W3C home > Mailing lists > Public > semantic-web@w3.org > September 2019

Re: Safe manipulation of RDF data

From: Mikael Pesonen <mikael.pesonen@lingsoft.fi>
Date: Tue, 10 Sep 2019 13:24:51 +0300
To: Dave Raggett <dsr@w3.org>
Cc: semantic-web@w3.org
Message-ID: <f2b2c264-ad5f-13d3-aa4a-11bb03bd2b7f@lingsoft.fi>

Very much agree on this, there are some standards but they are a bit 
scattered and not working optimally together.

We are just designing the framework for building various kinds of apps. 
It has the components
js/REACT web app -- middleware / proxy -- Apache Jena
First app will have input forms and we are doing data validation using 
SHACL. Now that you mentioned, SHACL rules could be used also as a 
proxy, so that's an option too. There are just not too many examples of 

On 10/09/2019 13:11, Dave Raggett wrote:
> Hi Mikael,
> I guess it depends on exactly what your requirements are. For instance, you might want to limit access to particular parts of the dataset, offering different views depending upon the security clearance of a given client. Another concern might be in respect to denial of service attacks through malicious choices of queries.
> Another way of thinking about this relates to contracts between the supplier and consumer of information services. The contract could specify the precise interfaces to be exposed to the consumer, along with terms and conditions for the use of this information. The Web of Things could be helpful as it allows the supplier to use JSON-LD  to describe the interfaces in terms of objects with properties, actions and events, which are exposed locally to the client code running in the consumer’s machine.
> Graph shapes could be a useful component for specifying contracts, e.g. SHACL or ShEx, as they allow you to define validity constraints for data exchanged between the supplier and consumer.
> I would like to encourage more work on open standards for open markets for information services, including standards relating to smart contracts, service discovery, service management and automatic security updates for application software.
> Best regards,
> Dave
>> On 6 Sep 2019, at 14:17, Mikael Pesonen <mikael.pesonen@lingsoft.fi> wrote:
>> we are developing a public javascript / React application which manipulates RDF data on a triplestore (Jena).
>> For security reasons it is not feasible to allow the application to make direct queries to the triplestore.
>> What kind of strategies and implementations there are to tackle this? Some kind of middleware should be needed and Linked data Fragments is one standard that comes to mind.
> Dave Raggett <dsr@w3.org> http://www.w3.org/People/Raggett
> W3C Data Activity Lead & W3C champion for the Web of things

Lingsoft - 30 years of Leading Language Management


Speech Applications - Language Management - Translation - Reader's and Writer's Tools - Text Tools - E-books and M-books

Mikael Pesonen
System Engineer

e-mail: mikael.pesonen@lingsoft.fi
Tel. +358 2 279 3300

Time zone: GMT+2

Helsinki Office
Eteläranta 10
FI-00130 Helsinki

Turku Office
Kauppiaskatu 5 A
FI-20100 Turku
Received on Tuesday, 10 September 2019 10:25:19 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:51:38 UTC