Re: Linking non-open data

Matthias,

I'm a bit late to this thread but will add my €0.02 anyway.

I agree that simple HTTP authentication is the first approach we  
should look at, it might be enough in many cases. This is, in fact,  
what Twine are doing at the moment, they are still in private beta and  
require you to HTTP-authenticate to access any of the RDF.

Peter asked how to convey to a client what waits behind the  
authentication wall, so the client can decide wether it should try  
getting credentials. I think the most obvious place to put this is  
into the HTTP response body that is sent along with the "401  
Authentication Required" response. Usually the response body would be  
a default Apache HTML error page, but why not put some useful RDF there?

The whole issue of sharing private data between applications has been  
explored in depth by the Web 2.0 community for a couple of years now,  
in the context of mashups and RESTful APIs. A typical scenario is that  
you want to expose your private data stored in application A to  
application B, but don't want to give full access (or your password)  
to application B. The emerging standard in this area is OAuth [1, used  
e.g. by Twitter], and exploring how OAuth could be used to manage data  
access between Linked Data apps would certainly be interesting.

There was a thread about these issues raging on the FOAF list [2, look  
for “privacy and open data” and “RDFAuth”], I didn't follow it closely  
but I think that OAuth was also discussed there. Henry Story came up  
with what looks like a pretty complete proposal which he blogged here:  
[3].

This is a very interesting topic and definitely worth exploring further.

Best,
Richard

[1] http://oauth.net/
[2] http://lists.foaf-project.org/pipermail/foaf-dev/
[3] http://blogs.sun.com/bblfish/entry/foaf_ssl_creating_a_global


On 17 Apr 2008, at 10:01, Matthias Samwald wrote:
>
> I hope this is not too off-topic for a mailing list entitled  
> 'linking open data'...
>
> A question that will surely arise in many places when more people  
> get to know about the linked data initiative and the growing  
> infrastructure of linked open data is: how can these principles be  
> applied to organizational data that might not / only partially be  
> open to the public web? People will soon try to develop practices  
> for selectively protecting parts of their linked data with fine- 
> grained access rights. Could simple HTTP authentication be useful  
> for linked data? How does authentication work for SPARQL endpoints  
> containing several named graphs? Can we use RDF vocabularies to  
> represent access rights? Should such vocabularies be standardized?
>
> Is there any ongoing work on defining such practices (or even 'best  
> practices')?
>
> Cheers,
> Matthias Samwald
> Semantic Web Company, Austria // DERI Galway, Ireland
> http://www.semantic-web.at/
> http://www.deri.ie/
>
>
>

Received on Tuesday, 22 April 2008 17:05:08 UTC