I think we need
the Agent, Group, Organization and Person definitions in HOWL, although any
given Context may not choose or need to have instances of them or subclass of
any of them.
They are
necessary to be able to express the semantics we need for access control (esp. RBAC).
For example to be able to say things like “any context/IdAS consumer that is
authenticated as a Node that is a member of the “administrator” Group (or any
sub-group) can edit the employNumber attribute of any Node instance in this
Context”. Groups and the “memberOf” links between a Node and a Group (or a Group
and a containing Group) provide the necessary semantics to support this.
-Paul
From: higgins-dev-bounces@xxxxxxxxxxx [mailto:higgins-dev-bounces@xxxxxxxxxxx] On Behalf Of Jim Sermersheim
Sent: Friday, February 22, 2008
9:08 AM
To: 'Higgins
(Trust Framework) Project developer discussions'
Subject: Re: [higgins-dev]
Proposed update to higgins.owl (aka HOWL)
Why
do we want to define specific node types in the core data model (higgins.owl)? Persons,
Groups, and Organizations may not be at all represented in some Contexts. It
seems like these belong in other optional/auxiliary owl specifications.
>>> "Paul Trevithick"
<paul@xxxxxxxxxxxxxxxxx>
02/20/08 4:43 PM >>>
Attached is a proposed update to higgins.owl along with two
example files. I’m keeping this out of the SVN until the 1.0.0 branch is done.
The changes are summarized here: http://wiki.eclipse.org/HOWL_Update.
Other than endless refactoring to align what we’re doing with best practices
and other standards related to RDF, it includes experimental support for a
proposed simple access control policy _expression_.
I have also attached a sample test person.owl ontology that a
CP might use, and an example of simple instance data here: person-example.owl.
[Sergey this is the update that I mentioned I was working on
today]