You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to skd
A topic we should keep an eye on...
------ Forwarded Message From: Brian Manley <brian....@gmail.com> Date: Tue, 2 Sep 2008 18:55:24 +0100 To: <semant...@w3.org> Subject: SPARQL Security - Best Practices?
All,
Have any best-practices emerged with regard to authentication and
authorization for SPARQL endpoints?
It appears that using basic HTTP authentication and security methods
(basic realm authentication, SSL, etc. ) are sufficient for access to
an endpoint, but what about authorization at the triple level? For
example, restricting the triples that are queriable by an
authenticated user?
My initial instinct is to use named graphs (user "A" can only query
graph "A"). But that seems rather limiting, as I might want to devise
a hierarchical authorization scheme where, for example, a manager can
query on a subordinate's triples. Perhaps I can take some of the ideas
for row-level security in the relational database world (though
everything I find is patented).
Has this been done? By who? Got a link? :)
Any thoughts or pointers on this would be appreciated.