Access Control for HTTP Operations on Linked Data

Access control is a recognized open issue when interacting with RDF using HTTP methods. In literature, authentication and authorization mechanisms either introduce undesired complexity such as SPARQL and ad-hoc policy languages, or rely on basic access control lists, thus resulting in limited policy expressiveness. In this paper we show how the Shi3ld attribute-based authorization framework for SPARQL endpoints has been progressively converted to protect HTTP operations on RDF. We proceed by steps: we start by supporting the SPARQL 1.1 Graph Store Protocol, and we shift towards a SPARQL-less solution for the Linked Data Platform. We demonstrate that the resulting authorization framework provides the same functionalities of its SPARQL-based counterpart, including the adoption of Semantic Web languages only.

[1]  Eduardo B. Fernández,et al.  A Pattern System for Access Control , 2004, DBSec.

[2]  Fausto Giunchiglia,et al.  Ontology Driven Community Access Control , 2008, SPOT@ESWC.

[3]  Serena Villata,et al.  Context-Aware Access Control for RDF Graph Stores , 2012, ECAI.

[4]  Antonio Corradi,et al.  Context-based access control management in ubiquitous environments , 2004, Third IEEE International Symposium on Network Computing and Applications, 2004. (NCA 2004). Proceedings..

[5]  Catherine Faron-Zucker,et al.  The KGRAM Abstract Machine for Knowledge Graph Querying , 2010, 2010 IEEE/WIC/ACM International Conference on Web Intelligence and Intelligent Agent Technology.

[6]  Enrico Motta,et al.  The Semantic Web - ISWC 2005, 4th International Semantic Web Conference, ISWC 2005, Galway, Ireland, November 6-10, 2005, Proceedings , 2005, SEMWEB.

[7]  Grigoris Antoniou,et al.  Controlling Access to RDF Graphs , 2010, FIS.

[8]  Bhavani M. Thuraisingham,et al.  ROWLBAC: representing role based access control in OWL , 2008, SACMAT '08.

[9]  Yu Cheng,et al.  A Semantic Context-Based Model for Mobile Web Services Access Control , 2011 .

[10]  Anind K. Dey,et al.  Understanding and Using Context , 2001, Personal and Ubiquitous Computing.

[11]  Lalana Kagal,et al.  A Semantic Context-Aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments , 2006, SEMWEB.

[12]  Mark Giereth,et al.  On Partial Encryption of RDF-Graphs , 2005, SEMWEB.

[13]  Gregory D. Abowd,et al.  Securing context-aware applications using environment roles , 2001, SACMAT '01.

[14]  Alfons H. Salden,et al.  Context sensitive access control , 2005, SACMAT '05.

[15]  Kurt Tutschku,et al.  Future Internet - FIS 2010 - Third Future Internet Symposium, Berlin, Germany, September 20-22, 2010. Proceedings , 2010, FIS.

[16]  Stefan Decker,et al.  An Access Control Framework for the Web of Data , 2011, 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications.

[17]  Hannes Mühleisen,et al.  SWRL-based Access Policies for Linked Data , 2010 .

[18]  Dean Allemang,et al.  The Semantic Web - ISWC 2006, 5th International Semantic Web Conference, ISWC 2006, Athens, GA, USA, November 5-9, 2006, Proceedings , 2006, SEMWEB.

[19]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[20]  Matt Duckham,et al.  Moving forward: location privacy and location awareness , 2010, SPRINGL '10.

[21]  Nicola Henze,et al.  Enabling Advanced and Context-Dependent Access Control in RDF Stores , 2007, ISWC/ASWC.

[22]  John Krumm,et al.  A survey of computational location privacy , 2009, Personal and Ubiquitous Computing.

[23]  Anand R. Tripathi,et al.  Context-aware role-based access control in pervasive computing systems , 2008, SACMAT '08.

[24]  Nora Cuppens-Boulahia,et al.  Modeling contextual security policies , 2008, International Journal of Information Security.

[25]  Joe Presbrey,et al.  Using RDF Metadata To Enable Access Control on the Social Semantic Web , 2009 .