# SSN Policy: No one can access SSN information from the database.
# As a result, no one may USE or RETRIEVE data tagged as SSN data.
# We include two separate policies: one for usage, and one for retrieval.

@prefix type: <http://dig.csail.mit.edu/2009/IARPA-PIR/generic#> .
@prefix air: <http://dig.csail.mit.edu/TAMI/2007/amord/air#> .
@prefix log: <http://www.w3.org/2000/10/swap/log#>.
@prefix s: <http://dig.csail.mit.edu/2009/IARPA-PIR/sparql#> .
@prefix : <http://dig.csail.mit.edu/2009/IARPA-PIR/ssn-policy#> .

@forAll :P, :Q, :T, :U, :V, :W.

# The USE policy.

:SSN-USE-Policy a air:Policy;
    air:label "SSN USE policy. For IARPA PIR project.";
    air:rule :SSN_USE_RULE1.

:SSN_USE_RULE1 a air:BeliefRule;
       air:label "SSN USE policy rule 1. Checks for query.";
       air:pattern {
	       :Q a s:SPARQLQuery;
           #  s:retrieve :P; - a query doesn't need to output anything in order
           #                 to USE something!
              s:clause :W.
       };
        air:description (:Q " is a query.");
        air:rule :SSN_USE_RULE2.

:SSN_USE_RULE2 a air:BeliefRule;
       air:label "SSN USE policy rule 2. Checks for use, i.e. filtering.";
       air:pattern {
              # :P s:var :V. - we don't need to bind to an output variable
              #                     in order to USE an SSN.
             :W s:triplePattern :T.
             :T log:includes { [] type:SSN :V }.
             :W s:triplePattern :U.
             :U log:includes { :V [] [] }.
        };
	   air:description ("The query, " :Q  ", includes a USE of an SSN in the pattern " :U ". The policy states that queries may not USE social security number data.");
       air:assert { :Q air:non-compliant-with :SSN-USE-Policy };
       air:alt [ air:assert { :Q air:compliant-with :SSN-USE-Policy } ].


# The RETRIEVE policy.

:SSN-RETRIEVE-Policy a air:Policy;
    air:label "SSN RETRIEVE policy. For IARPA PIR project";
    air:rule :SSN_RETRIEVE_RULE1.

:SSN_RETRIEVE_RULE1 a air:BeliefRule;
       air:label "SSN RETRIEVE policy rule 1. Checks for query.";
       air:pattern {
	       :Q a s:SPARQLQuery;
           s:retrieve :P;
           s:clause :W.
       };
       air:description (:Q " is a query.");
       air:rule :SSN_RETRIEVE_RULE2.

:SSN_RETRIEVE_RULE2 a air:BeliefRule;
       air:label "SSN RETRIEVE policy rule 2. Checks for retrieval, i.e. output.";
       air:pattern {
             :P s:var :V.
             :W s:triplePattern :T.
             :T log:includes { [] type:SSN :V }.
        };
	   air:description ("The query, " :Q  ", will RETRIEVE SSN data in the pattern " :T ". The policy states that queries may not RETRIEVE social security number data.");
       air:assert { :Q air:non-compliant-with :SSN-RETRIEVE-Policy };
       air:alt [ air:assert { :Q air:compliant-with :SSN-RETRIEVE-Policy } ].


#ends