On 1/5/09 1:55 PM, Luke McCarthy wrote:
Hi there,
I'm looking for a more fine-grained way to control read/write access on
the Virtuoso SPARQL endpoint. At the moment, I have two web-based
applications using the same Virtuoso triple store, accessed through the
SPARQL endpoint. One of these applications needs to be able to modify
data in the triple store and one does not.
So, is it possible to protect only a subset of data in the triple store
from being modified or deleted? The logical division is at the graph
level, but I'd be happy with anything.
In my search for a solution, I came across the following snippet:
"you have to take away SPARQL_UPDATE away from user SPARQL and then
assign this to a secure User or Role. Once assigned you can then create
a different SPARQL endpoint (for controlled access) that is then
associated with the secure User"
In the solution described above, is it the case that both SPARQL
endpoints have access to the same data? If so, this isn't really a
viable solution to my problem, since the one application could still
(accidentally or maliciously) delete data the other application depended
on.
Currently, what we're doing is running two separate instances of
Virtuoso, but this is cumbersome and I'd really hoped to replace it with
some sort of finer-grained permission. Any ideas?
Luke,
Here are some options (more granularity re. security is coming):
1. Partition you data across name graphs and then make a SPARQL endpoint
that is bound to each graph
2. Set SPARQL_UPDATE privileges for the accounts associated with the
endpoint
We also have OAuth+SPARQL [1], so you can also apply this to the above
i.e. user accounts associated with SPARQL endpoints end up using
consumer tokens when speaking SPARQL over the SPARQL protocol.
Another option is to create virtual information resources for the Named
Graphs using Virtuoso's DET feature (how we make anything look like a
WebDAV resource). And then you can use Virtuoso DAV ACL functionality to
control access modes to the DET. The only problem with DETs is that
this requires you to understand how these are created and our published
documentation is scant right now :-(
Links:
1. http://virtuoso.openlinksw.com/dataspace/dav/wiki/Main/VirtOAuthSPARQL
Kingsley
Thanks,
Luke
------------------------------------------------------------------------------
_______________________________________________
Virtuoso-users mailing list
Virtuoso-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/virtuoso-users
--
Regards,
Kingsley Idehen Weblog: http://www.openlinksw.com/blog/~kidehen
President& CEO
OpenLink Software Web: http://www.openlinksw.com
