Web http://www.roland-stuehmer.de/tags/web en RDF Access Control http://www.roland-stuehmer.de/content/rdf-access-control <span property="schema:name" class="field field-node--title field-name-title field-type-string field-label-hidden">RDF Access Control</span> <span rel="schema:author" class="field field-node--uid field-name-uid field-type-entity-reference field-label-hidden"><a title="View user profile." href="/users/rolandstuehmer" lang="" about="/users/rolandstuehmer" typeof="schema:Person" property="schema:name" datatype="" class="username">roland.stuehmer</a></span> <span property="schema:dateCreated" content="2014-10-02T13:39:50+00:00" class="field field-node--created field-name-created field-type-created field-label-hidden">Thu, 10/02/2014 - 15:39</span> <div property="schema:text" class="clearfix field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div property="schema:text" class="field-item"><p>There are several approaches to modelling access control using <abbr title="Resource Description Format">RDF</abbr>. The approaches use <abbr title="Resource Description Format">RDF</abbr> as a modelling language for permissions linking users with user's rights on the one hand and on the other hand are used on <abbr title="Resource Description Format">RDF</abbr> data granting access to users (linking permissions with data). All approaches <em>grant</em> access to <abbr title="Resource Description Format">RDF</abbr> resources while assuming what is not granted is forbidden.</p> <h2>Related Work</h2> <p>The <strong>S4AC Vocabulary</strong> Specification 0.2<sup id="fnref:Villata et al. 2011"><a href="#fn:Villata et al. 2011" class="footnote-ref">1</a></sup> defines access rights tailored towards <abbr title="Resource Description Format">RDF</abbr> query answering, i.e. <abbr title="SPARQL Protocol and RDF Query Language">SPARQL</abbr> processing. The vocabulary defines access rights Create, Read, Update and Delete. The model is very expressive by allowing fine-grained access condition modelled as contextual queries against arbitrary context data to check. However, the integration with <abbr title="SPARQL Protocol and RDF Query Language">SPARQL</abbr> is not applicable for our system as not all operations require a query such as a plain subscription to a stream.</p> <p><strong><abbr title="Semantically-Interlinked Online Communities">SIOC</abbr> Access</strong> is a part of the <abbr title="Semantically-Interlinked Online Communities">SIOC</abbr> specification<sup id="fnref:Berrueta 2010"><a href="#fn:Berrueta 2010" class="footnote-ref">2</a></sup>. It is a very simple but extensible vocabulary to define permissions in the scope of the social Web. The vocabulary does not have any predefined rights. The lack of rights, the focus on social communities and its lack of traction on the Web are the drawbacks of this candidate when choosing a model for access control in our system.</p> <p>The <abbr title="World Wide Web Consortium">W3C</abbr> <strong>WebAccessControl (<abbr title="WebAccessControl">WAC</abbr>)</strong><sup id="fnref:Berners-Lee 2009"><a href="#fn:Berners-Lee 2009" class="footnote-ref">3</a></sup> is a generic vocabulary declaring some predefined rights (Read, Write, Append, Control) on Web information resources. Streams in our system are information resources so the vocabulary can be used without change. Access rights must be extended for our system to govern the real-time access <code>Notify</code> and <code>Subscribe</code> in addition to the predefined rights <code>Read</code> and <code>Write</code> for static data.</p> <h2>Our System, Using Access Control for Streaming Data</h2> <p>Data in our system<sup id="fnref:Stühmer et al. 2013"><a href="#fn:Stühmer et al. 2013" class="footnote-ref">4</a></sup> is organized in streams (cf. topic-based publish/subscribe). Attributing access control on a per-stream granularity was chosen. Finer granularity such as per-event attribution was discarded. The expected performance impact at runtime was thought to be unnecessarily high when having to check each event for each of its recipients before delivery. Coarser granularity such as granting access to all streams at once, however, was contradicting our requirement for multitenancy without having the ability to separate users.</p> <p>After analysing the existing <abbr title="Resource Description Format">RDF</abbr> models for access control mentioned above we concluded that <em><abbr title="World Wide Web Consortium">W3C</abbr> WebAccessControl</em> was the most viable candidate of the three available candidates S4AC, <abbr title="Semantically-Interlinked Online Communities">SIOC</abbr> Access and the <abbr title="World Wide Web Consortium">W3C</abbr> WebAccessControl. Reasons were its traction on the Web, its generality, and its ease of use compared to the other candidates (e.g. linking permissions with plain <abbr title="Resource Description Format">RDF</abbr> resources instead of complex <abbr title="SPARQL Protocol and RDF Query Language">SPARQL</abbr> queries to define rights).</p> <p>The figure below shows the concepts of WebAccessControl (<abbr title="WebAccessControl">WAC</abbr>). The bottom of the figure shows that a single permission (<code>Authorization</code> in <abbr title="WebAccessControl">WAC</abbr> terms) is a ternary relation. It consists of an agent (who can access), an information resource (what) and a mode (how), cf. middle line of the figure. An example ternary relation is: <code>Roland</code> can access the <code>TwitterFeed</code> with permissions <code>Subscribe</code> and <code>Read</code>. The top left of the figure shows an agent can be either a group or an individual user's account. User accounts can be members in groups. If accounts are defined in several locations, they can be declared to be the same.</p> <p><img src="http://www.roland-stuehmer.de/sites/default/files/accesscontrol.png" alt="Access Control Lists" title="Access Control Lists using the W3C WebAccessControl Vocabulary (Class Diagram)" /></p> <p>In the figure the concepts from the <abbr title="WebAccessControl">WAC</abbr> vocabulary are highlighted in blue colour. <abbr title="WebAccessControl">WAC</abbr> has predefined access rights <code>Read</code> and <code>Write</code> for static data, cf. top right of the figure. For the use with real-time data we extended <abbr title="WebAccessControl">WAC</abbr> with the rights <code>Notify</code> and <code>Subscribe</code>. The classes on white background in the figure are defined as part of this work. Finally, the classes in yellow are from the <abbr title="Semantically-Interlinked Online Communities">SIOC</abbr> vocabulary.</p> <p>The following listing in Turtle syntax shows two example authorizations <code>p0001</code> and <code>p0002</code> in the namespace <code>permission</code> starting on line 10 and 15. A user <code>person:rs</code> who is member of the group <code>group:administrators</code> is shown starting on line 20. Both permissions exhibit the ternary relation between who, what and how access is granted. The first permission states that Roland (<code>rs</code>) can access the <code>TwitterFeed</code> with permissions <code>Subscribe</code> and <code>Read</code>. The second permission states that <code>group:administrators</code> can access the <code>FacebookStatusFeed</code> with permission <code>Write</code>.</p> <p>[geshifilter-code langauge="ttl"]&#10;@prefix acl: &lt;http://www.w3.org/ns/auth/acl#&gt; .&#10;@prefix foaf: &lt;http://xmlns.com/foaf/0.1/&gt; .&#10;@prefix group: &lt;http://groups.event-processing.org/id/&gt; .&#10;@prefix permission: &lt;http://permissions.event-processing.org/id/&gt; .&#10;@prefix person: &lt;http://www.roland-stuehmer.de/profile#&gt; .&#10;@prefix s: &lt;http://streams.event-processing.org/ids/&gt; .&#10;@prefix sioc: &lt;http://rdfs.org/sioc/ns#&gt; .&#10;@prefix wsnt: &lt;http://docs.oasis-open.org/wsn/b-2/&gt; .&#10;&#10;permission:p0001&#10; acl:accessTo s:TwitterFeed ;&#10; acl:agent person:rs ;&#10; acl:mode wsnt:Subscribe , acl:Read .&#10;&#10;permission:p0002&#10; acl:accessTo s:FacebookStatusFeed ;&#10; acl:agent group:administrators ;&#10; acl:mode acl:Write .&#10;&#10;person:rs&#10; sioc:member_of group:administrators ;&#10; owl:sameAs &lt;http://data.semanticweb.org/person/roland-stuehmer&gt; .&#10;[/geshifilter-code]</p> <p>When defining permissions, the streams are modelled as information resources (e.g. <code>http://.../TwitterFeed</code> on line 11 without the trailing <code>#stream</code>). Elsewhere, streams are modelled with their non-information resource (e.g. <code>http://.../TwitterFeed#stream</code>). Making this distinction (cf. the so-called <a href="http://en.wikipedia.org/wiki/HttpRange-14">httpRange-14 issue</a>) we can attribute different metadata to the information for the stream (e.g. annotate permissions) and to the real-world stream (e.g. annotate its real-world event source or author).</p> <div class="footnotes"> <hr /> <ol> <li id="fn:Villata et al. 2011"> <p>Villata, S.; Delaforge, N. &amp; Gandon, F. <a href="http://ns.inria.fr/s4ac">S4AC Vocabulary Specification 2011</a>&#160;<a href="#fnref:Villata et al. 2011" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> <li id="fn:Berrueta 2010"> <p>Berrueta, D. <a href="http://rdfs.org/sioc/spec/"><abbr title="Semantically-Interlinked Online Communities">SIOC</abbr> Core Ontology Specification 2010</a>&#160;<a href="#fnref:Berrueta 2010" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> <li id="fn:Berners-Lee 2009"> <p>Berners-Lee, T. <a href="http://www.w3.org/wiki/WebAccessControl">WebAccessControl, 2009</a>&#160;<a href="#fnref:Berners-Lee 2009" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> <li id="fn:Stühmer et al. 2013"> <p>Stühmer, R.; Verginadis, Y.; Alshabani, I.; Morsellino, T. &amp; Aversa, A. <a href="http://hal.inria.fr/docs/00/91/63/86/PDF/paper_CR_v1.1.pdf">PLAY: Semantics-based Event Marketplace 14th IFIP Working Conference on Virtual Enterprise -- Special Session on Event-Driven Collaborative Networks (2013)</a>&#160;<a href="#fnref:Stühmer et al. 2013" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> </ol> </div> </div> </div> </div> <section class="field field-node--comment-node-article field-name-comment-node-article field-type-comment field-label-hidden comment-wrapper"> </section> <div class="field field-node--field-tags field-name-field-tags field-type-entity-reference field-label-inline clearfix"> <div class="field-label">Tags</div> <div class="field-items"> <div class="field-item"><a href="/tags/rdf" property="schema:about" hreflang="en">RDF</a></div> <div class="field-item"><a href="/tags/access-control" property="schema:about" hreflang="en">Access Control</a></div> <div class="field-item"><a href="/tags/web" property="schema:about" hreflang="en">Web</a></div> <div class="field-item"><a href="/tags/semantic-web" property="schema:about" hreflang="en">Semantic Web</a></div> </div> </div> Thu, 02 Oct 2014 13:39:50 +0000 roland.stuehmer 42 at http://www.roland-stuehmer.de/drupal-8 Real-time Web http://www.roland-stuehmer.de/content/real-time-web <span property="schema:name" class="field field-node--title field-name-title field-type-string field-label-hidden">Real-time Web</span> <span rel="schema:author" class="field field-node--uid field-name-uid field-type-entity-reference field-label-hidden"><a title="View user profile." href="/users/rolandstuehmer" lang="" about="/users/rolandstuehmer" typeof="schema:Person" property="schema:name" datatype="" class="username">roland.stuehmer</a></span> <span property="schema:dateCreated" content="2014-10-02T13:08:35+00:00" class="field field-node--created field-name-created field-type-created field-label-hidden">Thu, 10/02/2014 - 15:08</span> <div property="schema:text" class="clearfix field field-node--body field-name-body field-type-text-with-summary field-label-hidden"> <div class="field-items"> <div property="schema:text" class="field-item"><p>Behind the idea of the <strong>Real-time Web</strong> is the motivation of the Web being situation-aware and in real-time. This idea was developed as a <em>grand challenge</em> <sup id="fnref:Chandy et al. 2011"><a href="#fn:Chandy et al. 2011" class="footnote-ref">1</a></sup> for the field of event processing. The purpose of this challenge is "to identify a single, though broad challenge that impacts society and at the same time measures the progress of research" <sup id="fnref2:Chandy et al. 2011"><a href="#fn:Chandy et al. 2011" class="footnote-ref">1</a></sup>. The challenge is to create a decentralized, global, Internet-like infrastructure, built upon widely-accepted open standards <sup id="fnref3:Chandy et al. 2011"><a href="#fn:Chandy et al. 2011" class="footnote-ref">1</a></sup>.</p> <p>There are a number of terms (synonyms) given for a Web which is situation-aware. Examples are <strong>Real-time Web</strong> <sup id="fnref:Fromm 2009"><a href="#fn:Fromm 2009" class="footnote-ref">2</a></sup>, <strong>Web of Events</strong> <sup id="fnref:Jain 2007"><a href="#fn:Jain 2007" class="footnote-ref">3</a></sup>, <strong>Active Web</strong> <sup id="fnref:Ostrowski 2007"><a href="#fn:Ostrowski 2007" class="footnote-ref">4</a></sup>, <strong>Reactive Web</strong><sup id="fnref:Bry and Eckert 2006"><a href="#fn:Bry and Eckert 2006" class="footnote-ref">5</a></sup> and <strong>Event Processing Fabric</strong> <sup id="fnref4:Chandy et al. 2011"><a href="#fn:Chandy et al. 2011" class="footnote-ref">1</a></sup>.</p> <p>They have in common that data must be exchanged quickly after it is created. Moreover, Fromm <sup id="fnref2:Fromm 2009"><a href="#fn:Fromm 2009" class="footnote-ref">2</a></sup> states that the Real-time Web (i) is a new form of communication which (ii) creates a new body of content, (iii) is real-time, (iv) is public and has an explicit social graph associated with it and (v) carries an implicit model of federation. Indeed, this work makes a contribution to the Real-time Web by enabling a new form of communication using event processing, working in real-time and supporting federated data-creation and consumption.</p> <p>There are many technological developments on the Web today which can create a lot of events and thus support a Real-time Web. Such events are delivered in a push fashion as opposed to the traditional client--server Web of request and response. For one, there is the <a href="http://www.w3.org/2010/06/notification-charter"><abbr title="World Wide Web Consortium">W3C</abbr> Web Notification Working Group</a> which is working on push notifications to actively notify running Web applications. Additionally, HTML5 defines two techniques to facilitate communication initiated by the server. These techniques are <a href="http://www.w3.org/TR/eventsource/">Server-Sent Events</a> and <a href="http://www.w3.org/TR/websockets/">WebSockets</a>. They operate at different layers of the protocol stack to achieve push delivery to Web clients. Another approach to push-data on the Web is the Google <a href="http://code.google.com/p/pubsubhubbub/">PubSubHubbub</a> protocol to enable mainly server-to-server notifications. It is designed to avoid inefficient polling of news feeds in Atom or <abbr title="Rich Site Summary">RSS</abbr>. Lastly, the Facebook Graph <abbr title="application programming interface">API</abbr> provides an application-specific way to subscribe to <a href="https://developers.facebook.com/docs/graph-api/real-time-updates">Facebook real-time updates</a> from changes to connected people's profiles.</p> <div class="footnotes"> <hr /> <ol> <li id="fn:Chandy et al. 2011"> <p>Chandy, K. M.; Etzion, O. &amp; von Ammon, R. (Eds.) 10201 Executive Summary and Manifesto -- Event Processing Event Processing, Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany, 2011&#160;<a href="#fnref:Chandy et al. 2011" class="footnote-backref">&#8617;&#xFE0E;</a> <a href="#fnref2:Chandy et al. 2011" class="footnote-backref">&#8617;&#xFE0E;</a> <a href="#fnref3:Chandy et al. 2011" class="footnote-backref">&#8617;&#xFE0E;</a> <a href="#fnref4:Chandy et al. 2011" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> <li id="fn:Fromm 2009"> <p>Fromm, K. <a href="http://readwrite.com/2009/08/29/the_real-time_web_a_primer_part_1">The Real-Time Web: A Primer, 2009</a>&#160;<a href="#fnref:Fromm 2009" class="footnote-backref">&#8617;&#xFE0E;</a> <a href="#fnref2:Fromm 2009" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> <li id="fn:Jain 2007"> <p>Jain, R. Toward EventWeb IEEE Distributed Systems Online, IEEE Computer Society, 2007, 8&#160;<a href="#fnref:Jain 2007" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> <li id="fn:Ostrowski 2007"> <p>Ostrowski, K.; Birman, K. &amp; Dolev, D. Live Distributed Objects: Enabling the Active Web IEEE Internet Computing, IEEE Educational Activities Department, 2007, 11, 72-78&#160;<a href="#fnref:Ostrowski 2007" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> <li id="fn:Bry and Eckert 2006"> <p>Bry, F. &amp; Eckert, M. Twelve theses on reactive rules for the web Proceedings of the Workshop on Reactivity on the Web, Munich, Germany, Springer, 2006&#160;<a href="#fnref:Bry and Eckert 2006" class="footnote-backref">&#8617;&#xFE0E;</a></p> </li> </ol> </div> </div> </div> </div> <section class="field field-node--comment-node-article field-name-comment-node-article field-type-comment field-label-hidden comment-wrapper"> </section> <div class="field field-node--field-tags field-name-field-tags field-type-entity-reference field-label-inline clearfix"> <div class="field-label">Tags</div> <div class="field-items"> <div class="field-item"><a href="/tags/web" property="schema:about" hreflang="en">Web</a></div> <div class="field-item"><a href="/tags/real-time-web" property="schema:about" hreflang="en">Real-time Web</a></div> </div> </div> Thu, 02 Oct 2014 13:08:35 +0000 roland.stuehmer 41 at http://www.roland-stuehmer.de/drupal-8