On 2/15/11 9:29 AM, William Waites wrote:
* [2011-02-15 09:02:54 -0500] Kingsley Idehen<kide...@openlinksw.com> écrit:
]
] A DBMS User inside Virtuoso is associated with a WebID. Thus, you have
] SQL Users or SQL Users associated with WebID re. how DBMS object
] privileges are handled.
Sure, that's identification. It's the ACL that I'm concerned
with if the ACL is complicated.
It's going to be a complicated SPARQL ASK, beyond the core SPARQL SELECT
that matches the WebID to its Profile Doc hosted Public Key.
We are also going to showcase complicated ACLs based on SPARQL that
augment the basic verification aspect of WebID. Basically, we have a
data access Rule Book (an Ontology) that's always been an integral part
of our Multi-Tier UDA Drivers (ODBC, JDBC, OLEDB, ADO.NET etc..), and
this will showcase complex ACLs rules once we're done with imminent
commercial and VOS update releases.
] You can have Partitions (Named Graphs) with records for #Kingsley that
] cover his blogs, wikis etc. You can have another Partition covering HR
] records for #Kingsley where property values may include Salary, National
] Insurance Number etc..
]
] ...
]
] Do you mean Named Graph? Basically, you have an IRI for each of the
] Graphs associated with the records/triples you mention above?
Yes. The graphs are small and each contain triples directly
relevant to what is treated as an "object" at the webapp
level.
There are two reasons for this. The first is relating to
what happens when you dereference a URI. The webapp just
pulls the graph named with that URI and gives it back in
its entirety. This could be emulated by instead doing a
symmetric-bounded-concise-description except for what
happens when a write operation is performed. We have a
requirement for keeping change history. So when you
save a graph, a diff is done and saved. Because the
graphs relate to an object you can walk the object's
change history, undo changes, etc.. Because graph diffs
are expensive it is also best to keep the graphs small.
Maybe this could also be done by performing the diffs
on the stored and new SBCD...
Potentially a usecase example for Virtuoso's graph level delta handling
capability. Thus, I am adding this to the todo re. Graph Level Security
via ACLs effort under heading: Graph Deltas Handling.
Cheers,
-w
--
Regards,
Kingsley Idehen
President& CEO
OpenLink Software
Web: http://www.openlinksw.com
Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca: kidehen