Hi Andy,
Could you say somnthing about the usage patterns you are interested
in supporting? Size of data? Query load?
Shiro will do the authentication and API security for authorization.
To get the access control on parts of the overall data, do you split
the data into separate triplestores? Do you use the per-graph access
control of Jena to get data level security?
The per-graph access control works if (1) you can manage the data
that way with named graphs and (2) the access control is user, or
role, based.
I Think we will use both dataset and named graph to control data access.
My main problem here is:
1. the documentation of apache apche shiro-Jena is more close to at
devloper level than user level.
2. How to combine Keycloack (our global IAM) with Shiro, as we have
multiple internal services and multiple external organization. We use
Keycloack and AD/LDAP group to manage their roles.
