I'm engaged ($job) in building a Fuseki with data-level access control.
It's using thing the existing TDB (1 and 2) filter mechanism so that
triples and quads are filtered out at the lowest level during a SPARQL
query, GSP graph GET or getting the whole database.
Access control is by graph (named or default) and works for the union
default graph in that it is the union only of visible named graphs. It
isn't controllable itself (currently?).
Efficiency is important.
It's made easier because the use case is read-only - updates happen via
a different path and are service-access secured.
Does anyone have other use cases in this general area?
While I have to meet the requirements for read-data-access control, the
framework can be at least designed with other cases in mind.
The permissions framework might have a role for the update part of
changes although at the moment full SPARQL Update isn't needed.
Andy
