- From: Dan Connolly <connolly@w3.org>
- Date: Wed, 25 Jan 2006 09:44:22 -0600
- To: Fred Zemke <fred.zemke@oracle.com>
- Cc: public-rdf-dawg-comments@w3.org
On Thu, 2006-01-12 at 13:44 -0800, Fred Zemke wrote: > There is no security or privilege model. There is a very crude privilege model in the SPARQL protocol: [[ QueryRequestRefused This fault message must be returned when a client submits a request that the server is unable or unwilling to process, perhaps because of resource consumption or other policy considerations. ]] -- http://www.w3.org/TR/rdf-sparql-protocol/ Beyond that, as you observe, there is a very large design space... > I suppose this might be construed > that there is a very coarse-grained privilege, either a user can see > a graph (ie, the implementation resolves the graph's IRI for the user) > or not. And implementations might take that a step further and > arrange things so that one IRI might name a subgraph of another IRI. > If the graph or the user community is large, > the administrator will probably prefer the ability to control access > with fine-grained privileges. For example, the administrator may wish to > grant or deny access to triples on the basis of the predicate, the subject, > the object, or perhaps by reachability from selected starting nodes. The Working Group did not identify any requirement for a standard privelege model (beyond the crude "refused" mechanism) while gathering requirements for this version of SPARQL. http://www.w3.org/TR/rdf-dawg-uc/ Also, we are well beyond the point in our schedule where we can reasonably accomodate major new requirements, and it's not clear that this is within our chartered scope at all. http://www.w3.org/2003/12/swa/dawg-charter I hope you find this response satisfactory. Please let us know whether you do. > Fred Zemke -- Dan Connolly, W3C http://www.w3.org/People/Connolly/ D3C2 887B 0F92 6005 C541 0875 0F91 96DE 6E52 C29E
Received on Wednesday, 25 January 2006 15:44:27 UTC