W3C home > Mailing lists > Public > semantic-web@w3.org > September 2008

Re: SPARQL Security - Best Practices?

From: Marco Brandizi <brandizi@ebi.ac.uk>
Date: Fri, 05 Sep 2008 08:51:15 +0100
Message-ID: <48C0E4F3.3080408@ebi.ac.uk>
To: Damian Steer <pldms@mac.com>
CC: semantic-web@w3.org

Damian Steer wrote:

> So, as you suggest, we use graphs as the basis. We then mix in a 
> function P(A,G) => boolean, which tells us whether user A has permission 
> to query G. (or, indeed, to write or delete)
> SELECT ?privateinfo WHERE { :damian :knows ?privateinfo }
> becomes
> SELECT ?privateinfo WHERE { GRAPH ?g { :damian :knows ?privateinfo } 
> FILTER (?g = <allowed> || ?g = <alsoallowed>) } # please forgive my 
> syntax here


do you have some strategy to manage a use case like "N results exist, 
but you are authorized to see only k of them?".

Moreover, I wonder if someone have ideas about mixing access to 
explicitly declared triples and inferred statements. For instance, if a 
triple is entailed by other triples the user hasn't access to, one 
should decide if the inferred triple is accessible (e.g.: is at the same 
level of details of the premise) or not (e.g.: the consequence 
represents an aggregate information).


Marco Brandizi <brandizi@ebi_NOSPAM_ac.uk>

NET Project - Software Engineer

European Bioinformatics Institute
Hinxton, CB10 1SD, United Kingdom
Office A3141
Received on Friday, 5 September 2008 07:51:58 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 1 March 2016 07:42:07 UTC