Re: Fuseki OIDC: OpenId authenticated Fuseki access

Thu, 30 May 2019 07:30:55 -0700 

Hi Reto,

Looks interesting.
Fuseki Main should be able to have the Shiro filter added to it which might be a easier way to build the server, rather than unpack/pack. 

Fuseki main does have read-level access control per graph:

https://jena.apache.org/documentation/fuseki2/data-access-control#graph-acl

including HTTPS support and endpoint access control.
In Fuseki, incepting add/remove Quad is enough though I am not sure about GSP - if the app POSTs to ?default then Fuseki does get the graph and insert data directly, which can bypass quad operations for some link-based datasets. 

    Andy

On 24/05/2019 15:46, Reto Gmür wrote:

Hi Jean-Claude

OpenID Connect is an identity layer on top of OAuth 2. Our solution includes a 
Fuseki DataSetAssembler that provides secured datasets, so it doesn't modifies 
Fuseki but merely provides an add-on. It also includes a Shiro 
AuthenticatingFilter  taking care of the authentication part. We provide a 
docker distribution of Fuseki with this add-ons.

Cheers,
Reto

-----Original Message-----
From: Jean-Claude Moissinac <jean-claude.moissi...@telecom-paristech.fr>
Sent: Friday, May 24, 2019 4:22 PM
To: users@jena.apache.org
Subject: Re: Fuseki OIDC: OpenId authenticated Fuseki access

Hi Reto

Interesting
I would like to support such access (or OAuth) Is your solution a modified 
version of Fuseki or the integration of some features via the Shiro support of 
fuseki?

Cheers

--
Jean-Claude Moissinac



Le ven. 24 mai 2019 à 15:56, Reto Gmür <r...@factsmission.com> a écrit :


Hi all,

At FactsMission we've been experimenting with controlling Fuseki
access with OpenID (OIDC) authentication and we would like to invite
you to try out the results and give us feedback.


   *   You may either set up your own instance using the code available
here: https://github.com/linked-solutions/fuseki-oidc
   *   Or, try out our demo-instance here:
https://fuseki-oidc-sample-client.factsmission.org/

While you'll need to set up an account to try it out, you can do so
with any fake email-address as verification is disabled.

Once you logged in with OIDC you will be able to read data from any
graph but only allowed to write to a specific graph associated with your 
account.
The motivation for this configuration is to allow guest-book style
(client-side) applications where user can add and edit entries in
their personal graph and see the entries from any graph.

Let me know if you find this useful or if we missed something.

Cheers,
Reto

Reply via email to