W3C home > Mailing lists > Public > public-rdf-dawg-comments@w3.org > January 2006

Re: major technical: no privilege model [OK?]

From: Dan Connolly <connolly@w3.org>
Date: Wed, 25 Jan 2006 09:44:22 -0600
To: Fred Zemke <fred.zemke@oracle.com>
Cc: public-rdf-dawg-comments@w3.org
Message-Id: <1138203863.4991.528.camel@dirk.w3.org>

On Thu, 2006-01-12 at 13:44 -0800, Fred Zemke wrote:
> There is no security or privilege model.

There is a very crude privilege model in the SPARQL protocol:


This fault message must be returned when a client submits a request that
the server is unable or unwilling to process, perhaps because of
resource consumption or other policy considerations.
 -- http://www.w3.org/TR/rdf-sparql-protocol/

Beyond that, as you observe, there is a very large design space...

>   I suppose this might be construed
> that there is a very coarse-grained privilege, either a user can see
> a graph (ie, the implementation resolves the graph's IRI for the user)
> or not.  And implementations might take that a step further and
> arrange things so that one IRI might name a subgraph of another IRI.
> If the graph or the user community is large,
> the administrator will probably prefer the ability to control access
> with fine-grained privileges. For example, the administrator may wish to
> grant or deny access to triples on the basis of the predicate, the subject,
> the object, or perhaps by reachability from selected starting nodes. 

The Working Group did not identify any requirement for a standard
privelege model (beyond the crude "refused" mechanism) while gathering
requirements for this version of SPARQL.

Also, we are well beyond the point in our schedule where we can
reasonably accomodate major new requirements, and it's not
clear that this is within our chartered scope at all.

I hope you find this response satisfactory. Please let us know
whether you do.

> Fred Zemke
Dan Connolly, W3C http://www.w3.org/People/Connolly/
D3C2 887B 0F92 6005 C541  0875 0F91 96DE 6E52 C29E
Received on Wednesday, 25 January 2006 15:44:27 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:52:07 UTC