Open tmillross opened 5 years ago
are we making user credentials? it might be optimal to at least have one level for simple querying for both the api side as well as for testing on the triplestore side. it can also be used by other people to validate that the data and ontology schema was entered properly. I'm not sure how to do this though. haven't really worked with limiting access to jena.
was thinking of a generic credential user that is only for querying so that it doesn't mess up what's already in the data store once we have data there (as they usually do when testing regular databases). it will make testing safer (rather than having to reup the data everytime something messes up).
I'm not sure how to do this though
If you're happy to learn a little on this topic @mmr2187 and feedback the steps we require, that'd be really helpful! The links in my first comment could be a good starting place. What d'ya reckon?
Requirements
In general, we want to enable public read-access (as a SPARQL endpoint). Including queries from the web-all widget.
In the case of abuse or overuse, we may need to restrict access to only the widget.
Write access should always be restricted to:
At the moment, the devs and CI use the same account. There is only the administrator login. Tom and Tomas have the details (ask us if needed).
Open Challenge
How can we manage the permissions model described above with our Aalborg Server & Jena-Fuseki instance?
Some ideas/notes
https://jena.apache.org/documentation/fuseki2/fuseki-security.html
Perhaps the default configuration described at that page is already satisfactory??
https://shiro.apache.org/configuration.html#Configuration-INISections We can add static usernames and passwords in the file described here. Can also configure hashing etc. so they're not stored there in plaintext.
https://jena.apache.org/documentation/permissions/
https://jena.apache.org/documentation/permissions/example.html
Is there an easier/better way to meet the requirements than described in these documents?
Is anyone able to take on this task?
Part of #1