# data for example domain 1

@keywords a.

@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix rbac:  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/rbac#> .
@prefix ex:  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/ex1domain#> .
@prefix :  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/ex1data#> .

# possible roles 
#Mary a ex:USPerson, ex:Citizen.
#Karen a ex:Citizen, ex:PermanentResident. # violation: static separation of duty
#John a ex:PermanentResident, ex:Visitor. # violation: dynamic separation of duty if activated together

Alice a ex:Citizen, ex:PermanentResident. # violation: static separation of duty
Bob a ex:Visitor, ex:TemporaryResident. # violation: dynamic separation of duty if activated together

# some actions in domain 1

Vote a rbac:Action.
Drive a rbac:Action.
Work a rbac:Action.

# permissions 

# only citizens have the permission to vote
PermittedVoteAction a rdfs:Class;
   rdfs:subClassOf rbac:PermittedAction;
   owl:equivalentClass [
      a owl:Class;
      owl:intersectionOf
        (  Vote
             [ a owl:Restriction;
               owl:allValuesFrom ex:ActiveCitizen;
               owl:onProperty rbac:subject
             ]
         )
    ] .

# only citizens have the permission to vote
PermittedWorkAction a rdfs:Class;
   rdfs:subClassOf rbac:PermittedAction;
   owl:equivalentClass [
      a owl:Class;
      owl:intersectionOf
        (  Work 
             [ a owl:Restriction;
               owl:allValuesFrom ex:ActiveBusinessVisaHolder;
               owl:onProperty rbac:subject
             ]
         )
    ] .

# all USPersons have the permission to drive
PermittedDriveAction a rdfs:Class;
   rdfs:subClassOf rbac:PermittedAction;
   owl:equivalentClass [
      a owl:Class;
      owl:intersectionOf
        (  Drive
             [ a owl:Restriction;
               owl:allValuesFrom ex:ActiveUSPerson;
               owl:onProperty rbac:subject
             ]
         )
    ] .

# ends