search

jmvanel / semantic_forms

Form generators leveraging semantic web standards (RDF(S), OWL, SPARQL , ...
Other
75 stars 23 forks source link

multi-user access control #3

Open jmvanel opened 9 years ago

jmvanel commented 9 years ago

One use case is switching to a classical CMS workflow, where article proposals are only visible by content managers.

User U1 must not be able to access data of user U2. We don't need for now a complete Access Control mechanism, like in Virtuoso. A simple API must give access to a Banana-RDF graph store ( dataset ) that contains only data of user U1, and contains also background knowledge and ontologies. This way, it is not possible that a badly writen SPARQL query accesses data of other users. This API could leverage on this utility to create such an in-memory graph store:

trait DatasetUtils[Rdf <: RDF]
    extends DatasetFactory
    with RDFOpsModule {

  /** merge given datasets */
  def merge(datasets: Seq[Dataset]) : GraphStore[Rdf, Try, Dataset]= {

This API could be:

    def makeUserDataset( userURI:string ) : GraphStore[Rdf, Try, Dataset]
jmvanel commented 9 years ago

There is a nice security implementation for Jena, that work as a interceptor wrapper that calls an application provided check for graph and then for each triple : https://jena.apache.org/documentation/security/

This URL has disappeared, but there is: https://jena.apache.org/documentation/permissions/ and this in Fuseki: https://jena.apache.org/documentation/fuseki2/fuseki-security.html

The performance is of course diminished, but not too much if putting restrictions at graph level only. This wrapper architecture could be put into Banana-RDF .

jmvanel commented 9 years ago

What has been done for project https://github.com/jmvanel/corporate_risk should be made modular and reusable.

jmvanel commented 7 years ago

This use case surfaced recently;