- From: Kingsley Idehen <kidehen@openlinksw.com>
- Date: Mon, 28 Apr 2014 12:35:45 -0400
- To: public-ldp-wg@w3.org
- Message-ID: <535E8361.4@openlinksw.com>
On 4/28/14 11:52 AM, Sandro Hawke wrote: >> >> [*] I am not certain what the atomic level really is here -- >> document, triple, subject, subject+predicate -- but I am >> fairly certain it's at least document, and being able to >> say that "most documents are WORLD-READ, but *this one* >> is OWNER-READ, WORLD-NONE" seems key. > > My inclination is to just do per-document access control. Yes. > If you want something more fine-grained, then use smaller documents. Yes. > I think it is reasonable, however, to track access control through > merging -- so you might have a graph formed by merging 100 different > graphs, and so a given user who can only see some of those hundred can > only see part of the merged graph. A view over several named graphs, subject to acls on each of the named graphs. > If you do the merge at request time, its easy enough. If you want to > pre-calculate the merge, it gets very tricky. Do you let the user > know he's seeing a partially-obscured graph? Probably. In the definition of the view. Named Graph Identifiers denote documents that might be accessible from an HTTP URL or some internal DBMS location (which is really an internal DBMS specific identifier too). -- Regards, Kingsley Idehen Founder & CEO OpenLink Software Company Web: http://www.openlinksw.com Personal Weblog: http://www.openlinksw.com/blog/~kidehen Twitter Profile: https://twitter.com/kidehen Google+ Profile: https://plus.google.com/+KingsleyIdehen/about LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 28 April 2014 16:36:09 UTC