- From: Andy Seaborne <andy.seaborne@epimorphics.com>
- Date: Tue, 03 Jan 2012 11:19:51 +0000
- To: public-rdf-dawg@w3.org, Thomas Roessler <tlr@w3.org>
On 03/01/12 03:45, Axel Polleres wrote: > > As far as the security considerations are concerned, a few observations > and questions: > > 1. It appears from some parts of the specification that an UPDATE sent > to a SPARQL endpoint can cause that endpoint to send an UPDATE to > another SPARQL endpoint. It doesn't look as though SPARQL includes any > considerations around authentication and authorization for these sorts > of scenarios. Is the first endpoint supposed to just pass on > credentials? Something else? Unspecified? It would be useful to > explain the delegation story in the security considerations a bit more, > even if it boils down to "haven't dealt with it yet". This should not be possible. A SPARQL Update language can't talk about or cause a remote update. An update can contain a remote query (read-only) - maybe that is the confusion "SPARQL endpoint" is ambiguous as to query vs update. Andy
Received on Tuesday, 3 January 2012 11:20:19 UTC