W3C home > Mailing lists > Public > public-rdf-dawg-comments@w3.org > January 2006

Re: [OK?] Re: Section 3 of SPARQL protocol partially out of scope.

From: Kendall Clark <kendall@monkeyfist.com>
Date: Wed, 18 Jan 2006 09:45:49 -0500
Message-Id: <8278F79A-AAAF-45AF-ACA5-60040FC79CFE@monkeyfist.com>
Cc: public-rdf-dawg-comments@w3.org, Rigo Wenning <rigo@w3.org>
To: Thomas Roessler <tlr@w3.org>


On Jan 18, 2006, at 4:12 AM, Thomas Roessler wrote:

> On 2006-01-17 16:59:54 -0500, Kendall Clark wrote:
>
>> The latest version (http://www.w3.org/2001/sw/DataAccess/proto-wd/
>> #policy) of the editor's draft now reads (in relevant part):
>>
>> Since a SPARQL protocol service may make HTTP requests of other
>> origin servers on behalf of its clients, it may be used as a vector
>> of attacks against other sites or services. Thus, SPARQL protocol
>> services may effectively act as proxies for third-party clients. Such
>> services may place restrictions on the resources that they retrieve
>> or on the rate at which external resources can be retrieved. SPARQL
>> protocol services may log client requests in such a way as to
>> facilitate tracing them with regard to third-party origin servers or
>> services.
>>
>> Does this satisfy yr concerns?
>
> Yes, this is better.  You could also state the obvious and note
> that SPARQL services may place restrictions on the resources
> that they can access on behalf of their clients.

The spec says that in two different ways in two places (See  
QueryRequestRefused and the 3rd sentence of 3.1 Security.)

> (Incidentally, is the protocol able to report this condition
> [don't want to access a resource] back to the client?)

Not that specifically, no. It can say QueryRequestRefused as a WSDL  
fault, and it can return any HTTP status code, but I don't know of  
any HTTP status code that's on-point here. It would be a status code  
used by proxies, and I think they typically just pass back a 404.

The WG has the option to define a WSDL fault specifically for this  
purpose -- say, RdfDatasetError -- but it has not chosen to do so.

Cheers,
Kendall Clark
Received on Wednesday, 18 January 2006 14:46:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:14:50 GMT