#3: Data-driven authorisation prototype thinking

Refinements to design
Mindmap images

design/README.md

@@ -23,6 +23,12 @@ The approach of this phase is software engineering design and specification, pro
 - A description of a novel control, **symmetric unilateral access control**, is found in the [SUAC](./suac.md) document.
 - A design for traceability via audit logging is found in the [traceability](./traceability.md) document.
 
+## mindmap
+
+(Source: `./security design.mm`)
+
+![security design](./img/security%20design.svg)
+
 ## tooling notes
 
 ### PlantUML

design/statute.class.puml

@@ -12,6 +12,7 @@ package mld {
 class Statute <<extension point>> {
   statutoryClass : rdfs:Class [0..*]
   statutoryProperty : rdf:Property [0..*]
+  statutoryUpdateVerb: 'DELETE' | 'INSERT' [1..2]
 }
 note bottom
 Defines a scope of data requiring agreement.
@@ -26,6 +27,10 @@ note right of Statute::statutoryProperty
 A property is statutory if
 a statutoryProperty exists.
 end note
+note right of Statute::statutoryUpdateVerb
+Is agreement required on
+delete, insert or both?
+end note
 
 Statute o--> "*" AgreementCondition : sufficientCondition
 
@@ -52,8 +57,8 @@ end note
 rdfsStatute --> Statute : rdf:type
 
 object accessControlStatute {
-  statutoryClass : AccessControl
-  statutoryProperty : access
+  statutoryClass = AccessControl
+  statutoryProperty = access
 }
 note top
   Choice of access control

design/suac.md

@@ -134,7 +134,7 @@ Verifying authority is the same as for any other permission, as follows. For an
 
 Since access control by "whitelist" permissions may not suit all use-cases, the choice of approach is made through the `access` property of the domain itself. (Note that this requires the domain to be represented as a subject in the data; this is an open [topic of discussion](https://github.com/m-ld/m-ld-spec/discussions/75).)
 
-Document-level _read_ permission (see [condifentiality controls](./controls.md#confidentiality)) is assigned to a principal with a single permission subject which is affirmed to exist during clone recovery. See [§protocol](#protocol) for details, including the purpose and use of the domain `secret`.
+Document-level _read_ permission (see [confidentiality controls](./controls.md#confidentiality)) is assigned to a principal with a single permission subject which is affirmed to exist during clone recovery. See [§protocol](#protocol) for details, including the purpose and use of the domain `secret`.
 
 ### protocol
 

prototype/README.md

@@ -0,0 +1,11 @@
+# Security Prototype
+
+See [prototype milestone description](https://github.com/m-ld/m-ld-security-spec/issues/3).
+
+## milestone: Whole Domain Authorisation
+
+See delivered [Javascript Engine Pull Request](https://github.com/m-ld/m-ld-js/pull/85).
+
+## mindmap
+
+![security prototype](./img/security%20prototype.svg)

references.bib

@@ -133,6 +133,16 @@ @article{hellersteinKeepingCALMWhen2019
   keywords = {Computer Science - Databases,Computer Science - Distributed; Parallel; and Cluster Computing,Computer Science - Programming Languages,Computer Science - Software Engineering}
 }
 
+@misc{hermanRDFGraphLiterals2010,
+  title = {{{RDF Graph Literals}} and {{Named Graphs}}},
+  author = {Herman, Ivan},
+  year = {2010},
+  month = feb,
+  url = {https://www.w3.org/2009/07/NamedGraph.html},
+  urldate = {2022-01-19},
+  abstract = {This document introduces a formal semantics for (RDF) Graph Literals and Named Graphs. Graph Literals allow applications to make statements on triples (eg, provenance) without really asserting them, ie, without ensuring their existence. Named Graphs makes it possible to assign a URI to a collection of triples, and being able to make statements on the whole set (in some ways, the URI of an RDF/XML file that contains a number of triples can be considered to be a Named Graph).}
+}
+
 @misc{jagannathanAdvancedThreatModelling2012,
   title = {Advanced {{Threat Modelling Knowledge Session}}},
   author = {Jagannathan, Venkatesh},
@@ -177,7 +187,6 @@ @article{Ma2020Writing
 }
 
 @phdthesis{millerRobustCompositionUnified2006,
-  type = {{{PhD Thesis}}},
   title = {Robust {{Composition}}: Towards a {{Unified Approach}} to {{Access Control}} and {{Concurrency Control}}},
   author = {Miller, Mark Samuel},
   year = {2006},
@@ -267,6 +276,18 @@ @misc{raevuoriBaswarePersonalData2020
   urldate = {2021-07-02}
 }
 
+@misc{rixhamRDFNamedGraphs2012,
+  type = {Blog},
+  title = {{{RDF}}: Named {{Graphs}} -vs- {{Graph Literals}} \textendash{} Webr3.Org},
+  shorttitle = {{{RDF}}},
+  author = {Rixham, Nathan},
+  year = {2012},
+  month = mar,
+  url = {http://webr3.org/blog/semantic-web/rdf-named-graphs-vs-graph-literals/},
+  urldate = {2022-01-19},
+  abstract = {An overview of Named Graphs and Graph Literals and the distinctions between them.}
+}
+
 @techreport{Sabadello:21:DI,
   type = {{{W3C}} Proposed Reccommendation},
   title = {Decentralized Identifiers ({{DIDs}}) v1.0},

threats/README.md

@@ -53,6 +53,12 @@ This section will comprise a data flow diagram composed with the [OWASP Threat D
 
 Prioritising the analysed threat vectors and relating them to the next phase of security design.
 
+## mindmap
+
+(Source: `./threat modeling.mm`)
+
+![threat modeling](./img/threat%20modeling.svg)
+
 ---
 
 _For bibliographic references, see the [project references file](../references.bib)._