W3C home > Mailing lists > Public > public-rdf-dawg@w3.org > July to September 2010

Re: tomorrow's agenda (and initial open ISSUES summary.. ) [ISSUE-19]

From: Alexandre Passant <alexandre.passant@deri.org>
Date: Tue, 27 Jul 2010 13:01:13 +0100
Cc: SPARQL Working Group <public-rdf-dawg@w3.org>
Message-Id: <BD86ADC2-B411-4EA5-AB85-3CEF4A825F36@deri.org>
To: Axel Polleres <axel.polleres@deri.org>
Hi,

On 26 Jul 2010, at 14:12, Axel Polleres wrote:

[...]

> 
> =======================================================================
> 
> ISSUE-19
> Security issues on SPARQL/UPdate
> 
> The current section in the draft
> http://www.w3.org/2009/sparql/docs/update-1.1/Overview.xml#sec_security
> is still fairly empty. 
> Do the editors think they have sufficient information to draft this section?
> Did we collect relevant issues already in one place?
> I would like to keep this OPEN until we have a reasonable draft for this section.

By listing security issues in this section, I'm afraid that we will miss some and will had lots of discussions on which ones to / not to add (DOS, Authentication, Insertions, Malicious data, spam, etc. - while some are also related to the protocol)
Actually, I'd rather list none but have a single sentence saying "the specification does not address security concerns related to SPARQL/Update and that implementers and users MUST be aware of security concerns when allowing SPARQL/Update on their dataset".

Alex.

--
Dr. Alexandre Passant
Digital Enterprise Research Institute
National University of Ireland, Galway
:me owl:sameAs <http://apassant.net/alex> .
Received on Tuesday, 27 July 2010 12:01:49 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 16:15:43 GMT