# $Date: 2007-12-05 18:43:51 -0500 (Wed, 05 Dec 2007) $
# $Revision: 7762 $
# $Author: lkagal $

@prefix rdf:  <http://www.w3.org/1999/02/22-rdf-syntax-ns#> .
@prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> .
@prefix owl:  <http://www.w3.org/2002/07/owl#> .
@prefix foaf: <http://xmlns.com/foaf/0.1/> .

@prefix air: <http://dig.csail.mit.edu/TAMI/2007/amord/air#> .	
@prefix tami: <http://dig.csail.mit.edu/TAMI/2007/tami#> .

@prefix data: <http://dig.csail.mit.edu/data#> .

@prefix : <http://dig.csail.mit.edu/data#> .

:DecAccessPolicy a air:Policy;
   rdfs:label "Decentralized Access Control Policy";
   air:variable :REQ, :REQUESTER, :RESOURCE, :MEMBER, :MEMBERLIST;
   air:rule :DAP_1.

:DAP_1 a air:BeliefRule;
       rdfs:label "Decentralized Access Control Policy #1";
       air:pattern {
          :REQ a air:Request;
	     foaf:openid :REQUESTER;
	     air:resource :RESOURCE.
	  :DIG data:owns :RESOURCE.
       };
       air:description (:REQ " is a request made by a requester with openid, " :REQUESTER ", for DIG resource " :RESOURCE);
       air:rule :DAP_2, :DAP_3.

:DAP_2 a air:BeliefRule;
       rdfs:label "Decentralized Access Control Policy #2";
       air:pattern {
	  :DIG foaf:member :MEMBERLIST.
	  :MEMBER air:in :MEMBERLIST.
          :MEMBER a foaf:Person;
	     foaf:openid :REQUESTER.
           };
       air:description ("The requester with openid, " :REQUESTER ", is a DIG member");
       air:assert { :REQ air:compliant-with :DIGPolicy }.

:DAP_3 a air:BeliefRule;
       rdfs:label "Decentralized Access Control Policy #3";
       air:variable :MEMBER, :FOAF-REQ;
       air:pattern {
	  :MEMBER air:in :MEMBERLIST.
           :MEMBER foaf:knows :FOAF-REQ.
           :FOAF-REQ foaf:openid :REQUESTER.
       };
       air:description ("The requester with openid, " :REQUESTER ", is known to a DIG member, " :MEMBER);
       air:assert { :REQ air:compliant-with :DIGPolicy };
       air:alt [ air:rule :DAP_4 ].
      
:DAP_4 a air:BeliefRule;
       rdfs:label "Decentralized Access Control Policy #4";
       air:pattern { };
       air:description ("The requester with openid, " :REQUESTER ", is not permitted to access this resource, " :RESOURCE );
       air:assert { :REQ air:non-compliant-with :DIGPolicy }.

#ends