# run: cwm ex1domain.n3 ex1data.n3 ex1session.n3 rpo-rules.n3 rbac.n3 --think --filter="rbac.n3"
# session 1 for domain 1

@keywords a.

@prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix rbac:  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/rbac#> .
@prefix ex:  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/ex1domain#> .
@prefix data:  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/ex1data#> .
@prefix :  <http:/dig.csail.mit.edu/2007/rowlbac/approach1/ex1session#> .

# SSOD Resident owl:disjointWith Citizen.
# DSOD ActiveVisitor owl:disjointWith ActiveTemporaryResident.

# alice activates her citizen role
AliceCitizen a rbac:ActivateRole;
   rbac:subject data:Alice;
   rbac:object ex:Citizen.

# can Alicevote ? yes, all citizens can vote
AliceVote a data:Vote; rbac:subject data:Alice.


# bob activates his visitor role and temporaryresident
# dsod
BobVisitor a rbac:ActivateRole;
   rbac:subject data:Bob;
   rbac:object ex:Visitor.
BobTempResident a rbac:ActivateRole;
   rbac:subject data:Bob;
   rbac:object ex:TemporaryResident.

# can Bob work ? yes, businessvisa lets him
BobWork a data:Work; rbac:subject data:Work.

# bob activates citizen role
# fails, it is not one of his possible roles
BobVisitor a rbac:ActivateRole;
   rbac:subject data:Bob;
   rbac:object ex:Citizen.

#ends