($and/ <== DO NOT REMOVE - switch for preventing MathML interpretation of dollar signs on this page)

About

This page describes the proposed structural "branches" of XDI link contracts.

Change Log

Introduction

XDI link contracts are how XDI provides portable semantic authorization. See the LinkContractPattern page for more background.

Every link contract is an XDI subgraph whose root node is a $contract entity. Each subentity in the $contract context represents a "branch" of the authorization description logic. This page describes each of these branches.

$do - Permissions Branch

This branch defines the permissions granted by the link contract. Each permission is expressed as an XDI relation using an XDI operator (e.g., $get, $add, $mod, $del, etc.) The target of the relation is the XDI subgraph to which the XDI operator is granted permission.

TODO - EXAMPLE

$do$if - Execution Policy Branch

This branch defines the policies that must be satisfied in order to execute the permissions granted by the permissions branch.

TODO - MORE EXPLANATION AND EXAMPLES

TODO - ADD OTHER $do*$if SUBRANCHES

$purpose - Purpose Branches

These branches define the purpose(s) of the link contract, i.e., the permitted uses of the permissioned data.

$required$purpose - Required Purposes

A required purpose is one the authorizing authority must agree to if the contract is accepted.

...$contract$required$purpose/$has/<==target-usage-purpose==>

$opt-in$purpose - Opt-In Purposes

An opt-in purpose is one that is not authorized unless the authorizing authority explicitly allows it. An opt-in purpose MUST be automatically be deleted from the link contract template when instantiating the link contract unless the authorizing authority explicitly authorizes it to keep it.

...$contract$opt-in$purpose/$has/<==target-usage-purpose==>

$opt-out$purpose - Opt-Out Purposes

An opt-out purpose is one that is authorized unless the authorizing authority explicitly denies it. An opt-out purpose MUST be retained when instantiating the link contract unless the authorizing authority explicitly requests for it to be deleted.

...$contract$opt-out$purpose/$has/<==target-usage-purpose==>

TODO - DEFINE THE ATTRIBUTES OF A $purpose ENTITY

$start$t - Contract Start Timestamp

The starting timestamp of the contract.

$end$t - Contract End Timestamp

The ending timestamp of the contract.

LinkContractBranches (last edited 2017-01-17 08:14:31 by drummond)