Notice: This Wiki is now read only and edits are no longer possible. Please see: https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/wikis/Wiki-shutdown-plan for the plan.
HOWL Update 1.1.104
{{#eclipseproject:technology.higgins}}
Version 1.1.104
- This page describes changes made from version HOWL Update 1.1.103
Changes
- On the higgins call of July 3rd 2008 it was agreed that we should drop the experimental "managedBy" approach introduced in 1.1.103 in favor of a "recursive" approach where we simply use PolicyEntities to control access to PolicyEntities
- managedBy attribute has been deleted
- On Access Control in IdAS page we agreed to define a Policy class and an AccessControl subclass of Policy. This has now been done.
- Added higgins:part attribute (and its inverse higgins:partOf)
- Added higgins:member to be the inverse of the existing higgins:memberOf
- Added a groupSubject sub-Attribute of higgins:subject
- The attribute's value must be a higgins:Group and the subject is any member of the stated Group (or any sub-Group of that Group)
- Added a selfInstanceSubject sub-Attribute of higgins:subject.
- If the current IdAS consumer exists as an EntityId E within this Context AND if E is an instance of the range of this property, then the subject of the Policy is E.
- Added a onAttribute sub-attribute of higgins:accessControl
- If present on an Access Control Policy the policy is restricted to apply only to the type of attribute indicated by the range of this relation within the Entity or set of Entities indiated by this Policy's :operation relation.
RDF/XML Snapshot
<?xml version="1.0"?> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:xsd="http://www.w3.org/2001/XMLSchema#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" xmlns:owl="http://www.w3.org/2002/07/owl#" xmlns:skos="http://www.w3.org/2004/02/skos/core#" xmlns:owl11="http://www.w3.org/2006/12/owl11#" xmlns:higgins="http://www.eclipse.org/higgins/ontologies/2008/6/higgins#" xml:base="http://www.eclipse.org/higgins/ontologies/2008/6/higgins"> <owl:Ontology rdf:about=""> <owl:versionInfo>1.1.104</owl:versionInfo> <rdfs:label>Higgins Ontology</rdfs:label> <rdfs:comment>Higgins Context Provider developers must commit to this ontology. They can either use it as their only ontology, or create their own ontology that imports this one.</rdfs:comment> </owl:Ontology> <owl:Class rdf:ID="TimeSpan"> <rdfs:comment xml:lang="en">A duration of time</rdfs:comment> <rdfs:subClassOf> <owl:Restriction> <owl:maxCardinality>1</owl:maxCardinality> <owl:onProperty> <owl:DatatypeProperty rdf:ID="validFrom"/> </owl:onProperty> </owl:Restriction> </rdfs:subClassOf> <rdfs:subClassOf> <owl:Restriction> <owl:maxCardinality>1</owl:maxCardinality> <owl:onProperty> <owl:DatatypeProperty rdf:ID="validTo"/> </owl:onProperty> </owl:Restriction> </rdfs:subClassOf> <rdfs:label xml:lang="en">Time span</rdfs:label> </owl:Class> <owl:Class rdf:ID="Entity"> <rdfs:comment xml:lang="en">Object within a Context</rdfs:comment> <rdfs:label xml:lang="en">Higgins Entity</rdfs:label> <rdfs:subClassOf rdf:resource="http://www.w3.org/2002/07/owl#Thing"/> <rdfs:subClassOf> <owl:Restriction> <owl:onProperty> <owl:DatatypeProperty rdf:ID="entityId"/> </owl:onProperty> <owl:maxCardinality rdf:datatype="http://www.w3.org/2001/XMLSchema#int" >1</owl:maxCardinality> </owl:Restriction> </rdfs:subClassOf> </owl:Class> <owl:Class rdf:ID="Context"> <rdfs:comment xml:lang="en">A singleton object that is part of the set of data objects contained within a context, and represents the containing Context itself.</rdfs:comment> <rdfs:subClassOf rdf:resource="http://www.w3.org/2002/07/owl#Thing"/> <rdfs:subClassOf> <owl:Restriction> <owl:onProperty> <owl:DatatypeProperty rdf:ID="contextId"/> </owl:onProperty> <owl:cardinality rdf:datatype="http://www.w3.org/2001/XMLSchema#int" >1</owl:cardinality> </owl:Restriction> </rdfs:subClassOf> <rdfs:label xml:lang="en">Context</rdfs:label> </owl:Class> <owl:Class rdf:about="http://www.w3.org/1999/02/22-rdf-syntax-ns#Statement"/> <owl:Class rdf:ID="AccessControl"> <rdfs:comment rdf:datatype="http://www.w3.org/2001/XMLSchema#string" >Policy related to Access Control and data sharing</rdfs:comment> <rdfs:label xml:lang="en">Access control</rdfs:label> <rdfs:subClassOf> <owl:Class rdf:ID="Policy"/> </rdfs:subClassOf> </owl:Class> <owl:Class rdf:ID="Agent"> <rdfs:label xml:lang="en">Agent</rdfs:label> <rdfs:comment xml:lang="en">An agent (eg. person, group, software or physical artifact).</rdfs:comment> <rdfs:subClassOf rdf:resource="#Entity"/> </owl:Class> <owl:Class rdf:ID="Person"> <rdfs:label xml:lang="en">Person</rdfs:label> <rdfs:comment xml:lang="en">A contextualized aspect of a person.</rdfs:comment> <rdfs:subClassOf rdf:resource="#Agent"/> </owl:Class> <owl:Class rdf:ID="Group"> <rdfs:label xml:lang="en">Group</rdfs:label> <rdfs:comment xml:lang="en">A class of Agents.</rdfs:comment> <rdfs:subClassOf rdf:resource="#Agent"/> </owl:Class> <owl:Class rdf:ID="Organization"> <rdfs:label xml:lang="en">Organization</rdfs:label> <rdfs:comment xml:lang="en">An organization.</rdfs:comment> <rdfs:subClassOf rdf:resource="#Agent"/> </owl:Class> <owl:Class rdf:ID="Statement"> <rdfs:comment xml:lang="en">A reification of an Entity-attribute-value triple</rdfs:comment> <rdfs:subClassOf> <owl:Restriction> <owl:maxCardinality>1</owl:maxCardinality> <owl:onProperty> <owl:DatatypeProperty rdf:ID="lastVerifyAttempt"/> </owl:onProperty> </owl:Restriction> </rdfs:subClassOf> <rdfs:subClassOf> <owl:Restriction> <owl:maxCardinality>1</owl:maxCardinality> <owl:onProperty> <owl:DatatypeProperty rdf:ID="lastModified"/> </owl:onProperty> </owl:Restriction> </rdfs:subClassOf> <rdfs:subClassOf> <owl:Restriction> <owl:maxCardinality>1</owl:maxCardinality> <owl:onProperty> <owl:DatatypeProperty rdf:ID="lastVerifiedFromSource"/> </owl:onProperty> </owl:Restriction> </rdfs:subClassOf> <rdfs:subClassOf> <owl:Restriction> <owl:onProperty> <owl:DatatypeProperty rdf:ID="authority"/> </owl:onProperty> <owl:maxCardinality rdf:datatype="http://www.w3.org/2001/XMLSchema#int" >1</owl:maxCardinality> </owl:Restriction> </rdfs:subClassOf> <rdfs:label xml:lang="en">Higgins Statement</rdfs:label> </owl:Class> <owl:Class rdf:about="#Policy"> <rdfs:subClassOf rdf:resource="#Entity"/> <rdfs:label rdf:datatype="http://www.w3.org/2001/XMLSchema#string" >Access Control Policy</rdfs:label> </owl:Class> <owl:ObjectProperty rdf:ID="groupSubject"> <rdfs:label rdf:datatype="http://www.w3.org/2001/XMLSchema#string" >group subject</rdfs:label> <rdfs:subPropertyOf> <owl:ObjectProperty rdf:ID="subject"/> </rdfs:subPropertyOf> <rdfs:comment rdf:datatype="http://www.w3.org/2001/XMLSchema#string" >Relation indicates what Agents are the subject of the Policy by specifying a Group or super-Group, iteratively, the Agents are a member of. {@en|</rdfs:comment> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="entityRelation"> <rdfs:range rdf:resource="#Entity"/> <rdfs:comment xml:lang="en">A directed relation of an unspecified nature between two Entities.</rdfs:comment> <rdfs:label xml:lang="en">Entity Relation</rdfs:label> <rdfs:domain rdf:resource="#Entity"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="timeSpan"> <rdfs:label xml:lang="en">time span</rdfs:label> <rdfs:range rdf:resource="#TimeSpan"/> <rdfs:domain rdf:resource="#Entity"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="memberOf"> <owl:inverseOf> <owl:ObjectProperty rdf:ID="member"/> </owl:inverseOf> <rdfs:range rdf:resource="#Organization"/> <rdfs:comment xml:lang="en">The Group or Organization of which this Agent is a member.</rdfs:comment> <rdfs:domain rdf:resource="#Agent"/> <rdfs:range rdf:resource="#Group"/> <rdfs:label xml:lang="en">member of</rdfs:label> <rdfs:subPropertyOf> <owl:ObjectProperty rdf:ID="partOf"/> </rdfs:subPropertyOf> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="contextCorrelation"> <rdfs:comment rdf:datatype="http://www.w3.org/2001/XMLSchema#string" >A directed relation between two Contexts asserted to be representing the same underlying organization or group. (@en}</rdfs:comment> <rdfs:range rdf:resource="#Context"/> <rdfs:domain rdf:resource="#Context"/> <rdfs:label xml:lang="en">context correlation</rdfs:label> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="part"> <owl:inverseOf> <owl:ObjectProperty rdf:about="#partOf"/> </owl:inverseOf> <rdfs:label xml:lang="en">part</rdfs:label> <rdfs:subPropertyOf rdf:resource="#entityRelation"/> <rdfs:comment xml:lang="en">A relationship between an aggregated whole (the domain) and a part of that whole (the range)</rdfs:comment> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="modify"> <rdfs:comment xml:lang="en">If not further restricted by onAttribute properties, then instances of the class of Entity indicted by the range may be arbitrarily modified. If restricted, then some or all of the values of the kind(s) of properties/attribute(s) specified by onAttribute properties may be modified.</rdfs:comment> <rdfs:label xml:lang="en">Modify</rdfs:label> <rdfs:subPropertyOf> <owl:AnnotationProperty rdf:ID="operation"> <rdfs:comment xml:lang="en">Abstract operation on an Entity or a class of Entities. Range is an Entity instance or a class of Entities that define the scope of resource for this Access Control Policy. The scope may be further restricted by the addition of onAttribute properties to only specified Attributes of this Entity or class of Entities.</rdfs:comment> <rdfs:subPropertyOf> <owl:AnnotationProperty rdf:ID="accessControl"> <rdfs:domain rdf:resource="#AccessControl"/> <rdfs:label rdf:datatype="http://www.w3.org/2001/XMLSchema#string" >access control</rdfs:label> <rdfs:comment xml:lang="en">Abstract super-property</rdfs:comment> </owl:AnnotationProperty> </rdfs:subPropertyOf> <rdfs:label xml:lang="en">operation</rdfs:label> <rdfs:domain rdf:resource="#AccessControl"/> </owl:AnnotationProperty> </rdfs:subPropertyOf> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="selfInstanceSubject"> <rdfs:comment xml:lang="en">If the current IdAS consumer exists as an EntityId E within this Context AND if E is an instance of the range of this property, then the subject of this Policy is E.</rdfs:comment> <rdfs:subPropertyOf> <owl:ObjectProperty rdf:about="#subject"/> </rdfs:subPropertyOf> <rdfs:label xml:lang="en">self instance subject</rdfs:label> <rdfs:range rdf:resource="http://www.w3.org/2000/01/rdf-schema#Class"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="contextRelation"> <rdfs:label xml:lang="en">context relation</rdfs:label> <rdfs:range rdf:resource="#Context"/> <rdfs:domain rdf:resource="#Context"/> <rdfs:comment xml:lang="en">A directed relation between two Contexts</rdfs:comment> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="delete"> <rdfs:comment xml:lang="en">If not further restricted by onAttribute properties, then instances of the class of Entity indicted by the range may be deleted from the Context. If restricted, then some or all of the values of the kind(s) of properties/attribute(s) specified by onAttribute properties may be deleted.</rdfs:comment> <rdfs:label xml:lang="en">Delete</rdfs:label> <rdfs:subPropertyOf rdf:resource="#operation"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:about="#subject"> <rdfs:comment xml:lang="en">If present on an Access Control Policy the policy is restricted to apply only to this Attribute. {@en}</rdfs:comment> <rdfs:subPropertyOf rdf:resource="#accessControl"/> <rdfs:domain rdf:resource="#AccessControl"/> <rdfs:label xml:lang="en">subject</rdfs:label> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="add"> <rdfs:comment xml:lang="en">If not further restricted by onAttribute properties, then new instances of the class of Entity indicted by the range may be added to the Context. If restricted, then a new instance of the kinds of properties/attribute(s) specified by onAttribute may be added or new values added.</rdfs:comment> <rdfs:label xml:lang="en">Add</rdfs:label> <rdfs:subPropertyOf rdf:resource="#operation"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="read"> <rdfs:comment>If not further restricted by onAttribute properties, then instances of the class of Entity indicted by the range may be read. If restricted, then some or all of the values of the kind(s) of properties/attribute(s) specified by onAttribute properties may be read. {@en</rdfs:comment> <rdfs:label xml:lang="en">Read</rdfs:label> <rdfs:subPropertyOf rdf:resource="#operation"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:about="#partOf"> <rdfs:label xml:lang="en">part</rdfs:label> <rdfs:subPropertyOf rdf:resource="#entityRelation"/> <rdfs:comment xml:lang="en">A relationship between a part (the domain) and an agregated whole (the range)</rdfs:comment> </owl:ObjectProperty> <owl:ObjectProperty rdf:about="#member"> <rdfs:comment xml:lang="en">A relationship between a Group or Organization and its member Agent (the range)</rdfs:comment> <rdfs:range rdf:resource="#Agent"/> <rdfs:domain rdf:resource="#Group"/> <rdfs:label xml:lang="en">member</rdfs:label> <rdfs:subPropertyOf rdf:resource="#part"/> <rdfs:domain rdf:resource="#Organization"/> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="entityCorrelation"> <rdfs:label xml:lang="en">entity correlation</rdfs:label> <rdfs:domain rdf:resource="#Entity"/> <rdfs:range rdf:resource="#Entity"/> <rdfs:comment xml:lang="en">A directed relation between two Entities that are asserted to be representing the same person, group, object or concept</rdfs:comment> </owl:ObjectProperty> <owl:ObjectProperty rdf:ID="agentSubject"> <rdfs:label rdf:datatype="http://www.w3.org/2001/XMLSchema#string" >agent subject</rdfs:label> <rdfs:range rdf:resource="#Agent"/> <rdfs:subPropertyOf rdf:resource="#subject"/> <rdfs:comment xml:lang="en">Relation indicates what Agent or class of Agents is the subject of the Policy.</rdfs:comment> </owl:ObjectProperty> <rdf:Property rdf:ID="category"> <rdfs:comment xml:lang="en">Indicates the skos:Concept category to which this Attribute belongs.</rdfs:comment> <rdfs:label xml:lang="en">category</rdfs:label> <rdfs:range rdf:resource="http://www.w3.org/2004/02/skos/core#Concept"/> <rdf:type rdf:resource="http://www.w3.org/2002/07/owl#AnnotationProperty"/> </rdf:Property> <owl:DatatypeProperty rdf:about="#contextId"> <rdfs:label xml:lang="en">context id</rdfs:label> <rdfs:range> <owl:DataRange rdf:ID="ContextUDI"> <owl11:onDataRange rdf:resource="http://www.w3.org/2001/XMLSchema#string"/> <rdfs:label xml:lang="en">context UDI</rdfs:label> <rdfs:comment xml:lang="en">Context UDI</rdfs:comment> </owl:DataRange> </rdfs:range> <rdfs:domain rdf:resource="#Context"/> <rdfs:comment xml:lang="en">Context Id. A required attribute of all Context objects. Value is a Context UDI string.</rdfs:comment> </owl:DatatypeProperty> <owl:DatatypeProperty rdf:about="#lastVerifiedFromSource"> <rdfs:comment xml:lang="en">The timestamp of the most recent time that this Statement was verified from data from its associated higgins:source.</rdfs:comment> <rdfs:label xml:lang="en">last verified from source</rdfs:label> <rdfs:domain rdf:resource="#Statement"/> <rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#date"/> </owl:DatatypeProperty> <owl:DatatypeProperty rdf:about="#lastModified"> <rdfs:comment xml:lang="en">The most recent modification date-time.</rdfs:comment> <rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#dateTime"/> <rdfs:domain rdf:resource="#Statement"/> <rdfs:label xml:lang="en">last modified</rdfs:label> </owl:DatatypeProperty> <owl:DatatypeProperty rdf:about="#authority"> <rdfs:range rdf:resource="#Agent"/> <rdfs:label xml:lang="en">authority</rdfs:label> <rdfs:domain rdf:resource="#Statement"/> <rdfs:comment xml:lang="en">The Agent that is the authority for this Statement.</rdfs:comment> </owl:DatatypeProperty> <owl:DatatypeProperty rdf:ID="creator"> <rdfs:comment xml:lang="en">Agent that made this statement.</rdfs:comment> <rdfs:label xml:lang="en">creator</rdfs:label> <rdfs:domain rdf:resource="#Statement"/> <rdfs:range rdf:resource="#Agent"/> </owl:DatatypeProperty> <owl:DatatypeProperty rdf:about="#validTo"> <rdfs:label xml:lang="en">to</rdfs:label> <rdfs:domain rdf:resource="#TimeSpan"/> <rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#date"/> </owl:DatatypeProperty> <owl:DatatypeProperty rdf:about="#lastVerifyAttempt"> <rdfs:comment xml:lang="en">The timestamp of the most recent unsuccessful attempt to verify this Statement against data in its source.</rdfs:comment> <rdfs:label xml:lang="en">last verify attempt</rdfs:label> <rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#date"/> <rdfs:domain rdf:resource="#Statement"/> </owl:DatatypeProperty> <owl:DatatypeProperty rdf:about="#validFrom"> <rdfs:label xml:lang="en">from</rdfs:label> <rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#date"/> <rdfs:domain rdf:resource="#TimeSpan"/> </owl:DatatypeProperty> <owl:DatatypeProperty rdf:about="#entityId"> <rdfs:range> <owl:DataRange rdf:ID="RelativeEntityUDI"> <rdfs:label xml:lang="en">relative entity UDI</rdfs:label> <rdfs:comment xml:lang="en">Relative Entity UDI</rdfs:comment> <owl11:onDataRange rdf:resource="http://www.w3.org/2001/XMLSchema#string"/> </owl:DataRange> </rdfs:range> <rdfs:comment rdf:datatype="http://www.w3.org/2001/XMLSchema#string" >Uniquely identifies this Entity within its containing Context. The identifier may be an Entity UDI or a string.</rdfs:comment> <rdfs:label xml:lang="en">entity id</rdfs:label> <rdfs:domain rdf:resource="#Entity"/> </owl:DatatypeProperty> <owl:DataRange rdf:ID="AbsoluteEntityUDI"> <rdfs:comment xml:lang="en">Absolute Entity UDI</rdfs:comment> <rdfs:label xml:lang="en">absolute entity UDI</rdfs:label> <owl11:onDataRange rdf:resource="http://www.w3.org/2001/XMLSchema#string"/> </owl:DataRange> <owl:AnnotationProperty rdf:ID="onAttribute"> <rdfs:comment xml:lang="en">If present on an Access Control Policy the policy is restricted to apply only to the type of property indicated by the range of this relation within the Entity or set of Entities indiated by this Policy's operation relation.</rdfs:comment> <rdfs:subPropertyOf rdf:resource="#accessControl"/> <rdfs:label xml:lang="en">on attribute</rdfs:label> </owl:AnnotationProperty> <owl:AnnotationProperty rdf:ID="displayOrder"> <rdfs:comment xml:lang="en">Used to aid in creating intuitive user interfaces. The UI displays sets of Attributes in an order determined by the relative order of the displayOrder of each individual Attribute.</rdfs:comment> <rdfs:label xml:lang="en">display order</rdfs:label> <rdfs:range rdf:resource="http://www.w3.org/2001/XMLSchema#positiveInteger"/> <rdf:type rdf:resource="http://www.w3.org/2000/01/rdf-schema#Property"/> </owl:AnnotationProperty> <owl:DataRange rdf:ID="RelativeAttributeUDI"> <rdfs:comment xml:lang="en">Relative attribute UDI</rdfs:comment> <rdfs:label xml:lang="en">relative attribute UDI</rdfs:label> <owl11:onDataRange rdf:resource="http://www.w3.org/2001/XMLSchema#string"/> </owl:DataRange> <owl:DataRange rdf:ID="AbsoluteAttributeUDI"> <owl11:onDataRange rdf:resource="http://www.w3.org/2001/XMLSchema#string"/> <rdfs:comment xml:lang="en">Absolute Attribute UDI</rdfs:comment> <rdfs:label xml:lang="en">absolute attribute UDI</rdfs:label> </owl:DataRange> </rdf:RDF>