Re: [Tracker] Assigning URIs to Resources

From: אנטולי קרס נר <tombackton gmail com>
To: Ivan Frade <ivan frade gmail com>
Cc: Tracker mailing list <tracker-list gnome org>
Subject: Re: [Tracker] Assigning URIs to Resources
Date: Fri, 31 May 2013 13:05:38 +0300

Hello Ivan,

I read your response, thanks for your help. But a new question arises
from your words:

I haven't started working on the Semantic Desktop integration yet, but I
think there may be a privacy problem here: Imagine a user has a private
todo list (for example, "TODO buy condoms" or something like that), and
it's stored in Tracker's database. Then any program aware of the
ontology I use for tasks, can easily fetch the task and publish it on
the web.

This is true for many other kinds of data, including plain text, but
when all the metadata and short data is stored in one central semantic
database, it may be necessary for some apps to be able to stored
encrypted data. For example, some diary apps allow specifying a
password. Back-up tools do that too. Archive formats can be encrypted
too.

So the question is: If I use Tracker on Gnome 3 as a database for my
app, e.g. to store tasks, including very private ones, is there a way to
store them encrypted in such a way that only apps which are given
permissions from the user (e.g. by having the user give them the
password) can understand the data?

This problem is not mentioned when talking about Semantic Web, but when
it comes to Semantic Desktop, it's natural to hide your resources unless
some of the are specifically public.

Note: Maybe SELinux can help with that, but I don't think it can block
partial access to Tracker (just block entirely, which is not what I
want), and anyway SELinux is currently not even enabled on many distros
(although it does exist on them, as part of the kernel).

Anatoly


On ה', 2013-05-30 at 15:23 -0700, Ivan Frade wrote:

Hi Anatoly





On Thu, May 30, 2013 at 6:52 AM, אנטולי קרסנר <tombackton gmail com>
wrote:
        Hello,
        
        
        My program consists of two parts:
        
        1) On the lower level, an RDF schema is defined. It's a
        standard set of
        classes and properties, possible extended by users who want
        more options
        (using a definition language translated to RDF).
        
        2) On the high level, the user defines resources using those
        classes and
        properties. 
        
        
        There's no problem with the lower level, because the data
        model is
        public: Even if a user decides to add new content, she's very
        welcome to
        share it and make other people's apps have more features. 


Yes and no. Adding classes and properties is easy but the
removal/renaming is complicated:


App A installs ClassA, subclass of CoreA

App B installs PropertyB to ClassA

What happens if App A wants to change its classes? Rename ClassA to
ClassA2?


Now we uninstall app A. What do we do with its schema? 


Add here changing properties domain or cardinality...

 
 
        The problem is
        with the second part. In the higher level, the user defines
        tasks,
        meetings, appointments, plans and schedules. These may be
        private, and
        the user may prefer to to have any info in the URI revealing
        the source
        of the information.


Here are two things, security and URI schemes, and they are
independent.


RDF is just a graph with no permissions/security in it. The software
on top should take care of exposing only the right nodes and edges to
the client depending on its permissions. Not a trivial problem.

 

        
        So here are the questions I have on my mind:
        
        1) Which URI scheme should I use? I don't have a website or
        any web
        pages, so using http doesn't make sense. It also doesn't seem
        to make
        sense to use any other standard IANA-registered URI. I've been
        considering two options: Use some custom, my own, URI scheme
        name for
        public resources, and use a bare URN for private ones,
        something like
        this:
        urn : random_name_i_made_up : some_private_resource_uuid
        But I was wondering whether a custom URI scheme is a good
        decision, I'm
        open to hear ideas from you :)


The URI just needs to be a *unique* ID of a resource.


At least in Tracker terms, autogenerated or using your own schema
doesn't make any difference.




        
        2) How to hide the private resources? On one hand, it may be
        very useful
        for the URI to tell where a task came from, especially when
        tasks are
        shared and delegated between people. On the other hand, it
        doesn't
        consider privacy. Then I was thinking, can I/should I use two
        different
        URI styles depending on user settings? This would create some
        inconsistency. I'm not sure what to do here, since I don't
        have any
        experience with URIs. Hopefully you have some advice for me.

If you use the URI to detect privacy... any client who doesn't honor
your pattern will have access to everything.

As a rule of thumb, it is not good to encode information in the URL. 


Specifically in Tracker, there is no way to hide "some" resources.
There is a database per-user, and anything with user permissions can
read/write anything in the store of that user. In other words, either
you have access to the graph or you don't.



You could to store those private resources in some different db
(internal for your app)... ugly, but blame RDF :)



Regards,


Ivan

Follow-Ups:
- Re: [Tracker] Assigning URIs to Resources
  - From: Martyn Russell

References:
- [Tracker] Assigning URIs to Resources
  - From: אנטולי קרס נר
- Re: [Tracker] Assigning URIs to Resources
  - From: Ivan Frade

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]