Original title/scope was "Prevent the lux-endpoint-consumer role from executing arbitrary SPARQL queries" but that is really just an example. Broader scope would be to only expose the endpoints we intend middle tiers to consume.
The initial idea was to take the rest-reader role away from the lux-endpoint-consumer role, yet that is likely too restrictive.
Alternative ideas are documented in /docs/lux-backend-security-and-software.md#endpoint-consumer.
Original title/scope was "Prevent the lux-endpoint-consumer role from executing arbitrary SPARQL queries" but that is really just an example. Broader scope would be to only expose the endpoints we intend middle tiers to consume.
The initial idea was to take the rest-reader role away from the lux-endpoint-consumer role, yet that is likely too restrictive. Alternative ideas are documented in /docs/lux-backend-security-and-software.md#endpoint-consumer.