first commmit

.gitignore

@@ -0,0 +1,117 @@
+# Specific project folders
+db/
+dashboard/
+api/
+
+# Logs
+logs
+*.log
+
+# Runtime data
+pids
+*.pid
+*.seed
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Compiled binary addons (http://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directory
+# Commenting this out is preferred by some people, see
+# https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git-
+node_modules
+
+# Users Environment Variables
+.lock-wscript
+
+# IDEs and editors (shamelessly copied from @angular/cli's .gitignore)
+/.idea
+.project
+.classpath
+.c9/
+*.launch
+.settings/
+*.sublime-workspace
+
+# IDE - VSCode
+.vscode/*
+!.vscode/settings.json
+!.vscode/tasks.json
+!.vscode/launch.json
+!.vscode/extensions.json
+
+### Linux ###
+*~
+
+# temporary files which can be created if a process still has a handle open of a deleted file
+.fuse_hidden*
+
+# KDE directory preferences
+.directory
+
+# Linux trash folder which might appear on any partition or disk
+.Trash-*
+
+# .nfs files are created when an open file is removed but is still being accessed
+.nfs*
+
+### OSX ###
+*.DS_Store
+.AppleDouble
+.LSOverride
+
+# Icon must end with two \r
+Icon
+
+
+# Thumbnails
+._*
+
+# Files that might appear in the root of a volume
+.DocumentRevisions-V100
+.fseventsd
+.Spotlight-V100
+.TemporaryItems
+.Trashes
+.VolumeIcon.icns
+.com.apple.timemachine.donotpresent
+
+# Directories potentially created on remote AFP share
+.AppleDB
+.AppleDesktop
+Network Trash Folder
+Temporary Items
+.apdisk
+
+### Windows ###
+# Windows thumbnail cache files
+Thumbs.db
+ehthumbs.db
+ehthumbs_vista.db
+
+# Folder config file
+Desktop.ini
+
+# Recycle Bin used on file shares
+$RECYCLE.BIN/
+
+# Windows Installer files
+*.cab
+*.msi
+*.msm
+*.msp
+
+# Windows shortcuts
+*.lnk
+
+# Others
+lib/
+data/

.vscode/launch.json

@@ -0,0 +1,14 @@
+{
+    // Use IntelliSense to learn about possible attributes.
+    // Hover to view descriptions of existing attributes.
+    // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+    "version": "0.2.0",
+    "configurations": [
+        {
+            "type": "node",
+            "request": "launch",
+            "name": "Launch Program",
+            "program": "${workspaceFolder}/api/src/index.js"
+        }
+    ]
+}

README.md

@@ -0,0 +1,41 @@
+# GRAKN - GDPR
+
+This project describes how to use GRAKN to track personal data:
+* imported and export
+* use of each personal item (email, name) across systems
+* authorization
+* actions on that data
+* User dashboard to have an overview on the use of his data.
+
+## Project structure
+### /api
+Node.js api that is used as the central point and lingua franca for all systems to communicate with GRAKN.AI.
+The API uses a mongo database to manage API users, but that could be anything.
+### /dashboard
+Vuejs Dashboard that is used to display users data. That is the visible part of GDPR for users
+### /data
+Test data to load in GRAKN.AI
+### /rules
+Rules to lo load in GARKN.AI
+### /schema
+
+# Todo
+Add response from system after deletion 
+
+# Schema
+Grakn GDPR schema example.
+TODO add content schema.
+
+
+# Getting started
+Call the loading script with the following params:
+```js
+    './load.sh <path> <keyspace>'
+```
+
+The path is the path to the `grakn` install directory if GRAKN is installed at the root:
+```js
+    './load.sh grakn grakn'
+```
+
+This script will load the ontology, the demo data and the rules.

compose.yml

@@ -0,0 +1,5 @@
+grakn:
+  container_name: GRAKN
+  image: graknlabs/grakn
+  restart: always
+  volumes: ~/db:/grakn/db/

load.sh

@@ -0,0 +1,28 @@
+#!/bin/bash
+
+## Usage: ./load.sh PATH_TO_GRAKN KEYSPACE
+
+# The following will make the script future proof
+GRAKN="$HOME/$1"
+LOAD="$GRAKN/./graql console  -f"
+BATCH="$GRAKN/./graql console  -b"
+
+KEYSPACE="-k $2"
+
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+
+RULES="$DIR/rules"
+DATA="$DIR/data"
+
+# Change this with the directory of the ontology you want to load
+ONTOLOGY="$DIR/schema"
+
+
+echo "Loading ontology and rules"
+date; $LOAD "$ONTOLOGY/gdpr.gql" $KEYSPACE
+date; $LOAD "$RULES/rules.gql" $KEYSPACE
+
+echo "Loading some fake data"
+date; $LOAD "$DATA/test.gql" $KEYSPACE
+
+date

rules/rules.gql

@@ -0,0 +1,17 @@
+define
+
+is-authorized sub rule,
+when {
+    (demand: $a, needed: $b) isa needs;
+    (requisite: $b, requester: $c ) isa requires;
+} then {
+    (authorizer: $a, authorized: $c) isa authorizes;
+};
+
+is-revoked sub rule,
+when {
+    (revoker:$a, revoked:$b) isa revoke;
+    (requisite:$b, requester: $c) isa requires;
+} then {
+    (withdrawer:$a, withdrawn:$c) isa withdraws;
+};

schema/gdpr.gql

@@ -0,0 +1,151 @@
+define
+
+# Entities
+anonymous sub entity
+    has timestamp
+
+    plays incognito;
+
+person sub entity
+    has timestamp
+    has type
+    has identifier
+
+    plays identified
+    plays imported
+    plays importer
+    plays exported
+    plays exporter
+    plays owner;
+
+property sub entity is-abstract
+    has value
+    plays owned
+    plays demand
+    plays authorizer
+    plays exported
+    plays imported
+    plays revoker
+    plays withdrawer;
+
+last-name sub property;
+first-name sub property;
+email sub property;
+
+address sub property
+    has value;
+city sub address;
+zip sub address;
+street1 sub address;
+street2 sub address;
+street3 sub address;
+
+system sub entity
+    has value
+    has icon
+
+    plays importer
+    plays exporter
+    plays requester
+    plays authorized
+    plays exported-to
+    plays imported-to;
+
+authorization sub entity
+    has name
+    has description
+    has timestamp
+    has expiration-date
+
+    plays needed    
+    plays requisite
+    plays revoked
+    plays withdrawn;
+
+# Resources
+value sub attribute datatype string;
+icon sub attribute datatype string;
+name sub attribute datatype string;
+description sub attribute datatype string;
+timestamp sub attribute datatype long;
+expiration-date sub attribute datatype date;
+type sub attribute datatype string;
+identifier sub attribute datatype long;
+
+# Relations
+
+## Attributes belong to a person
+belongs sub relationship
+    relates owner
+    relates owned;
+
+## match an anonymous person with a real one
+identifies sub relationship
+    has timestamp
+
+    relates incognito
+    relates identified;
+
+## A system requires a property through an authorization
+## This is usefull as a system can be quired and display
+## all the properties it needs to work.
+requires sub relationship
+    relates requester
+    relates requisite;
+
+## Attributes (email, first-name, etc.) demand an
+## authorizaiton to be used by systems
+needs sub relationship
+    relates demand
+    relates needed;
+
+## relation beteween an attribute and a system
+
+action sub relationship is-abstract
+    has timestamp;
+
+import sub action
+    relates imported
+    relates importer
+    relates imported-to;
+
+export sub action
+    relates exported
+    relates exporter
+    relates exported-to;
+
+revoke sub action
+    relates revoked
+    relates revoker;
+
+## relations used by inferences
+authorizes sub relationship
+    relates authorized
+    relates authorizer;
+
+withdraws sub relationship
+    relates withdrawn
+    relates withdrawer;
+
+# Roles
+owner sub role;
+owned sub role;
+requester sub role;
+requisite sub role;
+demand sub role;
+needed sub role;
+incognito sub role;
+identified sub role;
+authorized sub role;
+authorizer sub role;
+imported sub role;
+importer sub role;
+imported-to sub role;
+exported sub role;
+exporter sub role;
+exported-to sub role;
+revoked sub role;
+revoker sub role;
+withdrawn sub role;
+withdrawer sub role;
+