| content
| - Attribute-based Access Controls (ABAC) provide a more fine-grained mechanism for protecting resources (documents) on any network than the commonly used Role-based Access Controls (RBAC) alternative.
In regards to HTTP-based networks, ABAC are successfully created and exploited by harnessing the power of a Semantic Web i.e., use of human- and machine-readable logic woven into the resources (courtesy of RDF language) that manifest as the aformentioned Web variant.
You create and contribute to a Semantic Web by creating document content using RDF sentences that adhere to the following rules:
1. Identify everything (real or imagined) using a hyperlink (specifically, a HTTP URI)
2. Describe anything using RDF sentences where subjects and predicates are identified using hyperlinks while objects are identified using an HTTP URI or a Literal (typed or untyped).
**Note:**
Adding "#{some-indexical}" to an HTTP URL automagically turns a URL (a Document Location) into a URI where entity and entity description document a connected while also disambiguated i.e., the power of entity-name=>entity-description-document indirection is unleashed!!
Leveraging the above, here are three documents situated in different locations on the Web that describe a group labeled the "RWWCrew" :
* [RWWCrew Group Listing from one of my Solid Pods](https://kidehen3.solid.openlinksw.com:8444/public/rww-crew-group.ttl)
* [RWWCrew Group Listing from my Personal Data Space]([RWWCrew Group Listing from one of my Solid Pods](http://kingsley.idehen.net/DAV/home/kidehen/Public/Linked%20Data%20Documents/solid-apps/rww-crew-group.ttl))
* [RWWCrew Group Listing from my Personal Data Space (Plain Text File)]([RWWCrew Group Listing from one of my Solid Pods](http://kingsley.idehen.net/DAV/home/kidehen/Public/Linked%20Data%20Documents/solid-apps/rww-crew-group.txt))
Now that I have the Group Descriptions in place, I can also describe an Attribute-based Access Control (a/k/a WebACL in this context) along the following lines:
```
# ACL resource for the public folder
@prefix acl: <http://www.w3.org/ns/auth/acl#>.
@prefix foaf: <http://xmlns.com/foaf/0.1/>.
@prefix rww-group-acl: <rww-crew-group.ttl#> .
# The owner has all permissions
<#owner>
a acl:Authorization;
acl:agent <https://kidehen3.solid.openlinksw.com:8444/profile/card#me>;
acl:agent <https://id.myopenlink.net/DAV/home/KingsleyUyiIdehen/Public/kingsley.ttl#this>;
acl:accessTo <./>;
acl:defaultForNew <./>;
acl:mode acl:Read, acl:Write, acl:Control.
# The public has read permissions
<#public>
a acl:Authorization;
acl:agentClass foaf:Agent;
acl:accessTo <./>;
acl:defaultForNew <./>;
acl:mode acl:Read.
<#group>
a acl:Authorization;
acl:agentGroup rww-group-acl:RWWCrew ;
acl:accessTo <./>;
acl:defaultForNew <./>;
acl:mode acl:Read, acl:Write .
```
To finish this all off, I simply place the WebACL document content in a special file in the Data Space provided by Linked Data deployment platform (e.g., solid-sever or ODS-Briefcase or anything else that understands these fundamental principles).
|
![[cxml]](/fct/images/cxml_doc.png)
![[csv]](/fct/images/csv_doc.png)
RDF
![[text]](/fct/images/ntriples_doc.png)
![[turtle]](/fct/images/n3turtle_doc.png)
![[ld+json]](/fct/images/jsonld_doc.png)
![[rdf+json]](/fct/images/json_doc.png)
![[rdf+xml]](/fct/images/xml_doc.png)
ODATA
![[atom+xml]](/fct/images/atom_doc.png)
![[html]](/fct/images/html_doc.png)
About
![[RDF Data]](/fct/images/sw-rdf-blue.png)
