You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@marmotta.apache.org by FRANCISCO XAVIER SUMBA TORAL <xa...@ucuenca.ec> on 2018/04/09 01:51:21 UTC
Define an access polycy
Hi,
I would like to query from Marmotta based on a triple level selection. This selection has to be done on access rights, said so, if a user has access to the data he’s querying, he can see results. In other words, how can I define a policy so users can query only data that belongs to them? Any suggestions?
I have some ideas that might be implemented as a new module but wanted to know if there might some performance or scalability problems.
1. Use named graphs, and a user has access only to his graph. However, it be hard to maintain if there are many users.
2. Define a security policy based on patterns. For this case, data would be into a single graph, the user sends his query, but before showing results some triples are filtered based on the patterns he has access to.
Has anyone come up with a similar use case with Apache Marmotta? Or any other ideas?
Regards,
Xavier.
Re: Define an access polycy
Posted by FRANCISCO XAVIER SUMBA TORAL <xa...@ucuenca.ec>.
Hi Sergio,
Thanks so much, I will look into it.
Xavier.
> On Apr 8, 2018, at 22:00, Sergio Fernández <wi...@apache.org> wrote:
>
> Hi,
>
> few years ago we explored that idea, using PPO at the time:
>
> https://bitbucket.org/srfgkmt/s-watchdog <https://bitbucket.org/srfgkmt/s-watchdog>
>
> The idea, although it worked, with an obvious impact on query tine, it never got beyond a student project. We never had user nor industrial interest on that research.
>
> But it you feel it has potential, you're more than welcome to resume that. The source code it's a bit old, but I think it could be adapted without much effort.
>
> Hope that helps.
>
> Cheers,
>
>
>
> On Sun, Apr 8, 2018, 18:51 FRANCISCO XAVIER SUMBA TORAL <xavier.sumba93@ucuenca.ec <ma...@ucuenca.ec>> wrote:
> Hi,
>
> I would like to query from Marmotta based on a triple level selection. This selection has to be done on access rights, said so, if a user has access to the data he’s querying, he can see results. In other words, how can I define a policy so users can query only data that belongs to them? Any suggestions?
>
> I have some ideas that might be implemented as a new module but wanted to know if there might some performance or scalability problems.
>
> 1. Use named graphs, and a user has access only to his graph. However, it be hard to maintain if there are many users.
> 2. Define a security policy based on patterns. For this case, data would be into a single graph, the user sends his query, but before showing results some triples are filtered based on the patterns he has access to.
>
> Has anyone come up with a similar use case with Apache Marmotta? Or any other ideas?
>
>
> Regards,
> Xavier.
Re: Define an access polycy
Posted by Sergio Fernández <wi...@apache.org>.
Hi,
few years ago we explored that idea, using PPO at the time:
https://bitbucket.org/srfgkmt/s-watchdog
The idea, although it worked, with an obvious impact on query tine, it
never got beyond a student project. We never had user nor industrial
interest on that research.
But it you feel it has potential, you're more than welcome to resume that.
The source code it's a bit old, but I think it could be adapted without
much effort.
Hope that helps.
Cheers,
On Sun, Apr 8, 2018, 18:51 FRANCISCO XAVIER SUMBA TORAL <
xavier.sumba93@ucuenca.ec> wrote:
> Hi,
>
> I would like to query from Marmotta based on a triple level selection.
> This selection has to be done on access rights, said so, if a user has
> access to the data he’s querying, he can see results. In other words, how
> can I define a policy so users can query only data that belongs to them?
> Any suggestions?
>
> I have some ideas that might be implemented as a new module but wanted to
> know if there might some performance or scalability problems.
>
> 1. Use named graphs, and a user has access only to his graph.
> However, it be hard to maintain if there are many users.
> 2. Define a security policy based on patterns. For this case, data
> would be into a single graph, the user sends his query, but before showing
> results some triples are filtered based on the patterns he has access to.
>
> Has anyone come up with a similar use case with Apache Marmotta? Or any
> other ideas?
>
>
> Regards,
> Xavier.