Policy-Based Access Control for an RDF Store
No Thumbnail Available
Permanent Link
Author/Creator
Author/Creator ORCID
Date
2007-01-07
Type of Work
Department
Program
Citation of Original Publication
Rights
This item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.
Abstract
Specialized stores for RDF data are essential parts of many Semantic Web applications. Current RDF stores have primarily focused on efficiently storing and querying large volumes of data and little attention has been given other features common to many database systems, including how information can updated and maintained or access to data controlled. The problem is complicated by the fact that the addition or deletion of a simple fact (i.e., an RDF triple) are not atomic since they can trigger reasoning that can result in adding or deleting derived triples. Current access control mechanisms for RDF stores largely ignore this aspect.
We describe a policy based mechanism to determine access control for an RDF store. RAP is a prototype implementation of an RDF store with integrated maintenance capabilities and access control using user defined policies. All actions to the store are routed through RAP policy engine, to determine whether the action is permitted or prohibited. In the RAP framework, the same RDF store is also used to store the policy, as well as metadata about the triples, allowing greater range in policy specification.