-
Notifications
You must be signed in to change notification settings - Fork 0
/
oc-acl.ttl
162 lines (129 loc) · 6.18 KB
/
oc-acl.ttl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
@prefix : <http://voc.orchestracities.io/oc-acl#> .
@prefix dc: <http://purl.org/dc/elements/1.1/> .
@prefix acl: <http://www.w3.org/ns/auth/acl#> .
@prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix xml: <http://www.w3.org/XML/1998/namespace> .
@prefix xsd: <http://www.w3.org/2001/XMLSchema#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .
@prefix odrl: <http://www.w3.org/ns/odrl/2/> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix dpv: <http://w3id.org/dpv/dpv-skos#> .
@prefix gen: <http://www.w3.org/2006/gen/ont#> .
@base <http://voc.orchestracities.io/oc-acl#> .
<>
dc:title "Anubis Access Control vocabulary" ;
rdfs:comment "Extend W3C Web Access Control with custom definitions for Anubis. " ;
rdfs:seeAlso "https://anubis-pep.readthedocs.io/en/latest/" .
#################################################################
# Object Properties
#################################################################
### http://voc.orchestracities.io/oc-acl#constraint
:constraint a rdf:Property , owl:ObjectProperty ;
rdfs:domain acl:Authorization ;
rdfs:range [ a owl:Class ;
owl:unionOf ( odrl:Constraint
odrl:LogicalConstraint
)
] ;
rdfs:comment "The rules to be satisfied to access the resource" ;
rdfs:label "Has Constraint"@en .
### http://voc.orchestracities.io/oc-acl#attributeName
:attributeName a rdf:Property , owl:ObjectProperty ;
rdfs:domain :GenericLeftOperand ;
rdfs:range rdfs:Literal ;
rdfs:comment "The name of the attribute to which the operand is applied" ;
rdfs:label "Has Attribute Name"@en .
### http://voc.orchestracities.io/oc-acl#scope
:scope a rdf:Property , owl:ObjectProperty ;
rdfs:domain :GenericLeftOperand ;
rdfs:range :Scope ;
rdfs:comment "The scope of the operand (object or subject)" ;
rdfs:label "Has scope"@en .
### http://voc.orchestracities.io/oc-acl#protectedResource
:protectedResource a rdf:Property;
:comment "The information resource protected by the policy.";
:domain :DataProtection;
:label "protected resource";
:range gen:InformationResource .
### http://voc.orchestracities.io/oc-acl#protectedAttribute
:protectedAttribute a rdf:Property;
:comment "The fragment of information inside the resource protected by the policy.";
:domain :DataProtection;
:label "protected attribute";
:range gen:InformationResource .
### http://voc.orchestracities.io/oc-acl#protectionMode
:protectionMode a rdf:Property;
:comment "A mode of protection such at rest or in transit";
:domain :DataProtection;
:label "protection mode";
:range [ a owl:Class ;
owl:unionOf ( dpv:EncryptionInTransfer
dpv:EncryptionAtRest
)
] .
### http://voc.orchestracities.io/oc-acl#protectionTechnique
:protectionTechnique a rdf:Property;
:comment "The technique of protection such as Pseudo Anonymization";
:domain :DataProtection;
:label "protection technique";
:range [ a owl:Class ;
owl:unionOf ( dpv:DataAnonymisationTechnique
dpv:CryptographicMethods
)
] .
#################################################################
# Classes
#################################################################
### http://voc.orchestracities.io/oc-acl#DataProtection
:DataProtection a :Class;
:comment """An data protection policy, defining data protection techniques applied to a set of data attributes""";
:label "Data Protection" .
### http://voc.orchestracities.io/oc-acl#Delete
:Delete a rdfs:Class ;
rdfs:subClassOf acl:Access ,
acl:Write ;
rdfs:comment "Delete accesses are specific write access which only delete information." ;
rdfs:label "Delete"@en .
### http://voc.orchestracities.io/oc-acl#Decript
:Decrypt a rdfs:Class ;
rdfs:subClassOf acl:Access ,
acl:Read ;
rdfs:comment "allow to read and decrypt values (if encrypted)." ;
rdfs:label "Decrypt"@en .
### http://voc.orchestracities.io/oc-acl#ResourceTenantAgent
:ResourceTenantAgent a rdfs:Class ;
rdfs:subClassOf acl:AuthenticatedAgent ,
foaf:Agent ;
rdfs:comment """A class of agents who have been authenticated and that belongs
to the same Tenant to which the resource requested belongs.
In other words, anyone who belong to the same Tenant as the resource can access
this resource, but not anonymously.
""" ;
rdfs:label "Resource Tenant Agent"@en .
### http://voc.orchestracities.io/oc-acl#GenericLeftOperand
:GenericLeftOperand a rdfs:Class , owl:Class ;
rdfs:subClassOf odrl:LeftOperand ;
rdfs:comment """A left operand that allows to define the scope
of the operand, and the attribute to which the operand apply
""" ;
rdfs:label "Generic Left Operand"@en .
### http://voc.orchestracities.io/oc-acl#Scope
:Scope a rdfs:Class , owl:Class ;
rdfs:comment """The scope of a left operand""" ;
rdfs:label "Scope"@en .
#################################################################
# Individuals
#################################################################
### http://voc.orchestracities.io/oc-acl#subject
:subject a owl:NamedIndividual , :Scope ;
rdfs:label "Subject"@en .
### http://voc.orchestracities.io/oc-acl#object
:object a owl:NamedIndividual , :Scope ;
rdfs:label "Object"@en .
#################################################################
# Annotations
#################################################################
<https://anubis-pep.readthedocs.org/> dc:describes <> .
<https://github.com/orchestracities/anubis-vocabulary> dc:describes <> .
### Generated by the OWL API (version 4.5.9.2019-02-01T07:24:44Z) https://github.com/owlcs/owlapi