Re: SPARQL Security - Best Practices?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 2 Sep 2008, at 22:15, Richard Newman wrote:

> One issue I have encountered in the past is that a query like
>
>  SELECT * {
>    GRAPH ?g {
>      ?s foo:bar ?baz ;
>         zob:zab ?bing .
>    }
>    FILTER (allowed(?g))
>  }
>
> will only return answers where *both* triple patterns match in the  
> same permitted graph.

That seems fairly obvious to me, but you're right that the named graph  
store + access control I mentioned looks like a triple store but  
really isn't because of this case. For our use case it doesn't matter,  
happily.

>
>  SELECT *
>  FROM <allowed-1>
>  FROM <allowed-2>
>  ...
>  WHERE {
>    ?s foo:bar ?baz ;
>       zob:zab ?bing .
>  }
>
> but that means the query is specific to the user (or you have to use  
> out-of-band dataset selection).

This is one of the reasons we aren't FILTERing graphs in the query.  
Probably a premature optimisation, but they make life more rewarding.

> A couple of years ago I was working on a system that very heavily  
> used very complex access control. My ultimate conclusion was that  
> standard SPARQL was not very well suited to this kind of thing.  
> That's an interesting conclusion for a SPARQL implementor to draw,  
> but there you are :)

Are any query languages suited to this?

Damian

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAki9vTUACgkQAyLCB+mTtyk4kQCg+1jFG7R85sLcMuCnfCczPvvi
dwYAnAuB/odovRgK/8zZAfZSEta9dft6
=rcGm
-----END PGP SIGNATURE-----

Received on Tuesday, 2 September 2008 22:25:45 UTC