Re: Safe manipulation of RDF data

Hi Mikael,

I guess it depends on exactly what your requirements are. For instance, you might want to limit access to particular parts of the dataset, offering different views depending upon the security clearance of a given client. Another concern might be in respect to denial of service attacks through malicious choices of queries.

Another way of thinking about this relates to contracts between the supplier and consumer of information services. The contract could specify the precise interfaces to be exposed to the consumer, along with terms and conditions for the use of this information. The Web of Things could be helpful as it allows the supplier to use JSON-LD  to describe the interfaces in terms of objects with properties, actions and events, which are exposed locally to the client code running in the consumer’s machine.

Graph shapes could be a useful component for specifying contracts, e.g. SHACL or ShEx, as they allow you to define validity constraints for data exchanged between the supplier and consumer.

I would like to encourage more work on open standards for open markets for information services, including standards relating to smart contracts, service discovery, service management and automatic security updates for application software.

Best regards,
Dave

> On 6 Sep 2019, at 14:17, Mikael Pesonen <mikael.pesonen@lingsoft.fi> wrote:
> we are developing a public javascript / React application which manipulates RDF data on a triplestore (Jena).
> For security reasons it is not feasible to allow the application to make direct queries to the triplestore.
> 
> What kind of strategies and implementations there are to tackle this? Some kind of middleware should be needed and Linked data Fragments is one standard that comes to mind.

Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett
W3C Data Activity Lead & W3C champion for the Web of things

Received on Tuesday, 10 September 2019 10:11:58 UTC