Data Access Security for Fuseki.

[Andy Seaborne <an...@apache.org>]

I'm engaged ($job) in building a Fuseki with data-level access control. 
It's using thing the existing TDB (1 and 2) filter mechanism so that 
triples and quads are filtered out at the lowest level during a SPARQL 
query, GSP graph GET or getting the whole database.

Access control is by graph (named or default) and works for the union 
default graph in that it is the union only of visible named graphs.  It 
isn't controllable itself (currently?).

Efficiency is important.

It's made easier because the use case is read-only - updates happen via 
a different path and are service-access secured.

Does anyone have other use cases in this general area?

While I have to meet the requirements for read-data-access control, the 
framework can be at least designed with other cases in mind.

The permissions framework might have a role for the update part of 
changes although at the moment full SPARQL Update isn't needed.

     Andy