SPARQL Security - Best Practices?

All,

Have any best-practices emerged with regard to authentication and  
authorization for SPARQL endpoints?

It appears that using basic HTTP authentication and security methods  
(basic realm authentication, SSL, etc. ) are sufficient for access to  
an endpoint, but what about authorization at the triple level? For  
example, restricting the triples that are queriable by an  
authenticated user?

My initial instinct is to use named graphs (user "A" can only query  
graph "A"). But that seems rather limiting, as I might want to devise  
a hierarchical authorization scheme where, for example, a manager can  
query on a subordinate's triples. Perhaps I can take some of the ideas  
for row-level security in the relational database world (though  
everything I find is patented).

Has this been done? By who? Got a link? :)

Any thoughts or pointers on this would be appreciated.

Best Regards,

Brian Manley
http://blog.triplescape.com

Received on Tuesday, 2 September 2008 17:56:04 UTC