Skip to content

Auth Ontology and Data

Auth Model (ontology)

The BDRC-auth ontology is served here : http://purl.bdrc.io/ontology/ext/auth.ttl and can be browsed here : http://purl.bdrc.io/ontology/ext/auth/. This ldspdi service is updated automatically each time a change occurs on any BDRC ontology, through a github webhook calling ldspdi /callbacks/github/owl-schema endpoint.

Auth Data

Bdrc-auth library creates the triples of its RDF model :

  • from various json responses it gets via several Auth extension API calls.
  • from the policies.ttl file of the BDRC bdrc-auth-policies github repo.

Auth data can be viewed at http://purl.bdrc.io/auth/details

1) from Auth0 platform

Auth0 data consist of Applications, Users, Groups, Roles and Permissions as defined and found on Auth0 platform. It is fetched from auth0 through the Auth0 Authorization Extension and produced Rdf triples like those:

Application:

<http://purl.bdrc.io/resource-auth/WQ1WD5fRtieraybXqT9zNU342YXBIwsS> a <http://purl.bdrc.io/ontology/ext/auth/Application> ; <http://www.w3.org/2000/01/rdf-schema#label> "LDS PDI" ; <http://purl.bdrc.io/ontology/ext/auth/appType> "regular_web" ; <http://purl.bdrc.io/ontology/ext/auth/desc> "Linked Data Service - Public Data Interface".

User

<http://purl.bdrc.io/resource-auth/103776618189565648628> a <http://purl.bdrc.io/ontology/ext/auth/User> ; <http://purl.bdrc.io/ontology/ext/auth/connection> "google-oauth2" ; <http://purl.bdrc.io/ontology/ext/auth/id> "google-oauth2|103776618189565648628" ; <http://purl.bdrc.io/ontology/ext/auth/isSocial> "true" ; <http://purl.bdrc.io/ontology/ext/auth/provider> "google-oauth2" ; <http://xmlns.com/foaf/0.1/mbox> "quai.ledrurollin@gmail.com" ; <http://xmlns.com/foaf/0.1/name> "Nicolas Berger" .

Group

<http://purl.bdrc.io/resource-auth/f0f95a54-56cf-4bce-bf9d-8d2df6779b60> a <http://purl.bdrc.io/ontology/ext/auth/Group> ;

<http://www.w3.org/2000/01/rdf-schema#label> "admin" ; <http://purl.bdrc.io/ontology/ext/auth/desc> "admin BDRC group" ;

<http://purl.bdrc.io/ontology/ext/auth/hasMember> <http://purl.bdrc.io/resource-auth/110316226482380068187> , <http://purl.bdrc.io/resource-auth/114635926879799654981> , <http://purl.bdrc.io/resource-auth/115151386535573478153> , <http://purl.bdrc.io/resource-auth/5b489b9e9aa9ae06e88e4359> ;

<http://purl.bdrc.io/ontology/ext/auth/hasRole> <http://purl.bdrc.io/resource-auth/11d392f2-4cc8-4e32-aeb1-4beaf067a82d> , <http://purl.bdrc.io/resource-auth/72858194-17ae-449f-99d2-1d99b669dd0f> , <http://purl.bdrc.io/resource-auth/7edbd29c-f4cc-43aa-819c-53e4aac0d7a5> , <http://purl.bdrc.io/resource-auth/d1739813-e745-4336-a9cb-a493ddac7f83> , <http://purl.bdrc.io/resource-auth/f918937d-e7b0-482d-b426-42c6b8436919> .

Role

<http://purl.bdrc.io/resource-auth/7edbd29c-f4cc-43aa-819c-53e4aac0d7a5> a <http://purl.bdrc.io/ontology/ext/auth/Role> ;

<http://www.w3.org/2000/01/rdf-schema#label> "ldsreadprivate" ; <http://purl.bdrc.io/ontology/ext/auth/appId> <http://purl.bdrc.io/resource-auth/WQ1WD5fRtieraybXqT9zNU342YXBIwsS> ; <http://purl.bdrc.io/ontology/ext/auth/appType> "client" ; <http://purl.bdrc.io/ontology/ext/auth/desc> "read private or restricted content";

<http://purl.bdrc.io/ontology/ext/auth/hasPermission> <http://purl.bdrc.io/resource-auth/0a5f7978-140b-4d73-90aa-61cd52f4440d> , <http://purl.bdrc.io/resource-auth/41b063fe-faf1-43b3-af64-7fbea2bf647f> .

Permission

<http://purl.bdrc.io/resource-auth/0a5f7978-140b-4d73-90aa-61cd52f4440d> a <http://purl.bdrc.io/ontology/ext/auth/Permission> ; <http://www.w3.org/2000/01/rdf-schema#label> "readonly" ; <http://purl.bdrc.io/ontology/ext/auth/appId> <http://purl.bdrc.io/resource-auth/WQ1WD5fRtieraybXqT9zNU342YXBIwsS> ; <http://purl.bdrc.io/ontology/ext/auth/desc> "basic read only permission" .

2) from BDRC github repo

The policies.ttl is read into the overall RDF Auth model

Policies are made of Endpoint and ResourceAccess rdf resources, as follows:

Endpoint example:

  adr:Edpa3 a aut:Endpoint ;> 
  aut:path "auth/rdf/admin" ;> 
  aut:forGroup adr:f0f95a54-56cf-4bce-bf9d-8d2df6779b60 ; 
  aut:appId adr:WQ1WD5fRtieraybXqT9zNU342YXBIwsS .

This indicates that the endpoint "auth/rdf/admin" of the application having the id "WQ1WD5fRtieraybXqT9zNU342YXBIwsS" is only accessible by the members of the group "adr:f0f95a54-56cf-4bce-bf9d-8d2df6779b60"

ResourceAccess example:

  adr:act2 a aut:ResourceAccess;
  aut:forPermission adr:6ffab1d6-0d53-46c4-851a-c18d033c2e19;
  aut:policy bdr:AccessRestrictedSealed.