Modeling User Privacy with Jena Models

[Rob Stewart <ro...@googlemail.com>]

Hi,

I've been using Jena APIs for some time now, and I have a query
regarding Jena Models, and their possible purpose as a mechanism for
providing separation in our User profiles store.

Currently, our implementation, which holds non-real date, uses mySql
to persist Jena Models, which are updated via RESTful web services.
There is a Joseki SPARQL endpoint linked with this mySql database. The
RDF triples in the data store are about all of our users
(hypothetically). The Jena model, I have called "UserProfiles".

This, clearly is not satisfactory. The SPARQL endpoint does not
require authentication, OAuth etc.. and even if it did, it provides
access to all the data in the RDF store. No privacy concerns at all!

I have been thinking about various ways we might want to implement our
privacy. Firstly, related to Jena:
- What would be the benefits of giving every user in our system a Jena
Model. Rather than one model: "UserProfiles", we might use
"JoeBloggs123"
--> I might see how we'd then implement RESTful queries so that it
only mutates one Jena Model, of the many that exist
--> It is far less clear how we would restrict SPARQL queries to just
one Jena Model. My suspicion is that this would not be possible.

--------
So my other alternatives to using Jena Models, would be to have
another look at how one could apply security controls and priacy
mechanisms on RDF stores. And how one would make those policies
applicable to both SPARQL queries and RESTful web services.

- Is there de-facto way of handling privacy and security on RDF stores?
- Might Jena Models help? If not, what are Jena Models actually useful for?

Thanks,

--
Rob Stewart