- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Wed, 05 Sep 2012 07:47:23 -0400
- To: public-rww@w3.org
- Message-ID: <50473BCB.5040800@openlinksw.com>
On 9/5/12 7:29 AM, Niclas Hoyer wrote: > Hi, > > I know that managing SPARQL queries with tools is nearly impossible > (at least if we are trying to do it in a user friendly way like "allow > access to all my friends" or "allow access to all my family members"). > > I think I did not understand the protocol for triple based access > control with UAC correctly. How is access evaluated for a user? > > Is it possible to offer an "shielded" SPARQL endpoint with the graph > based access control and UAC? I'm thinking of extending remoteStorage > enabled servers by an SPARQL endpoint, so that in addition to resource > based storage one could also store RDF data and query the linked data > with SPARQL. You can protect a SPARQL endpoint using WebID ACLs based on any ACL oriented ontology. I've put out some examples of late, and for years this has been possible re. DBpedia (even though its opened to the public for read-only access). In our platform (Virtuoso) you can use SPARQL ASK to construct advanced ACLs. > [SNIP] > > Regards, > Niclas Links: 1. https://plus.google.com/s/webid%20acls%20idehen%20sparql -- some G+ posts about ACLs that leverage the WebID protocol Kingsley > >> Hi, >> >> UAC covers access control for triples, graphs and resources. The >> ontology uses the "follow your nose" concept. That means access control >> for resources can be based on triples which point to the resource. Just >> have a look at the gallery example I mentioned in my first email. I >> think shi3ld is designed only for graph access control. >> >> UAC does not require an additional language. The access control model is >> directly mapped into triples. In the future we need tools to manage >> access control. I think it's easier to program tools which handle UAC >> than SPARQL. In the last meeting we discussed the possibility of a >> SPARQLFilter class. It's possible to create custom filters, but we >> suggest to use the already defined filters because of the earlier >> mentioned reason. >> >> With triple access control there is no requirement to separated your >> graphs for the access control. But that's up to you. If you don't like >> the idea of triple access control just use the graph part. >> >> Request for access [1] could be based on UAC. Think about the dialog >> shown to a user. Making a complex SPARQL query readable is quite complex >> from my point of view. But for that topic a different spec must created >> afterwards. >> >> We are still in the concept stage. The graph part for example is not yet >> defined. If you think something else is missing, share your ideas on the >> mailing list and/or join the next meeting. >> >> [1] http://www.w3.org/community/rww/wiki/Scope#Request_for_Access > > > > -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter/Identi.ca handle: @kidehen Google+ Profile: https://plus.google.com/112399767740508618350/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Wednesday, 5 September 2012 11:50:12 UTC