Folks,
On 2010 Sep 22, at 14:38, Kevin Ashley wrote:
> Chris Rusbridge wrote:
>> [Apologies for cross-posting.]
>> I'm looking for some more help. I'm hoping that at the very least the discipline of writing down my concern will help me understand it better, and at best you guys might have a solution.
>> Let's imagine an institutional data repository (which I guess could be a set of
>> [...]
> This is an issue which we had to deal with in some depth at NDAD
> (http://ndad.ulcc.ac.uk/ for those who aren't familiar with it)
> We implemented a workable but rather application-specific solution
> and designed an architecture for something more general, but only partly
> implemented the latter. And I later realised that the advent of FoI
> meant that we should have capture more metadata about why, as well
>> as what.
> [...]
About a year ago, I had a project called AGAST, funded within the JISC e-infrastructure programme
http://www.nesc.gla.ac.uk/projects/agast/
http://www.jisc.ac.uk/whatwedo/programmes/einfrastructure/agast.aspx
The point of that was to look at the ways you could use ontologies to implement potentially very complicated access-control logic. We produced working software, which (in our application extracted access control information from X.509 certificates), and illustrated it being integrated into a couple of pieces of client software. There's a (not completely satisfactory) description of the result at doi:10.3233/978-1-60750-027-8-201
The problem being addressed is that the access-control systems I'm aware of are hard to use (in my perception) because they rely on a lot of if-then reasoning which humans aren't particularly good at, and which is therefore rather painful to develop
The idea of AGAST is that you develop an ontology of your data -- which could potentially be based on a formalised version of the model you might have already for OAIS purposes, say. In that, you say things like "a Page is partOf a Document", or you create the concepts of PublicRecordsClosure or FixedPeriodClosure, which are both types of ClosedRecord, then you merely (!) have to ask questions like "is person X provably in the category of PeopleWhoCanSeeClosedRecords or something like that.
The thing I think is important is that, however arcane the term 'ontology' is (it does seem to freak folk out), the ontology of your archive probably already exists in some whiteboard diagram, or in your head, in such a way that it's relatively easy to translate it into an ontology, which (I assert) is almost immediately usable as an access control specification.
The software to do the heavy lifting, there, already exists, and so AGAST was just a repurposing project, aiming to show (I think successfully) how you wrap this in service layers to make it easy to integrate into a system.
I need little encouragement to talk more about this! Does this look like it matches the sitations being addressed here?
Best wishes,
Norman
--
Norman Gray : http://nxg.me.uk
|