Re: SPARQL Security - Best Practices?

Damian Steer wrote:

> 
> So, as you suggest, we use graphs as the basis. We then mix in a 
> function P(A,G) => boolean, which tells us whether user A has permission 
> to query G. (or, indeed, to write or delete)
> 
[...]
> 
> SELECT ?privateinfo WHERE { :damian :knows ?privateinfo }
> 
> becomes
> 
> SELECT ?privateinfo WHERE { GRAPH ?g { :damian :knows ?privateinfo } 
> FILTER (?g = <allowed> || ?g = <alsoallowed>) } # please forgive my 
> syntax here
>

Hi,

do you have some strategy to manage a use case like "N results exist, 
but you are authorized to see only k of them?".

Moreover, I wonder if someone have ideas about mixing access to 
explicitly declared triples and inferred statements. For instance, if a 
triple is entailed by other triples the user hasn't access to, one 
should decide if the inferred triple is accessible (e.g.: is at the same 
level of details of the premise) or not (e.g.: the consequence 
represents an aggregate information).

-- 

===============================================================================
Marco Brandizi <brandizi@ebi_NOSPAM_ac.uk>

NET Project - Software Engineer
http://www.ebi.ac.uk/net-project

European Bioinformatics Institute
Hinxton, CB10 1SD, United Kingdom
Office A3141

Received on Friday, 5 September 2008 07:51:58 UTC