you're reading...
Linked Data

Web of Data Access Control Discovery via HTTP Link: header

Yesterday, TimBL talked about Distributed Social Networking Through Socially Aware Cloud Storage during the W3C Social Web XG meeting. I’m not going to discuss the huge potential strategic impact of this, but rather focus on a certain ‘technical’ detail that caught my attention. In his (related) design note Socially Aware Cloud Storage, he writes:

Access control files for a resource are discovered by a client using the HTTP link header.

Fair enough. So assuming we use the WebAccessControl vocabulary in an access control file (ACF) to restrict access to a resource on the Web. So, how exactly should the interaction take place? What should we use as a @rel-value for the HTTP Link: header? Does it make sense for the user agent (UA) to evaluate the ACF? Is the ACF discovery necessary at all?

Here is what I came up with so far:


Ah, btw, once this is sorted I’ll update the WACup demo with it …

UPDATE: As rightly pointed out by Melvin on #swig IRC channel, the use case for the discovery is to be able edit/change an ACF. See also the paper Using RDF Metadata To Enable Access Control on the Social Semantic Web by the DIG folks where they have proposed to use the rel=’meta’ value; I’ve hence corrected the above figure.

About woddiscovery

Web of Data researcher and practitioner


5 thoughts on “Web of Data Access Control Discovery via HTTP Link: header

  1. on the one hand it looks to me like you could just do the last request “foaf+ssl etc” and skip the rest with no difference at all; the only time it saves a request is when you have a redirect surely (saves the second request) for non-redirect resources it adds in an extra request/response?

    maybe i need to read the design-note etc for context!

    Posted by Nathan | 2010-03-05, 06:24
  2. P3P had a link header to discover a policy reference file that indicated the location of the privacy policy file. Now in access control, you wouldn’t need this extra indirection as ACL information is not privacy sensitive most of the time. So a link header can just point to a file like pointing to a css file. But is this really secure enough and what would be the difference to an .htaccess file in Apache?

    Posted by Rigo Wenning | 2010-03-21, 14:47
  3. more generally speaking, when and why does RDF show up in the HTTP Link header? it seems that on some level, whatever can be expressed in the Link header could also be expressed in RDF, so there must be some guidelines as to when RDF about a URI is exposed as a Link header when accessing that URI? has anybody looked into this as a general question? i would be very glad to get some pointers…

    Posted by Erik Wilde | 2010-05-01, 02:27
    • Erik,

      re: ‘it seems that on some level, whatever can be expressed in the Link header could also be expressed in RDF’

      I thought exactly the same thing, until I realised that images, videos, every kind of media type (that isn’t rdf) would need to be supported to, thus it must be abstracted out of RDF and in to a header.

      The other reason, is that if you had an ACL which gave somebody Write but not Control over a document, but specified the ACL in document, then that person could seize control of the doc simpy by changing the ACL statement, another reason why it needs to be outside of the document 🙂

      Posted by Nathan | 2010-06-17, 17:22


  1. Pingback: Search Engine Submission Service Scheme — GetMeTopRankings - 2010-03-21

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s


<span>%d</span> bloggers like this: