@prefix terms: .
@prefix XML: .
@prefix n: .
@prefix n0: <#>.
@prefix c: .
@prefix n1: .
<>
terms:created
"2018-09-14T17:00:13+00:00"^^XML:datetime;
terms:modified
"2018-09-14T17:00:13+00:00"^^XML:datetime;
terms:title
"Using Language & Logic to Drive Access Controls";
n:content
"""Attribute-based Access Controls (ABAC) provide a more fine-grained mechanism for protecting resources (documents) on any network than the commonly used Role-based Access Controls (RBAC) alternative.
In regards to HTTP-based networks, ABAC are successfully created and exploited by harnessing the power of a Semantic Web i.e., use of human- and machine-readable logic woven into the resources (courtesy of RDF language) that manifest as the aformentioned Web variant.
You create and contribute to a Semantic Web by creating document content using RDF sentences that adhere to the following rules:
1. Identify everything (real or imagined) using a hyperlink (specifically, a HTTP URI)
2. Describe anything using RDF sentences where subjects and predicates are identified using hyperlinks while objects are identified using an HTTP URI or a Literal (typed or untyped).
**Note:**
Adding "#{some-indexical}" to an HTTP URL automagically turns a URL (a Document Location) into a URI where entity and entity description document a connected while also disambiguated i.e., the power of entity-name=>entity-description-document indirection is unleashed!!
Leveraging the above, here are three documents situated in different locations on the Web that describe a group labeled the "RWWCrew" :
* [RWWCrew Group Listing from one of my Solid Pods](https://kidehen3.solid.openlinksw.com:8444/public/rww-crew-group.ttl)
* [RWWCrew Group Listing from my Personal Data Space]([RWWCrew Group Listing from one of my Solid Pods](http://kingsley.idehen.net/DAV/home/kidehen/Public/Linked%20Data%20Documents/solid-apps/rww-crew-group.ttl))
* [RWWCrew Group Listing from my Personal Data Space (Plain Text File)]([RWWCrew Group Listing from one of my Solid Pods](http://kingsley.idehen.net/DAV/home/kidehen/Public/Linked%20Data%20Documents/solid-apps/rww-crew-group.txt))
Now that I have the Group Descriptions in place, I can also describe an Attribute-based Access Control (a/k/a WebACL in this context) along the following lines:
```
# ACL resource for the public folder
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
@prefix rww-group-acl: <rww-crew-group.ttl#> .
# The owner has all permissions
<#owner>
a acl:Authorization;
acl:agent <https://kidehen3.solid.openlinksw.com:8444/profile/card#me>;
acl:agent <https://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this>;
acl:accessTo <./>;
acl:defaultForNew <./>;
acl:mode acl:Read, acl:Write, acl:Control.
# The public has read permissions
<#public>
a acl:Authorization;
acl:agentClass foaf:Agent;
acl:accessTo <./>;
acl:defaultForNew <./>;
acl:mode acl:Read.
<#group>
a acl:Authorization;
acl:agentGroup rww-group-acl:RWWCrew ;
acl:accessTo <./>;
acl:defaultForNew <./>;
acl:mode acl:Read, acl:Write .
```
To finish this all off, I simply place the WebACL document content in a special file in the Data Space provided by Linked Data deployment platform (e.g., solid-sever or ODS-Briefcase or anything else that understands these fundamental principles).
""";
n:has_creator
n0:author;
a n:Post.
n0:author
n:account_of
c:me;
n:avatar
;
a n:UserAccount;
n1:name
"Kingsley Idehen (kidehen2-844 solid grounded)".