VAL Internals - For Developers and Power-Users

Table of Contents

• Named Graphs Used Throughout VAL
  • The VAL Configuration Graph
  • Graphs used in the VAL ACL System
    • VAL ACL Rule Graphs
    • VAL ACL Scheme Graph
    • VAL ACL Resource Ownership Graphs
  • VAL owl:sameAs graph

Named Graphs Used Throughout VAL

VAL uses a set of private named graphs to store all kinds of configuration and user data. This includes ACL rules and the likes. The following sections give an overview of the graphs used in VAL.

The VAL Configuration Graph

VAL uses one main configuration graph named urn:virtuoso:val:config (See also VAL.DBA.val_config_graph_uri()).

This graph is typically filled manually or by UI.

Graphs used in the VAL ACL System

VAL's own The VAL ACL Rule and Group System uses a number of private graphs to store its data:

VAL ACL Rule Graphs

VAL's ACL system uses one private graph for rules, one for groups, and one for restrictions. Each application realm defines its own set of rules, groups, and restrictions. Thus, each realm has its own set of these three private graphs. The following list shows the default graphs which can be customized as described in Customizing the ACL Graphs. (In the following examples HOST refers to the default hostname of the Virtuoso instance.)

• The graph that stores ACL rules consists of a prefix http://HOST/acl/graph/rules/ and the URL-encoded realm URI (see also VAL.DBA.val_acl_rule_graph()).
  Example: The rule graph for the default realm is http://HOST/acl/graph/rules/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm.
• The graph that stores ACL groups consists of a prefix http://HOST/acl/graph/groups/ and the URL-encoded realm URI (see also VAL.DBA.val_acl_group_graph()).
  Example: The group graph for the default realm is http://HOST/acl/graph/groups/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm.
• The graph that stores ACL restrictions consists of a prefix http://HOST/acl/graph/restrictions/ and the URL-encoded realm URI (see also VAL.DBA.val_restrictions_graph()).
  Example: The restrictions graph for the default realm is http://HOST/acl/graph/restrictions/http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23DefaultRealm.

VAL ACL Scheme Graph

To ensure that nobody can tamper with default access modes and the like it is important that the Openlink ACL and restriction ontologies are stored in a private trusted graph.

VAL uses the ACL schema graph urn:virtuoso:val:acl:schema for this purpose. It is mandatory for both the ACL and the restriction ontologies to be loaded into this graph for the VAL ACL system to work properly.

Other applications also need to copy their specific ACL scope definitions into this graph.

See also

VAL.DBA.get_acl_schema_graph ()

VAL ACL Resource Ownership Graphs

VAL defines one resource ownership graph group for each scope. The graph consists of a prefix urn:virtuoso:val:ownership: and the URL-encoded scope URI (see also VAL.DBA.ownership_graph_group ()).
Example: The ownership graph group for the private graph scope is urn:virtuoso:val:ownership:http%3A%2F%2Fwww.openlinksw.com%2Fontology%2Facl%23PrivateGraphsScope.

VAL owl:sameAs graph

VAL uses private graph urn:virtuoso:val:online:accounts (see also VAL.DBA.val_owl_sameas_graph()) to store owl:sameAs relations for all service ids which are considered to identify the same person. See also VAL.DBA.update_user_online_mapping().