Replies: 1 comment 8 replies
-
I believe that everyone supporting negation understands that and accepts that consequence.
Could you please provide example illustrating it? Preferably based on one of the use cases included in UCR draft. Otherwise extended version of one of those use cases or new use case if needed be. |
Beta Was this translation helpful? Give feedback.
-
We have use cases that require negation such as Block access to agents and ACP has constructs such as
noneOf
and anacp:deny
mode as discussed in the Teleconf on 28-April, which also require negation. This has quite dramatic implications for how reasoning can be handled.Let me explain.
Regular and Geometric Logic
It is important here to realize that first order logic comes in two complementary pieces:
This is shown very clearly in @epatters' "§8 Categorical Logic" chapter of the paper Knowledge Representation in Bicategories of Relations.
In the chapter 9 Patterson looks at what happens when a dual concept of disjunction is added to the category: this gives us coherent logic also known as geometric logic. One can find an nice explanation of how this ties in with computing on the web site Skolem Machines.
The advantage of Category Theory is that it helps bring out these fundamental symmetries and dualities, which can otherwise get lost in a sea of details. Once this duality is clearly understood another very good article to look at is the OWL 2 Profiles: An Introduction to Lightweight Ontology Languages paper, as that explains clearly why the OWL language fragments were chosen as they were. An import diagram is this one:
Where negation appears (in the antecedent or consequence of a rule is important here).
Relevance to Access Control
There are going to be many different ways this is relevant, but below are some initial thoughts.
WAC and regular logic
The current WAC spec is conceived within the framework of regular logic. This has a number of advantages, especially regarding efficiency of calculations. For if one does not have negation then, to find if some agent has access to a resource, it suffices to find a positive statement of that fact. So if we had an Access Control Resource (ACR) that :imports other ACRs then the Guard protecting access to the resource or the Guard protecting the divulging of credentials on the client, could stop at the first rule that gave access to the given resource. There would be no need to look further.
I think this fragment is covered by OWL2 Rule Language fragment of OWL which states:
ACP and geometric logic
As ACP is moving into the space where negation and disjunction are allowed, expressible in OWL as using concepts such as union, complementOf the search for a matching rule is going to be quite different.
First of all, it will be necessary to look at ALL the rules, even after having found a positive match, since a later rule could make a negative statement about the individual requesting access. Second I think one may also need to search not just for positive properties of the individual authenticating but for logical consequences of those properties, since some of those may exclude the user.
Todo
In any case it will be important for a Guard to know if the access control rules contain any such negative statements, as that will determine if it can stop on a positive answer or if it has to continue searching for negatives.
This should be visible to a client and server guard as quickly as possible on reaching the access control rules, so that it does not need to search through linked-to or imported acls if it does not need to.
What is the best way for this to be made visible?
Beta Was this translation helpful? Give feedback.
All reactions