Section 3 of SPARQL protocol partially out of scope. from Thomas Roessler on 2005-11-17 (public-rdf-dawg-comments@w3.org from November 2005)

From: Thomas Roessler <tlr@w3.org>
Date: Thu, 17 Nov 2005 11:36:33 +0100
To: public-rdf-dawg-comments@w3.org
Cc: Rigo Wenning <rigo@w3.org>
Message-ID: <20051117103633.GH4185@lavazza.does-not-exist.org>

Hello,

I notice that section 3 of the current SPARQL protocol draft [1]
suggests non-anonmyized logging of queries in what seems to be
normative text:

[[ 
	Further, since SPARQL query processing services may make
	HTTP requests of other origin servers on behalf of its
	clients, it may be used as a vector of attacks against other
	sites or services. In this case, since it's acting,
	effectively, as a proxy for a third-party client, it is
	important to avoid anonymizing the client requests such that
	valid forensic tracing is impeded. SPARQL query processing
	services SHOULD log client requests in such a way as to
	avoid anonymizing them with regard to third-party origin
	servers or services, and they should do so in keeping with
	the Privacy considerations discussed below.
]] 
   -- http://www.w3.org/TR/2005/WD-rdf-sparql-protocol-20050914/#policy-security

What is being logged, and how, strikes me as a typical local policy
decision that should be out of scope for the SPARQL spec (the spec
certainly shouldn't include normative language on this topic); at
the same time, the suggested logging is a poor remedy for the thread
that is being discussed.

How about the following instead?

[[ 
	SPARQL query processing services may make HTTP requests of
	other origin servers on behalf of clients, effectively
	acting as a proxy for a third-party client.  This ability
	may lead to an abuse of SPARQL query processing services as
	an attack vector. Services MAY place restrictions on the
	resources that they retrieve, or on the rate at which
	external resources can be retrieved.  In keeping with the
	privacy considerations discussed below, SPARQL query
	processing services MAY elect to log client requests that
	lead to HTTP requests of other origin servers, in order to
	facilitate tracing of attacks. 
]]

(One could go further in discussing the kinds of restrictions that
may be placed -- such as refusing to send HTTP requests to printers
on port 631 --, but I'm not convinced that this will be very useful
here.)

Regards,
-- 
Thomas Roessler, W3C   <tlr@w3.org>

Received on Thursday, 17 November 2005 10:36:37 UTC