Re: tomorrow's agenda (and initial open ISSUES summary.. ) [ISSUE-19]

Hi,

On 26 Jul 2010, at 14:12, Axel Polleres wrote:

[...]

> 
> =======================================================================
> 
> ISSUE-19
> Security issues on SPARQL/UPdate
> 
> The current section in the draft
> http://www.w3.org/2009/sparql/docs/update-1.1/Overview.xml#sec_security
> is still fairly empty. 
> Do the editors think they have sufficient information to draft this section?
> Did we collect relevant issues already in one place?
> I would like to keep this OPEN until we have a reasonable draft for this section.

By listing security issues in this section, I'm afraid that we will miss some and will had lots of discussions on which ones to / not to add (DOS, Authentication, Insertions, Malicious data, spam, etc. - while some are also related to the protocol)
Actually, I'd rather list none but have a single sentence saying "the specification does not address security concerns related to SPARQL/Update and that implementers and users MUST be aware of security concerns when allowing SPARQL/Update on their dataset".

Alex.

--
Dr. Alexandre Passant
Digital Enterprise Research Institute
National University of Ireland, Galway
:me owl:sameAs <http://apassant.net/alex> .

Received on Tuesday, 27 July 2010 12:01:49 UTC