_member webid . } You can use the above query to determine membership of the http://ex.org/groups#group1 class defined in your the rule specified in your follow up e-mail. [] a acl:Authorization ; acl:accessTo https://ssl.data.fm/index.php ; acl:agentClass http://ex.org/groups#group1 ; acl:mode acl:Read . Well! Careful! The above is not correct, because if you look at the definition of acl:agentClass the object has to be a owl:Class, not a sioc:Usergroup. So what is required is one more step to map the members of a sioc:Usergroup into a owl:Class (which you can think of as a set) This is why we were writing the authorization out not as you have above, but as [] a acl:Authorization ; acl:accessTo https://ssl.data.fm/index.php ; acl:agentClass [ owl:equivalentClass [ a owl:Restriction; owl:hasValue http://example.org/usergroups#group1 ; owl:onProperty [ owl:inverseOf sioc:has_member ] ]; acl:mode acl:Read . But you if you want to do things procedurally, you can just define that set by getting the results from the query SELECT ?mem FROM
Re: [foaf-protocols] ACL
On 20 Apr 2010, at 08:47, Michael Hausenblas wrote: Nathan, That sort of reminds me of something [1] ;) So, I asked a round a bit [2] and the answer essentially was: go register one ... fancy doing it together? The latest document draft-nottingham is here btw http://cidr-report.org/ietf/idref/draft-nottingham-http-link-header/ One could just register it by adding the relation in the acl ontology such as acl:rules a rdf:Property; rdf:domain foaf:Document; rdf:range foaf:Document; ... As you can see in the 5.5 examples, you can have a rel value as a URL. ( So in this it is similar to atom). The only disadvantage then is that you don't get the nice shorthand, for inclusion in Atom XML, and other documents. So I suppose the best would be to add the relation first to the ontology, work out a good wording for it, test it out, then ask for the IETF shorthand, the put an owl:sameAs link to the ietf one, which hopefully we can then convince them to serve up as linked data. I'd be happy to support a document for the link. It seems to me the Atom folks could find that very useful. Not sure yet how cold they are towards rdf still. Henry Cheers, Michael [1] http://webofdata.wordpress.com/2010/03/04/wod-access-control-discovery/ [2] http://lists.w3.org/Archives/Public/ietf-http-wg/2010JanMar/0218.html -- Dr. Michael Hausenblas LiDRC - Linked Data Research Centre DERI - Digital Enterprise Research Institute NUIG - National University of Ireland, Galway Ireland, Europe Tel. +353 91 495730 http://linkeddata.deri.ie/ http://sw-app.org/about.html From: Nathan nat...@webr3.org Organization: webr3 Reply-To: nat...@webr3.org Date: Mon, 19 Apr 2010 22:37:41 +0100 To: Linked Data community public-lod@w3.org, foaf-protocols foaf-protoc...@lists.foaf-project.org Subject: [foaf-protocols] ACL Hi All, I'm just trying to get an implementation of web access control [1] off the ground and have hit upon a small issue. I'm planning on exposing links to acl files via the Link header as directed, however I've realised there is no rel= for it, hence i was opting for a custom temporary type. On a first look a relation of acl:acl looks to be the one, but after checking the actual ontology the acl:acl link simply isn't there, thus in the meantime I've opted for: Link: /.wac/everyone.n3; rel=http://www.w3.org/ns/auth/acl#;; title=Access Control File Any improvements, or refinements welcome, as the above is just a temporary measure. Best, Nathan ___ foaf-protocols mailing list foaf-protoc...@lists.foaf-project.org http://lists.foaf-project.org/mailman/listinfo/foaf-protocols
Re: ACL Ontology and Discussion
On 20 Apr 2010, at 15:52, Nathan wrote: Hi All, I'd like to propose a few new additions to the ACL Ontology, I won't be specific on names but will describe each one and the associated need. The addition of groups - personally I see no need to define a set ontology for what constitutes a group when dealing with ACL, however it would be fantastic to be able to point to the URI of a Group of WebIDs and the relation, or predicate, that should be used. For example: [] a acl:Authorization ; acl:accessTo /pictures-of-me ; acl:mode acl:Read ; acl:agentGroupSource http://webr3.org/nathan#me ; acl:agentGroupLink foaf:knows . I think you can get what you want by using owl reasoning @prefix owl: http://www.w3.org/2002/07/owl# . @prefix acl: http://www.w3.org/ns/auth/acl# . [] a acl:Authorization ; acl:accessTo /pictures-of-me ; acl:mode acl:Read ; acl:agentClass :myfriends . :myfriends owl:equivalentClass [ a owl:Restriction; owl:onProperty [ owl:inverseOf foaf:knows ]; owl:hasValue http://webr3.org/nathan#me ] . in this scenario the agentGroupSource is a foaf:Person (me) and the relation to be used as members who have acl:Read access is everybody i foaf:knows. [] a acl:Authorization ; acl:accessTo /working-group ; acl:mode acl:Read , acl:Write ; acl:agentGroupSource /groups#working-group-members ; you probably want a acl:agentGroupSource /groups/#userGroup1 ; acl:agentGroupLink sioc:has_member . [] a acl:Authorization ; acl:accessTo /working-group ; acl:mode acl:Read , acl:Write ; acl:agentClass :wkgrp. :wkgrp owl:equivalentClass [ a owl:restriction; owl:onProperty sioc:member_of; owl:hasValue /groups/#userGroup1 . in this scenario the agentGroupSource is a sioc:Usergroup and the relation to be used as members who can Read,Write is sioc:has_member. I'm very aware that there are inverse relations here (sioc:member_of), but strongly feel that we can't be trusting anything in somebodies foaf profile document for ACL, so thus have negated entirely :) That is not a question of the direction of the realtion, but a question of which information you take as reliable. If you don't trust the information from the user's profile, don't merge it into the graph you use to decide who get access to some resource. I've also given the above pretty poor names of agentGroup* in the examples, purposefully to get some input on better names! Next up is acl:agentClass, I'm actually going to suggest deprecation or reserving it for future use, because afaict everything which is requesting access to a resource must be an agent of some kind, Not sure why you think so. The point of agentClass is to link to the set of agents that have access. Seems pretty reasonable to me. and if we were to distinguish between Classes of Agent then the only place we can find out what Class an Agent has, is in their foaf profile - which they control. The agent class is not a way of defining the type of the agent, it is a way to define the type of people who will be given access. agentClass a rdf:Property; rdfs:label agent; rdfs:comment A class of persons or social entities to being given the right; rdfs:domain Authorization; rdfs:range rdfs:Class. # Must be subclass of foaf:Agent. So for example you can say that access can only be granted to ex:Admin and I can say I am a foaf:Person, ex:Admin and gain access. That is why one would not use information from your foaf file to decide what class you are in. Presumably the class could be one defined either directly by a URL, which could list all its members, and presumably would be access controlled by someone reliable, or as above indirectly as your friends. In addition access control is a pretty critical issue, and adding in things which bring up many design issues about inference etc when they aren't strictly needed (as in groups and lists of WebIds suit the purpose and always have - imo) may not be the best course of action. (You've no idea how humbly I say that, but figure it best to bring it up). This does however bring up the issue of how to say read access for anybody with a webid - is there any wild card syntax that could be used for acl:agent or suchlike? If you want that you would do as the note in the acl ontology points out, you would use the class of foaf:Agent And finally, some form of doesn't have access - in many cases and on many systems I've implemented there has been very strong, non-optional, requirements to effectively ban or restrict access to certain people. You can use set operators defined here http://www.w3.org/TR/2004/REC-owl-guide-20040210/#SetOperators to define sets of people who are not allowed access. Often access is granted to everybody who is logged in but not to person-x and person-y. It seems that some for of acl:Unauthorisation is needed - but I'll leave it there for those
Re: ACL Ontology and Discussion
On 20 Apr 2010, at 21:13, Nathan wrote: Story Henry wrote: On 20 Apr 2010, at 15:52, Nathan wrote: I'd like to propose a few new additions to the ACL Ontology, I won't be specific on names but will describe each one and the associated need. The addition of groups - personally I see no need to define a set ontology for what constitutes a group when dealing with ACL, however it would be fantastic to be able to point to the URI of a Group of WebIDs and the relation, or predicate, that should be used. For example: [] a acl:Authorization ; acl:accessTo /pictures-of-me ; acl:mode acl:Read ; acl:agentGroupSource http://webr3.org/nathan#me ; acl:agentGroupLink foaf:knows . I think you can get what you want by using owl reasoning @prefix owl: http://www.w3.org/2002/07/owl# . @prefix acl: http://www.w3.org/ns/auth/acl# . [] a acl:Authorization ; acl:accessTo /pictures-of-me ; acl:mode acl:Read ; acl:agentClass :myfriends . :myfriends owl:equivalentClass [ a owl:Restriction; owl:onProperty [ owl:inverseOf foaf:knows ]; owl:hasValue http://webr3.org/nathan#me ] . in this scenario the agentGroupSource is a foaf:Person (me) and the relation to be used as members who have acl:Read access is everybody i foaf:knows. [] a acl:Authorization ; acl:accessTo /working-group ; acl:mode acl:Read , acl:Write ; acl:agentGroupSource /groups#working-group-members ; you probably want a acl:agentGroupSource /groups/#userGroup1 ; acl:agentGroupLink sioc:has_member . [] a acl:Authorization ; acl:accessTo /working-group ; acl:mode acl:Read , acl:Write ; acl:agentClass :wkgrp. :wkgrp owl:equivalentClass [ a owl:restriction; owl:onProperty sioc:member_of; owl:hasValue /groups/#userGroup1 . I'd really like to invest some time in to making better use of owl restrictions, ranges etc however a couple of things are stopping me (at the minute). 1: how do I implement this? I've not seen any tools yet that can handle this level of owl, inferencing and reasoning at runtime easily (to be realistic any implementation would need to have done it's work in a few milliseconds at most to be usable). If there are tools that can do this (even slowly) at runtime at the minute then I'm all ears! :) You probably don't need to do the reasoning every time. You just need to do it every so often, when you one of the resources you are relying on has changed. Then you fill out the class with all the members and you are done. It all depends how you use it. 2: how does this play with agentClass # Must be subclass of foaf:Agent? foaf:Agent is the set of all agents, if you want. then any class you place as the object of the acl:agentClass relation must be a set of agents, ie a subset of foaf:Agent. That fits in well. In any case what was proposed there is not that different from your proposal. It's just already documented and ready to roll. Also, even though this is a possibility surely some way of handling groups with simple to calculate methods would be a useful addition to the ontology? - I know that what I've suggested could be implemented with a simple forloop and if-match and that it would cover a huge range of functionality (most use cases I can think of / need at the least). You could implement something basic with a for loop perhaps. It's a good exercise. Are you trying to read any restriction that could be found anywhere on the internet? Or are you going to be in charge of the acls? If you are somewhat in charge of the acls, then you can make sure not to create too complex restrictions. You can probably get some of the Java reasoning tools to help you. They do some reasoning, and you can probably get quite far by using owl class descriptions to get you a listing of all the members of your class. That is at its most basic what these owl reasoners do really. in this scenario the agentGroupSource is a sioc:Usergroup and the relation to be used as members who can Read,Write is sioc:has_member. I'm very aware that there are inverse relations here (sioc:member_of), but strongly feel that we can't be trusting anything in somebodies foaf profile document for ACL, so thus have negated entirely :) That is not a question of the direction of the relation, but a question of which information you take as reliable. If you don't trust the information from the user's profile, don't merge it into the graph you use to decide who get access to some resource. I've also given the above pretty poor names of agentGroup* in the examples, purposefully to get some input on better names! Next up is acl:agentClass, I'm actually going to suggest deprecation or reserving it for future use, because afaict everything which is requesting access to a resource must be an agent of some kind, Not sure why you think so. The point of agentClass is to link to the set of agents that have access. Seems pretty reasonable to me
Re: backronym proposal: Universal Resource Linker
On 18 Apr 2010, at 11:18, Dan Brickley wrote: So - I'm serious. The term 'URI' has never really worked as something most Web users encounter and understand. For RDF, SemWeb and linked data efforts, this is a problem as our data model is built around URIs. If 'URL' can be brought back from limbo as a credible technical term, and rebranded around the concept of 'linkage', I think it'll go a long way towards explaining what we're up to with RDF. Thoughts? For the linked data movement, that seems like a good idea, definitively. The fact that RDF is defined around IRIs is great, because it means that we can be compatible with any future improvements. But we don't have to talk at that level of abstraction every day. Henry Dan -- Forwarded message -- From: Dan Brickley dan...@danbri.org Date: Sun, Apr 18, 2010 at 11:52 AM Subject: backronym proposal: Universal Resource Linker To: u...@w3.org Cc: Tim Berners-Lee ti...@w3.org I'll keep this short. The official term for Web identifiers, URI, isn't widely known or understood. The I18N-friendly variant IRI confuses many (are we all supposed to migrate to use it; or just in our specs?), while the most widely used, understood and (for many) easiest to pronounce, 'URL' (for Uniform Resource Locator) has been relegated to 'archaic form' status. At the slightest provocation this community dissapears down the rathole of URI-versus-URN, and until this all settles down we are left with an uncomfortable disconnect between how those in-the-know talk about Web identifiers, and those many others who merely use it. As of yesterday, I've been asked but what is a URI? one too many times. I propose a simple-minded fix: restore 'URL' as the most general term for Web identifiers, and re-interpret 'URL' as Universal Resource Linker. Most people won't care, but if they investigate, they'll find out about the re-naming. This approach avoids URN vs URI kinds of distinction, scores 2 out of 3 for use of intelligible words, and is equally appropriate to classic browser/HTML, SemWeb and other technical uses. What's not to like? The Web is all about links, and urls are how we make them... cheers, Dan
Re: [foaf-protocols] semantic pingback improvement request for foaf
On 17 Apr 2010, at 11:34, Melvin Carvalho wrote: 0. Search engine solution - Wait for a search engine to index the web, then ask the search engine which people are linking to you. Problems: - This will tend to be a bit slow, as a search engine optimised to search the whole web will need to be notified first, even if this is only of minor interest to them - It makes the search engine a core part of the communication between two individuals, taking on the role of the central database in closed social networks - It will not work when people deploy foaf+ssl profiles, where they access control who can see their friends. Search engines will not have access to that information, and so will not be able to index it. A great summary, Henry What about using W3C recommended standard of SPARQL (Update)? I refer to the architecture sketch for web 3.0: http://www.w3.org/DesignIssues/diagrams/social/acl-arch.png It strikes me a (hyper) data file *should* be, first and foremost, updated (write) using SPARUL or WebDAV and HTTP should be used for read operations. SPARUL seems to me to be asking a lot of technology for something that is really simple, and that is much easier done using much more widely deployed technology. This does not stop it from being deployed later. But we will have a lot more chance integrating foaf into web 2.0 applications if we don't require SPARUL, especially if it is clear that one can do without it. It is important to have this work in browsers too, so that people can create a friend request and have a web page, they can see the request at. This would allow them to then also DELETE that ping request, or edit it. This can all easily be done using POST, GET and DELETE. And mostly even just POST. Furthermore as we saw doing updates on graphs is still very new, and can easily lead to all kinds of problems. Finally a ping is arguably not a request to update a graph. It is an action to notify someone of something. That is all. As I mentioned in another thread, what the person notified does with this notification is up to them: it could be - to add the person to their foaf as a friend - to add them as an aquaintance -a spammer -a follower - ignore them - to warn their friends - to call the police I really don't see that I want to give other people any decision in updating my graphs. I can give them a space to make a comment, but updating my graph will be something I am going to be very careful about allowing. So I add you as a friend to my FOAF. And also send you a message with the triples I'd like you to add to your FOAF (use discovery if necessary to find your sparql server, but as tabulator does, you could just send it to the web 3.0 enabled file). As stated above, if that is what you want to do, then you don't need SPARUL. You could post a request which contains the triples that you want. Perhaps we can design the ping in such a way, that a change request can be posted, for occasions when you noticed an error in my foaf file You can peform some sanitization/validation/reputation check before adding the friend to your FOAF. It's a simple workflow to get you started, but you can build layers on top (push/pull, realtime, notifications, approvals etc.). Also compatible with FOAF+SSL Auth. I'd be for that, as long as we can start with a very simple ping mechanism that is easy to implement. And that would favor a POST, using an html form. Also it would be nice if this could be done in an intutive way so that we can have deployments with human readable html, that reminds people of SN friend requests. Henry
Re: [foaf-protocols] semantic pingback improvement request for foaf
On 17 Apr 2010, at 18:57, Kingsley Idehen wrote: All, In a sense, we should be able to crystallize the following via our Profile Pages: 1. Facebook Wall -- part of Facebook Profile Pages 2. Poke (not the greatest term when you factor in cultural diversity, but we do grok the nudge action) . yes. Great ideas. We would like to simplify the act of establishing and breaking friendship via a simple pinger mechanism where our HTML based Profile Docs should contain something like: link rel={pingback | poke | friend | something-else} href={pingHandlerEndpoint} ... / . Though it may even be better to have just one ping:request relation, that can be flexible and extensible. Mind you both are possible. We should decide to get the basic use cases done quickly and working, without attempting to overly generalise. Profile owner can then do whatever with these LINKs e.g., use SPARUL or some other mechanism to create specific assertions (via triples) in an EAV (e.g. RDF) data space (Document, Quad Store, whatever) Well, this is what has to be specified. The reader of these links needs to have some idea of what to do. As I pointed out using SPARUL here is going to make it much more difficult to integrate with a number of web 2.0 apps. And those are the apps with the best user interface designers working on them. So we need to start off with very few requirements (parsing RDF/xml, rdfa) HTTP GET and POST I think are the best. Web Apps that do have SPARUL access can of course be leverage that in the development of their own apps to gain development efficiency. If we can get friending and unfriending right, we will have something as viral as twitter for breaking down social network data silos while decentralizing identity via WebIDs. Absolutely. I can't believe we did not think of doing this before. We need {perl, python, scala,...} cgis, so that every one of us foafers can quickly add this functionality. I only get about 10 foaf friending requests a year. This would allow us to start making use of foaf. As soon as we have those simple proof of concepts we can then add this to tools such as Elgg, and give the web 2.0 community a reason to enter into the 2010 web3.0 decade :-) We are close to a real tipping point here, just got to keep the user aspect as simple as possible. yes. Also keeping the developer aspect is important. HTML forms marked up with RDF, simple things like that is something devs can understand quickly. Twitter and Facebook are more important than Wordpress re. Social Networking IMHO. We need to get back to the philosophy of blogging that Wordpress and co got so right though: distributed networks. So helping workdpress make use of their foaf like this could also be a great use case. Henry Links: 1. http://www.slideshare.net/guest1222bdb/mary-meeker-april-2010-internet-trends -- some nice market research
Re: semantic pingback improvement request for foaf
On 16 Apr 2010, at 11:48, Sebastian Tramp wrote: quote Story Henry (15.4.2010): I often get asked how one solve the friend request problem on open social networks that use foaf in the hyperdata way. Hi Henry, thank you for your introduction to these different solutions. As one of the members of AKSW who is responsible for the Semantic Pingback approach it is nice for me to see that our solution is discussed in a broader audience. Of course, the development of Semantic Pingback was driven with foaf+ssl in mind, but we also wanted to preserve backward compatibility for existing pingback clients (where possible). Oh. I had not thought of it as being related to foaf+ssl initially in particular. One of the main advantages of pingback (and thus Semantic Pingback) is the low entrance barrier for clients which want to trigger a pingback-request. This is done via a X-Pingback field in HTTP header of a pingback enabled resource. The auto discovery via header field is both simple and powerful. simple because a pingback clients does not need to use an XML parser (or an rdf parser) In the initial part described above this is true, and only if the HEAD contains the X-Pingback link header. (Otherwise you do need to parse the content) But later in the xml-rpc part it does absolutely require an XML parser, and furthermore it re-invents all the HTTP error/success headers in the XML, and one cannot say that what it did was an improvement. and powerful because also JPGs, PDFs and any other resource can be pingback enabled and the client only needs to request for the HEAD of a resource which is another advantage of pingback (thus the client is not forced to load a potential huge resource) yes, that makes a lot of sense. The out of date piece is more on sending a ping, and parsing the response, which is overly complicated, in large part not RESTful - eg it could return a URL to refer to the ping request object - but more below The reason for introducing the ping:service property in Semantic Pingback is more a integration issue (e.g. to query for such information via sparql). yes, that relation is very useful. The suggested no.1 auto suggestion method for a resource is still the header field (this policy preserves backward compatibility, allowing wordpress users to ping a linked data resource). yes, the backward compatibility is also very useful, and should be kept. According to your Improved Semantic PingBack approach (5). I understand your motivation to wipe-out the XMLRPC part of such a spec and maybe a POST request could be an alternative for such an RPC call I don't think that one should wipe out the XMLPRC piece in fact. I should make that clearer in the proposed definition of the ping:service relation. I was thinking one could extend it. Toby Inkster just made the point very well in another thread on the foaf-protocols mailing list http://markmail.org/message/xg4vfqitn2rqcrc7 When you POST a content, you are in fact doing something like reverse conneg. One error of the ping back service is to be entirely defined in terms of a representation. But that can be fixed. There is no reason not to extend it to other representations. HTML forms as specified here http://www.w3.org/TR/html4/interact/forms.html#form-content-type send content in either of two mime types - application/x-www-form-urlencoded - multipart/form-data The other error of xmlrpc is to re-invent HTTP content negotiation at the XML layer. So that it encapsulates error conditions in the XML-response. It is therefore not quite true, that XML-RPC does not require an XML parser. (however, this buries the compatibility to the blogosphere). It need not. We could have it so that ping back servers that are only referred to via the service:pingback relation in rdf, can offer only the new ping method. The other thing would be to have a new relation. In the case of friending services in foaf, it is unlikely that people will have their foaf served with X-Pingback headers. But in order to be as lightweight as the original spec is, we should then introduce a new header-field as well to allow easy auto-discovery of such a Post-Pingback endpoint as well. Since the XMLRPC related header is named X-Pingback, I suggest to use X-Pingback-Post for this thus lifting post-pingbacks as an alternative request to xmlrpcs. XML-RPC sends the information to the server also via a POST, so I am not sure that this would be the right way to distinguish them. I would be more in favour of calling the new relation Pingback without the X, and proposing it as an RFC. Given that we could establish this purely semantically, we should be able to get a lot more support. But that could take a bit more time, and perhaps only something to do at a later point. So I believe that Pingback needs to be fixed. The xml/rpc piece is just wrong. The easiest way may be to start
semantic pingback improvement request for foaf
Hi, I often get asked how one solve the friend request problem on open social networks that use foaf in the hyperdata way. On the closed social networks when you want to make a friend, you send them a request which they can accept or refuse. It is easy to set up, because all the information is located in the same database, owned by the same company. In a distributed social foaf network anyone can link to you, from anywhere, and your acceptance can be expressed most clearly by linking back. The problem is: you need to find out when someone is linking to you. So then the problem is how does one notify people that one is linking to them. Here are the solutions in order of simplicity. 0. Search engine solution - Wait for a search engine to index the web, then ask the search engine which people are linking to you. Problems: - This will tend to be a bit slow, as a search engine optimised to search the whole web will need to be notified first, even if this is only of minor interest to them - It makes the search engine a core part of the communication between two individuals, taking on the role of the central database in closed social networks - It will not work when people deploy foaf+ssl profiles, where they access control who can see their friends. Search engines will not have access to that information, and so will not be able to index it. 1. HTTP Referer Header -- The absolute simplest solution would be just to use the mis-spelled HTTP Referer Header, that was designed to do this job. In a normal HTTP request the location from which the requested URL was found can be placed in the header of the request. http://en.wikipedia.org/wiki/HTTP_referrer The server receiving the request and serving your foaf profile, can then find the answer to the referrer in the web server logs. Perhaps that is all that is needed! When you make a friend request, do the following: 1. add the friend to your foaf profile http://bblfish.net/#hjs foaf:knows http://kingsley.idehen.name/dataspace/person/kidehen#this . 2. Then just do a GET on their Web ID with the Referrer header set to your Web Id. They will then find in their apache logs, something like this: 93.84.41.131 - - [31/Dec/2008:02:36:54 -0600] GET /dataspace/person/kidehen HTTP/1.1 200 19924 http://bblfish.net/; Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 This can then be analysed using incredibly simple scripts such (as described in [1] for example) 3. The server could then just verify that information by a. doing a GET on the Referer URL to find out if indeed it is linking to the users WebId b. do some basic trust analysis (is this WebId known by any of my friends?), in order to rank it before presenting it to the user The nice thing about the above method is that it will work even when the initial linker's server does not have a Ping service for WebIDs. If the pages linking are in html with RDFa most browsers will send the referrer field. There is indeed a Wikipedia entry for this: it is called Refback. http://en.wikipedia.org/wiki/Refback Exactly why Refback is more prone to spam than the ping back or linkback solution is still a bit of a mystery to me. 2. Referer with foaf+ssl In any case the SPAM problem can be reduced by using foaf+ssl [2]. If the WebId is an https WebId - which it really should be! - then the requestor will authentify himself, at least on the protected portion of the foaf profile. So there are the following types of people who could be making the request on your WebId. P1. the person making the friend request Here their WebId and the referer field will match. (this can be useful, as this should be the first request you will receive - a person making a friend request, should at least test the link!) P2. A friend of the person making the friend request Perhaps a friend of P1 goes to his page, comes across your WebId, clicks on it to find out more, and authentifies himself on your page. If P2 is a friend of yours too, then your service would have something somewhat similar to a LinkedIn introduction! P3. Just someone on the web, a crawler... Then you know that he is making his friendship claim public. :-) The above seems to be just some of the interesting information one could get from the analysing the Referer field logs. 3. Pingback --- For some reason though the Referer Header solution was not enough, and so the pingback protocol was invented. http://www.hixie.ch/specs/pingback/pingback I am still not quite clear what this solution brings in addition to the refback one, other than that - it declares the method of the pingback declaratively. If there is a ping back header, then it is clear that it can be used. The referer header is
Re: [Patterns] Materialize Inferences (was Re: Triple materialization at publisher level)
On 7 Apr 2010, at 09:55, Leigh Dodds wrote: Linked Data can be consumed by a wide variety of different client applications and libraries. Not all of these will have ready access to an RDFS or OWL reasoner, e.g. Javascript libraries running within a browser or mobile devices with limited processing power. How can a publisher provide access to data which can be inferred from the triples they are publishing? It's not that difficult really to add basic reasoning to your data. Using SPARQL you can easily write out the most common rules. http://spinrdf.org/ My guess is that small devices will have more problems parsing and downloading large files than reasoning. I think more important is to get applications to use data. Then it will soon become clear as these applications grow, what data is useful to place at a location. Just as the web browser helped simpify choices of what needed to be published, so something like interacting foaf+ssl endpoints will end up making clear what it is best to publish, and what is best left for inferencing. So I'd say write apps that are viral and that consume the data. Then it will be clear what to publish, and also what reasoning is useful. Henry
Re: mailing-lists in semantic-land
I am not sure exactly how the thread by Carmen got going, or where it appeared from, but it seems pretty interesting. Note that on the w3c mail archives there are X-Archived-At headers with URLs for each mail. I don't understand why not every mailing list does that, as it is so clearly an excellent idea. Henry On 6 Apr 2010, at 23:40, carmenr wrote: So basically no-one in the Semantic Web community has a clue about mailing lists. That is quite cool in itself. $ mkdir mail/foaf-protocols $ cd mail/foaf-protocols $ wget http://lists.foaf-project.org/pipermail/foaf-protocols/2010-{January,February,March}.txt.gz gunzip *gz $ cd ../.. (you could stay in this directory if you want a sep index) $ e.console irb(main):002:0 E('/mail/foaf-protocols/*txt').glob.map :indexMbox = [/mail/foaf-protocols/2010-February.txt, /mail/foaf-protocols/2010-January.txt, /mail/foaf-protocols/2010-March.txt] mail is of course identified by message-ID: (E E::SIOC+'from').rangePO 'henry.st...@bblfish.net',1 = [/mail/foaf-protocols/2010-March/97] m=((E E::SIOC+'from').rangePO 'henry.st...@bblfish.net',1)[0].resource :mail irb(main):019:0 puts m.keys uri http://rdfs.org/sioc/ns#from http://rdfs.org/sioc/ns#name http://purl.org/dc/terms/date http://rdfs.org/sioc/ns#group http://rdfs.org/sioc/ns#subject http://rdfs.org/sioc/ns#reply_of http://rdfs.org/sioc/ns#reference http://rdfs.org/sioc/ns#content (not sure all predicates exist, but theyre trivially changed) m.uri = 5faadd40-416a-43a4-a0fe-7f8b41d3c...@bblfish.net message identifier, it can be plugged into gmane : http://mid.gmane.org/5faadd40-416a-43a4-a0fe-7f8b41d3c...@bblfish.net or local DB (filesystem really) irb(main):022:0 (E m.uri).r = From: henry.story at bblfish.net (Story Henry)\nDate: Thu, 11 Mar 2010 20:27:05 +0100\nSubject: [foaf-protocols] [xwiki-devs] http://webid.myxwiki.org/\nIn-Reply-To: d61d8c2e-e77e-4856-aec9-764e9ca0a...@bblfish.net\nReferences: d61d8c2e-e77e-4856-aec9-764e9ca0a...@bblfish.net\nMessage-ID: 5faadd40-416a-43a4-a0fe-7f8b41d3c...@bblfish.net\n\n\nOn 9 Mar 2010, at 20:40, Story Henry wrote:\n\n A very basic implementation of foaf+ssl is up here:\n \n http://webid.myxwiki.org/\n\nWhile fixing Chrome [0], we found a bug with my previous implementation of web.. and HTTP (a prettily formatted and link-clickable version) [r...@x200 element]# curl -I http://m/5faadd40-416a-43a4-a0fe-7f8b41d3c...@bblfish.net HTTP/1.1 200 OK Content-Type: text/html Content-Length: 4701 (raw message) [r...@x200 element]# curl -I http://m/5faadd40-416a-43a4-a0fe-7f8b41d3c...@bblfish.net?raw HTTP/1.1 200 OK Content-Type: message/rfc822 Content-Length: 2034 (content-type turtle) curl http://m/-/5faadd40-416a-43a4-a0fe-7f8b41d3c...@bblfish.net -H Accept: application/turtle @base / . @prefix rdf: http://www.w3.org/1999/02/22-rdf-syntax-ns# . ma/foaf-protocols/2010-March/97 fs:ftype file ; fs:mtime 2010-04-06 21:21:45 + ; fs:size 2034 . 5faadd40-416a-43a4-a0fe-7f8b41d3c...@bblfish.net http://purl.org/dc/terms/date 2010-03-11T19:27:05+00:00 ; http://rdfs.org/sioc/ns#content snip wrote some domain-specific views for mails (suggestions welcome) http://m/ma/foaf-protocols/*/*?view=threads = http://i.imgur.com/eeP8W.png a 'long tail' approach might be good, so you dont miss the important threads if ignoring a list for a week/month/forever: http://i.imgur.com/L9Spu.png zoomed-out theres a generic (Exhibit - inspired) facet-top which just counts the most occurences of p/o: http://m/ma/foaf-protocols/*/*?view=topfacea=sioc:from 668 198 henry.st...@bblfish.net 111 home...@msn.com 71melvincarva...@gmail.com 48kide...@openlinksw.com 32bruno.harbu...@manchester.ac.uk a custom domain-specific aggregation http://m/ma/foaf-protocols/*/*?view=topthreads 39[foaf-protocols] FOAF+SSL and root certificates 35[foaf-protocols] FOAF+ssl, access control. 29[foaf-protocols] rsa / cert Ontology questions. 24[foaf-protocols] foaf+ssl working on Internet Explorer 22[foaf-protocols] Lack of browser support suporting these kind of ad-hoc URI-specified workflows and making them fast drove the refactoring of http://gitorious.org/element and thats proably why it uses JSON almost everywhere, and the innate ruby Hash implementation rather than a RDF library - URIs are identifiers + conneg works anyways a thread-reconstructor finds entire thread given a message model={} Fn 'data/thread', E('4b83f2fc.8010...@webr3.org'),nil,model model.keys = [4b83f2fc.8010...@webr3.org, d2e1fd7a-8f66-4780-ac2a-baee6c973...@bblfish.net, 4b83fc31.2080...@manchester.ac.uk, 4b856fd5.5050...@webr3.org, 4b83ff45.3080...@webr3.org, 4b8564ed.4090...@manchester.ac.uk, 4b83ffa8.4040...@webr3.org, 4b854702.1040...@manchester.ac.uk, 4b840cc8.3010...@manchester.ac.uk
foaf+ssl FAQ - was: call to arms
On 30 March 2010 15:00, henry.st...@bblfish.net wrote: On 30 Mar 2010, at 06:16, Peter Ansell wrote: Not sure if the answers to these questions are widely known but I haven't been able to answer conclusively them looking through the few documents that relate to this very new technology. I think we should add this email to the FAQ list. :-) I get asked exactly those questions every time I talk. Which is making me think that Plato was right: the world of ideas is real, as real as the physical world, and to get from A to B in a particular geography one has to follow a certain path. Everybody follows the path you have just followed I enhanced the foaf+ssl FAQ page with the questions that came up on this list and added a few diagrams which I hope will make it clearer how it works. http://esw.w3.org/Foaf+ssl/FAQ Hopefully as the demos keep improving the need for readable explanation will disappear from view to most users. Henry
Re: A URI(Web ID) for the semantic web community as a foaf:Group
On 26 Mar 2010, at 15:22, KangHao Lu (Kenny) wrote: Hi all hi Tom, Does the Semantic Web Interest Group (or the Linked Data community), as a foaf:Group or something equivalent, has a WebID(URI)? Sorry but I didn't check whether this has been brought up. If it doesn't, I would certainly hope that it does have one. I think the best choice might be something like http://linkeddata.org/data#swig It would also enable us to use foaf+ssl to enable all members of that group access to a wiki, or to some project, or to get special prices on events :-) That would make for a very good demo. Henry
Re: Contd: A URI(Web ID) for the semantic web community as a foaf:Group
On 26 Mar 2010, at 18:59, Kingsley Idehen wrote: This is how it works: 1. New Users open accounts 2. Edit profile 3. Click a button that makes an X.509 certificate, exports to browser, and writes to FOAF space 4. Member visits any FOAF+SSL or OpenID space on the Web and never has to present uid/pwd For existing members, they simply perform steps 3-4. You know this, but let me just add that what is needed is for people to be able to make their WebId Profile on any other platform, and also be able to log in. :-) Henry
Re: Storing PKCS#12 inside FOAF profile for FOAF+SSL
On 22 Feb 2010, at 14:50, Nathan wrote: Melvin Carvalho wrote: CC: foaf-protocols On 22 February 2010 14:40, Nathan nat...@webr3.org wrote: Hi All, As per the subject, I'm very tempted to store a base64 encoded versions of my PKCS#12 certificate store file inside my FOAF profile; this way at any point I can simply download it; decode it and pop it in whatever client browser I want; knowing that it can only be unlocked with the password only I know. Thoughts, Opinions? talked myself out of it; I'd leave my identity open to a brute force attack to crack the password; anybody could simply download my FOAF; base64_decode the pkcs#12 and then brute force it open. Yes, check out the foaf+ssl protocol. It's very easy to create public key pairs, one for each browser, and it really makes sense to publish the public key there, using the cert and rsa ontologies http://esw.w3.org/topic/foaf+ssl Henry
Re: Storing PKCS#12 inside FOAF profile for FOAF+SSL
On 22 Feb 2010, at 15:07, Nathan wrote: So I can just chain up multiple public key pairs in my FOAF profile ya? yes, you just need to tie them to your WebId. See my foaf, where I have two: http://bblfish.net/people/henry/card Henry perfect - thanks :) next quick question; expired certificates - need to be removed from FOAF profile yeah? very good question. As we are just looking at improving the cert ontology ( http://www.w3.org/ns/auth/cert ) it would be worth looking at that So currently you are publishing a relation from your public key to the person who knows the public key: :pk a rsa:RSAPublicKey; cert:identity :me ; rsa:public_exponent 65537^cert:decimal ; rsa:modulus ba111346f7555ac5ad4378c73ce 0f921fc4f4dd69dcea003 0b6d294e6f8b133ce29812e1cbfd8bcceb43c7d87a6083a9f 1fdb67a267fe32ac7ff4643b7988d1f63bee924643fb33c5e 16859b9b606b0242bc69e91069c6e93f4c4a2cc3fb12887b7 190c675fcef24f10a05669f0e750d7fc9922e958b79d8f3e1 30821123259f^cert:hex . the cert:identity is really a relation between a public key and an agent that knows the private key for it. It is not a relation between a _certificate_ and the agent that knows its public key for its private key. You could have a number of certs each using the same public key that would expire at different dates. The SSL layer communicating with your browser would have to reject those certificates that had expired. So it has been suggested that we have a better named relation between the agent and the public key. Perhaps cert:public_key, cert:controlsPublicKey, cert:knowsPrivateKeyOfthisPublicKey, cert:canOpen, cert:canUnlock ? We could then write this :me xxx:canUnlock :pk . So what happens if your private key is stolen? Well now thief xxx:canUnlock :pk . and both are true. This brings me to the point that cert:identity is not quite the inverse of xxx:canUnlock. cert:identity is functional. It is saying that there is only one person who can unlock the key. This is important because otherwise one could not deduce from someone knowing the key, whom it identified. If you claim that a public key is your cert:identity, you are obliged to take precautions with your key and make sure that the statement remains true (or you are either irresponsible or a liar). But as Bruno, just pointed out, you may still want to make a claim about there being a time at which you were cert:identified by the key, so that you can make claims about statements being made before a certain date. To do this we will need a notion of an identity on a time slice of a person. So we don't want to make cert:identity such a relation because it's nice an direct, and it covers most cases. We would need something like this :pk cert:timeIdentified [ a TimeSlice; of :me; from 2009-10-10...^^xsd:dateTime; to 2010-01-01...^^xsd:dateTime . ] . It does not make sense to have time slices on a key, as that is a mathematical entity, very similar to a literal. Now if someone has some good suggestions of time slice ontologies to use, I think we could document how to do that. For the moment we have not had the need for it. Henry . It makes the claim that the object of the relation is the only agent that can unlock the key. So when someone steals your private key then :pk cert:identity :thief, :me .
Re: What is the class of a Named Graph?
On 21 Feb 2010, at 01:38, Nathan wrote: Hi All, As the subject line goes - what is the (recommended) rdfs:Class of a Named Graph? Thus far I can only see: a: http://www.w3.org/2004/03/trix/rdfg-1/Graph I could dereference this and find it's meaning. b: http://sw.nokia.com/RDFQ-1/Graph I could not dereference this. So a: is the one to use. Henry Where [a] is used as the domain of swp:Warrant,Authority etc. Any further input before I start using rdfg-1:Graph when describing graphs? Many Regards, Nathan
Re: The status of Semantic Web community- perspective from Scopus and Web Of Science (WOS)
Dan Brickley wrote: However it did not leave any footprint in the academic literature. We might ask why. Like much of the work around W3C and tech industry standards, the artifacts it left behind don't often show up in the citation databases. A white paper here, a Web-based specification there, ... it's influence cannot easily be measured through academic citation patterns, despite the fact that without it, the vast majority of papers mentioned in http://info.slis.indiana.edu/~dingying/Publication/JIS-1098-v4.pdf would never have existed. Btw, last summer at the ESWC SPOT2009 workshop Matthew Rowe and Jonathan Butters presented a paper that took into account online documents (blogs, standards, ), as well as the academic pdf based publishing to glean a global social network. Assessing Trust: Contextual Accountability is available here: http://spot.semanticweb.org/2009/ As far as trying to relate both spaces, this is a good piece of work. It is clear that one needs to look at the global information systems to get a coherent view. I do agree with Danbri that standard based documents go through a lot more review than academic papers. Having these online and linkable also means they can be a lot more influential. Even more so if the ideas are implemented in real useable software. Just to give a minor example: The Atom XML IETF standard I participated in developing was the culmination of years of development on RSS work. The group spent 2 years working out the details of the wording of that document. This then was incorporated into software used by millions of people. And for some reason a lot of Academic papers fail to cite web based standards, blogs or other places where ideas may have emerged. Henry
Re: [foaf-protocols] foaf classes for primary Topic
On 31 Jan 2010, at 17:25, Peter Williams wrote: Let's build that linq2rdfa driver! It’s the killer app for the semweb, in Microsoft land. I agreee. From the Java perspective this is very much what I found too. When I first learned RDF I was really intrigued about how it related to Object Oriented Programming, which I was familiar with. So I tried to write a mapper for it to Java, which to my astonishment was really a lot easier than I thought. This really helped me understand how OO programming and the semantic web mesh together. Having these tools for run of the mill programmers is really important as Peter points out to get them to overcome the fear of the new: by bringing the semweb back to something they know. This thought is what led me to develop the Sommer library: https://sommer.dev.java.net/sommer/index.html Doin this made it clear that really the major difference is that we name things and fields with URIs. The next difference is that of Graphs, which is a little more difficult to merge correctly into OO languages (or for that matter most traditional programming languages). Still before tools such as Hibernate and such for Java came out, people worked with SQL directly. So people went on a long time with this pain point... To start off we need really good examples of the usage of RDF. And I think foaf+ssl is that key driver, because it has the ability to give people access to things they would not otherwise have had access to: eg: going to a party. Henry
Re: Enterprise level RDF Scripting ( was: [foaf-protocols] foaf classes for primary Topic )
On 1 Feb 2010, at 15:08, Aldo Bucchi wrote: Hi, On Mon, Feb 1, 2010 at 9:11 AM, Story Henry henry.st...@bblfish.net wrote: On 31 Jan 2010, at 17:25, Peter Williams wrote: Let's build that linq2rdfa driver! It’s the killer app for the semweb, in Microsoft land. Cool! This topic is coming up again ;) I agreee. From the Java perspective this is very much what I found too. When I first learned RDF I was really intrigued about how it related to Object Oriented Programming, which I was familiar with. So I tried to write a mapper for it to Java, which to my astonishment was really a lot easier than I thought. This really helped me understand how OO programming and the semantic web mesh together. Having these tools for run of the mill programmers is really important as Peter points out to get them to overcome the fear of the new: by bringing the semweb back to something they know. This thought is what led me to develop the Sommer library: https://sommer.dev.java.net/sommer/index.html Doin this made it clear that really the major difference is that we name things and fields with URIs. The next difference is that of Graphs, which is a little more difficult to merge correctly into OO languages (or for that matter most traditional programming languages). Still before tools such as Hibernate and such for Java came out, people worked with SQL directly. So people went on a long time with this pain point... To start off we need really good examples of the usage of RDF. And I think foaf+ssl is that key driver, because it has the ability to give people access to things they would not otherwise have had access to: eg: going to a party. Henry: Here's an idea. Instead of trying to bake this cake by ourselves, can you tap into Martin Odersky's team and propose some use cases? I could help with that if you get his attention. He's the guy behind Scala and they are on a rampage these days. Yes, I have played a little with Scala. It should be easy to fit in. I think some initial work may even have been done by the Elmo folks. http://openrdf.org/ . Now. Even w/o tweaking the compiler or the grammar to support URIs, the DSL capabilities of Scala make it possible to do beautiful things: http://code.google.com/p/scardf/ yes, that is interesting... Thanks for the pointer. That project is a good start but there are still some issues to address. I have my own experimental framework but, just as you describe, N1 issue is native type integration and we should explore this at a lower level. If we could just get native URIs / XSD datatypes things would be awesome. yes, and one should not get stuck with xsd data types. I think in fact that is a problem with many frameworks is that they are stuck into not allowing datatpes as subjects for example. 123^^xsd:int . is very similar to [ xsd:int 123 ]. which in N3 can be written. 123^xsd:int . Then, Number 2 is graph traversal which can be solved by having some sort of path language baked in, ( which is compiled to a single query underneath instead of being evaluated step by step via API, which is the case in scardf ) . sounds interesting. Number 3 is datasource management. Tying up a datasource as an implicit value or bound to a thread. Nothing new under the Sun here ( pun intended ) ;) This is where things get interesting as the datasource could actually be a full blown Linked Data client such as Virtuoso with Spongers turned on. you mean something like tying to a graph or a virtual graph? Finally. My initial look at the Scala grammar suggests that we should be able to fit in URIs. There is support for XML literals and URIs are easily recognizable as they have a strict syntax. Qnames could also happen. Language support would be great. I want to use Scala more myself. Though I have been in the last year moving towards email as my every day tool. Need to get back to programming a little bit... I'd be happy to support an effort such as this. I'll see how much time I have though... It depends how much time I end up spending programming again. Henry Regards, A Henry -- Aldo Bucchi skype:aldo.bucchi http://www.univrz.com/ http://aldobucchi.com/
Nov 2, Social Web Camp, Santa Clara
There will be a Social Web Camp in Sun Offices in Santa Clara on Monday November 2. It's is being hosted by SUN Microsystems and organized by Henry Story and Daniel Appelquist of Vodafone, co-chair of the W3C Social Web XG. Imagine a world where everybody could participate easily in a distributed yet secure social web. In such a world people could place their photos, music, or other content on their web site and give access to some of it to their friends, some to their family, the rest to their colleagues, and some even to the friends of their friends... How can one do this without requiring every participant to create one login for each of their friends site? How does one do this in a distributed and flexible manner compatible with web architecture? What issues would need to be solved to make this possible? All topics related to the Social Web will be covered, in a bar-camp style. It will be broad and open to all types of participants. See the subjects up for discussuion on the wiki/registration page: http://barcamp.org/SocialWebCamp-Santa-Clara When: Monday, 2nd of November starting 9:00 am ( up to 5pm ) Where: The Auditorium at Sun's Campus, 4030 George Sellon Circle Santa Clara, 95054 California Please forward to interested parties, tweet, blog! Henry Story Social Web Architect Sun Microsystems Blog: http://blogs.sun.com/bblfish
Re: ANN: sameas.org
On 4 Jun 2009, at 12:18, Toby Inkster wrote: On Thu, 2009-06-04 at 00:54 +0100, Richard Cyganiak wrote: The general RDF graph has the shape A: U1 owl:sameAs U1, U2, U3, U4 . Oh yes, another thing: saying the above, with OWL reasoning in place is equivalent to saying: B: U1 owl:sameAs U1, U1, U1, U1 . Naming the two above statements A and B it is true that when A is true so is B. But clearly there is a difference in sense, as Frege was forced to admit over 100 years ago, if I remember my logic correctly. This is the case since the information content of B is close to 0, whereas A could come as a surprise, and certainly can teach one something new. It can produce a cognitive change in the believer. The way to think of it is that when you write one of the above sentences you are writing these statements down using precise URIs, thought of as Strings here. The sentences themselves cannot be understood without those syntactic tokens. Each of these URIs refers to an object in reality, but each one does so in a different way. In the case of http URIs this is quite evident: dereferencing each one gets one to a different representation, which can be thought of as defining or contributing to the sense of the URI in what could be called a canonical way. So in short there is no need to use URI strings to make statements about owl sameas Henry Social Web Architect Sun Microsystems Blog: http://blogs.sun.com/bblfish
Re: units and durations
On 10 Dec 2008, at 15:43, Toby A Inkster wrote: Georgi Kobilarov wrote: 1. lengths: metre, kilometre, centimetre, km^2, etc. dbpedia:Rhine http://dbpedia.org/ontology/length 1320^^http://dbpedia.org/ontology/kilometre See: http://idi.fundacionctic.org/muo/muo-vocab.html Very thorough work but it makes the mistakes described here http://esw.w3.org/topic/InterpretationProperties So for example his example http://forge.morfeo-project.org/wiki_en/index.php/Units_of_measurement_ontology :Spain :area [ muo:numericalValue 504782^^xsd:double ; muo:measuredIn :Sq_Km ] . will when merged with the following which represents the same area :Spain :area [ muo:numericalValue 50478200^^xsd:double ; muo:measuredIn :Sq_m ] . give the useless :Spain :area [ muo:numericalValue 504782^^xsd:double ; muo:numericalValue 50478200^^xsd:double ; muo:measuredIn :Sq_m; muo:measuredIn :Sq_Km ] . if the :area relation is considered to be functional, which it should very well be considered to be. A better solution is found here: http://www.w3.org/2007/ont/unit Use cwm to read it 2. runtimes seconds, minutes, hours, days... dbpedia:Yellow_Submarine_(song) http://dbpedia.org/ontology/runtime 2:38^^http://dbpedia.org/ontology/minute dbpedia:The_Departed http://dbpedia.org/ontology/runtime 151^^http://dbpedia.org/ontology/minute 3. durations dbpedia:Thirty_Years'_War http://dbpedia.org/ontology/date 1618-1648^^??? In terms of ISO 8601, durations are defined as abstract floating lengths of time, such as three and a half minutes. When you fix the duration to a particular time, such as three and a half minutes, starting now, then it is classed as an interval. For durations, there is there is xsd:duration. e.g. dbpedia:Yellow_Submarine_(song) ont:runtime PT2M38S^^xsd:duration . For intervals, XSD doesn't offer a datatype, but ISO 8601 at least offers a machine readable standard syntax for them - intervals are written, slash-separated, as a start-time/end-time pair, a start- time/duration pair, or a duration/end-time pair. Personally, I tend to represent this in RDF as: dbpedia:Thirty_Years'_War ont:date 1618/1648^^urn:iso:std:iso:8601#timeInterval . There are temporal ontologies that would work better here. Think of time slices. http://www.w3.org/TR/owl-time/ -- Toby A Inkster mailto:[EMAIL PROTECTED] http://tobyinkster.co.uk
Re: Berlin SPARQL Benchmark V2 - Results for Sesame, Virtuoso, Jena TDB, D2R Server, and MySQL
As a matter of interest, would it be possible to develop RDF stores that optimize the layout of the data by analyzing the queries to the database? A bit like a Java Just In Time compiler analyses the usage of the classes in order to decide how to optimize the compilation. Henry On 24 Sep 2008, at 20:30, Paul Gearon wrote: A related point is that processing RDF to create an object means you have to move around a lot in the graph. This could mean a lot of seeking on disk, while an RDBMS will usually find the entire object in one place on the disk. And seeks kill performance. This leads to the operations used to build objects from an RDF store. A single object often requires the traversal of several statements, where the object of one statement becomes the subject of the next. Since the tables are typically represented as Subject/Predicate/Object, this means that the main table will be joined against itself. Even RDBMSs are notorious for not doing this efficiently.
Re: W3C RIF BLD Last Call (10 days left in comment period)
Just on first reading I find the syntax to be quite problematic. It clashes with other well known syntaxes namely Turtle, SPARQL and N3. The two problems I see is that in those languages square brackets are used for blank nodes, and { } to delimit graphs. As an example take the following http://www.w3.org/TR/2008/WD-rif-rdf-owl-20080730/#RDF_Compatibility [[ Forall ?x ?y ?z (?x[ex:uncleOf - ?z] :- And(?x[ex:brotherOf - ?y] ?y[ex:parentOf - ?z])) ]] If I were to write the above in SPARQL I think you meant to say [[ PREFIX ex: http://example.org/rif CONSTRUCT { ?x ex:uncleOf ?z } WHERE { ?x ex:brotherOf ?y . ?y ex:parehtOf ?z . } ]] In N3 similarly [[ { ?x ex:brotherOf ?y . ?y ex:parehtOf ?z . } = { ?x ex:uncleOf ?z . } ]] SPARQL is already widely deployed, and there are a lot of N3 rules out there, that are very useful guides for people working their way around the web. There is even more Turtle around, and it is a blessing that it is now being used, as RDF/XML though very nice in many ways, leads to a huge amount of confusion. My feeling is that the current human readable syntax, not being aligned with SPARQL is going to create confusion unecessarily. It seems to be that an attempt should be made to get something that fits better with SPARQL and N3 intuitions, so as to make the learning curve as light as possible for people who are new to this world. Henry On 9 Sep 2008, at 16:51, Sandro Hawke wrote: The W3C specifications for logic rules and for using rules with RDF and OWL are in their Last Call public comment period. This is the time for people to read them and tell us about anything that doesn't seem right. After this, if you don't like something in the spec, it will be increasingly hard to get it changed. We would like comments by September 19 in order to consider them for our next set of revisions. For more details, see this e-mail I sent August 1st: http://lists.w3.org/Archives/Public/semantic-web/2008Aug/0002.html Thanks! -- Sandro