Re: major technical: no privilege model [OK?]

On Thu, 2006-01-12 at 13:44 -0800, Fred Zemke wrote:
> There is no security or privilege model.

There is a very crude privilege model in the SPARQL protocol:

[[
QueryRequestRefused

This fault message must be returned when a client submits a request that
the server is unable or unwilling to process, perhaps because of
resource consumption or other policy considerations.
]]
 -- http://www.w3.org/TR/rdf-sparql-protocol/

Beyond that, as you observe, there is a very large design space...

>   I suppose this might be construed
> that there is a very coarse-grained privilege, either a user can see
> a graph (ie, the implementation resolves the graph's IRI for the user)
> or not.  And implementations might take that a step further and
> arrange things so that one IRI might name a subgraph of another IRI.
> If the graph or the user community is large,
> the administrator will probably prefer the ability to control access
> with fine-grained privileges. For example, the administrator may wish to
> grant or deny access to triples on the basis of the predicate, the subject,
> the object, or perhaps by reachability from selected starting nodes. 


The Working Group did not identify any requirement for a standard
privelege model (beyond the crude "refused" mechanism) while gathering
requirements for this version of SPARQL.
   http://www.w3.org/TR/rdf-dawg-uc/

Also, we are well beyond the point in our schedule where we can
reasonably accomodate major new requirements, and it's not
clear that this is within our chartered scope at all.
  http://www.w3.org/2003/12/swa/dawg-charter

I hope you find this response satisfactory. Please let us know
whether you do.



> Fred Zemke
-- 
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E

Received on Wednesday, 25 January 2006 15:44:27 UTC