Successfully reported this slideshow.

Access Control for HTTP Operations on Linked Data

3

Share

May. 30, 2013
3 likes 1,797 views
Upcoming SlideShare
Practical Elasticsearch - real world use cases
Practical Elasticsearch - real world use cases
Loading in …3
×
1 of 31
1 of 31

Access Control for HTTP Operations on Linked Data

May. 30, 2013
3 likes 1,797 views

3

Share

Download to read offline

Technology Business

Shi3ld is an access control module for enforcing authorization on triple stores. Shi3ld protects SPARQL queries and HTTP operations on Linked Data and relies on attribute-based access policies.

http://wimmics.inria.fr/projects/shi3ld-ldp/

Shi3ld comes in two flavours: Shi3ld-SPARQL, designed for SPARQL endpoints, and Shi3ld-HTTP, designed for HTTP operations on triples.

SHI3LD for HTTP offers authorization for read/write HTTP operations on Linked Data. It supports the SPARQL 1.1 Graph Store Protocol, and the Linked Data Platform specifications.

Shi3ld is an access control module for enforcing authorization on triple stores. Shi3ld protects SPARQL queries and HTTP operations on Linked Data and relies on attribute-based access policies.

http://wimmics.inria.fr/projects/shi3ld-ldp/

Shi3ld comes in two flavours: Shi3ld-SPARQL, designed for SPARQL endpoints, and Shi3ld-HTTP, designed for HTTP operations on triples.

SHI3LD for HTTP offers authorization for read/write HTTP operations on Linked Data. It supports the SPARQL 1.1 Graph Store Protocol, and the Linked Data Platform specifications.

Technology Business
License: CC Attribution-NoDerivs License

Recommended

More Related Content

Viewers also liked

The ultimate guide for Elasticsearch plugins
Itamar
Cool bonsai cool - an introduction to ElasticSearch
clintongormley
Battle of the Giants - Apache Solr vs. Elasticsearch (ApacheCon)
Sematext Group, Inc.
Approaching Join Index: Presented by Mikhail Khludnev, Grid Dynamics
Lucidworks
Analyzing Log Data With Apache Spark
Spark Summit
Battle of the Giants round 2
Rafał Kuć
BeJUG JAX-RS Event
Stephan Janssen
Use Cases for Elastic Search Percolator
Maxim Shelest
Riak Intro at Munich Node.js
Philipp Fehre
Introduction to Elasticsearch
Jason Austin
State-of-the-Art Drupal Search with Apache Solr
guest432cd6
ElasticSearch AJUG 2013
Roy Russo
2015.03 - The RDF Validator - A Tool to Validate RDF Data (KIM)
Dr.-Ing. Thomas Hartmann
JeeConf 2018 - The anatomy of Spring Data
Maksym Govorischev
ElasticSearch - Introduction to Aggregations
enterprisesearchmeetup
Hypermedia-driven Web Services with Spring Data REST
Sofiia Vynnytska
Test Driven Documentation with Spring Rest Docs
Roman Tsypuk
Your Data, Your Search, ElasticSearch (EURUKO 2011)
Karel Minarik
Implementing Authorization
Torin Sandall

Similar to Access Control for HTTP Operations on Linked Data

Context-Aware Access Control and Presentation of Linked Data
Luca Costabello
4 sw architectures and sparql
Mariano Rodriguez-Muro
Class 2 advanced topics in semantic web cs 7820 01 (3)
Amélie Gyrard
Automatic Query-Centric API for Routine Access to Linked Data
Albert Meroño-Peñuela
My app is secure... I think
Wim Godden
VocBench 2.0: A Web Application for Collaborative Development of Multilingual...
AIMS (Agricultural Information Management Standards)
An Introduction to Semantic Web Technology
Ankur Biswas
Why do they call it Linked Data when they want to say...?
Oscar Corcho
InterPlanetary Wayback: Peer-To-Peer Permanence of Web Archives
Sawood Alam
rbacDSL - slides from Code Generation 2014
Lionel Montrieux
Querying Linked Data with SPARQL
Olaf Hartig
SPARQL 1.1 Update (2013-03-05)
andyseaborne
HTTP/2: What no one is telling you
Fastly

More from Luca Costabello

Machine Learning on Knowledge Graphs: a Quick Tour of Knowledge Graph Embeddings
Luca Costabello
Traffic Analytics for Linked Data Publishers
Luca Costabello
Error-Tolerant RDF Subgraph Matching for Adaptive Presentation of Linked Data...
Luca Costabello
Linked Data Access Goes Mobile: Context Aware Authorization for Graph Stores
Luca Costabello
PRISSMA, Towards Mobile Adaptive Presentation of the Web of Data
Luca Costabello
Time Based Cluster Analysis for Automatic Blog Generation
Luca Costabello

Featured

What to Upload to SlideShare
SlideShare
Be A Great Product Leader (Amplify, Oct 2019)
Adam Nash
Trillion Dollar Coach Book (Bill Campbell)
Eric Schmidt
APIdays Paris 2019 - Innovation @ scale, APIs as Digital Factories' New Machi...
apidays
A few thoughts on work life-balance
Wim Vanderbauwhede
Is vc still a thing final
Mark Suster
The GaryVee Content Model
Gary Vaynerchuk
Mammalian Brain Chemistry Explains Everything
Loretta Breuning, PhD
Blockchain + AI + Crypto Economics Are We Creating a Code Tsunami?
Dinis Guarda
The AI Rush
Jean-Baptiste Dumont
AI and Machine Learning Demystified by Carol Smith at Midwest UX 2017
Carol Smith
10 facts about jobs in the future
Pew Research Center's Internet & American Life Project
Harry Surden - Artificial Intelligence and Law Overview
Harry Surden
Inside Google's Numbers in 2017
Rand Fishkin
Pinot: Realtime Distributed OLAP datastore
Kishore Gopalakrishna
How to Become a Thought Leader in Your Niche
Leslie Samuel
Visual Design with Data
Seth Familian
Designing Teams for Emerging Challenges
Aaron Irizarry
UX, ethnography and possibilities: for Libraries, Museums and Archives
Ned Potter
Winners and Losers - All the (Russian) President's Men
Ian Bremmer

Related Books

Free with a 14 day trial from Scribd

See all
The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis
(4.5/5)
Free
SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman
(5/5)
Free
From Gutenberg to Google: The History of Our Future Tom Wheeler
(3.5/5)
Free
Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos
(4/5)
Free
So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer
(3.5/5)
Free
Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine
(4/5)
Free
Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns
(5/5)
Free
No Filter: The Inside Story of Instagram Sarah Frier
(4.5/5)
Free
Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin
(4/5)
Free
Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein
(4.5/5)
Free
Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder
(4/5)
Free
Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz
(4.5/5)
Free
Believe IT: How to Go from Underestimated to Unstoppable Jamie Kern Lima
(4.5/5)
Free
We Should All Be Millionaires: A Woman’s Guide to Earning More, Building Wealth, and Gaining Economic Power Rachel Rodgers
(4.5/5)
Free
Authentic: A Memoir by the Founder of Vans Louise Maclellan
(4.5/5)
Free
Made in China: A Prisoner, an SOS Letter, and the Hidden Cost of America's Cheap Goods Amelia Pang
(4.5/5)
Free

Related Audiobooks

Free with a 14 day trial from Scribd

See all
The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy
(4.5/5)
Free
An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel
(4.5/5)
Free
A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage
(4/5)
Free
Driven: The Race to Create the Autonomous Car Alex Davies
(4.5/5)
Free
Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle
(5/5)
Free
Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier
(4/5)
Free
Second Nature: Scenes from a World Remade Nathaniel Rich
(5/5)
Free
After Steve: How Apple Became a Trillion-Dollar Company and Lost its Soul Tripp Mickle
(4.5/5)
Free
Dignity in a Digital Age: Making Tech Work for All of Us Ro Khanna
(4/5)
Free
Einstein's Fridge: How the Difference Between Hot and Cold Explains the Universe Paul Sen
(4.5/5)
Free
User Friendly: How the Hidden Rules of Design Are Changing the Way We Live, Work, and Play Cliff Kuang
(4.5/5)
Free
A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind
(4.5/5)
Free
Uncanny Valley: A Memoir Anna Wiener
(4/5)
Free
Blockchain: The Next Everything Stephen P. Williams
(4/5)
Free
Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr
(4.5/5)
Free
Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich
(4.5/5)
Free

Access Control for HTTP Operations on Linked Data

  1. 1. Access Control for HTTP Operations on Linked Data ! Luca  Costabello   Serena  Villata   Oscar  Rodriguez  Rocha   Fabien  Gandon  
  2. 2. Outline! ●  Introduction" ●  Shi3ld Authorization Procedure" ●  Shi3ld for HTTP: Scenarios" ●  Response Time Evaluation" ●  Future Work"
  3. 3. Outline! ●  Introduction! ●  Shi3ld Authorization Procedure! ●  Shi3ld for HTTP: Scenarios" ●  Response Time Evaluation" ●  Future Work"
  4. 4. Accessing Linked Data! ●  HTTP URIs dereferencing" ●  SPARQL queries" ●  RDFa, search engines APIs"
  5. 5. Accessing Linked Data! ●  HTTP URIs dereferencing! ●  SPARQL queries" ●  RDFa, search engines APIs" GET /data/resource HTTP/1.1! Host: example.org! ...!
  6. 6. Our Problem! 6   How to design an authorization framework for HTTP interaction with Linked Data? " GET /data/resource HTTP/1.1! Host: example.org! Authorization: ...!
  7. 7. Access Control for Triple Stores! 7 HTTP   Interac:on   A<ribute-­‐ Based  AC   Model   Policies  in   RDF/SPARQL   Resource-­‐level   Granularity   Context   Awareness   Shi3ld-­‐SPARQL  [2012]   WAC  [2007]   Proteus [2006]   Abel et al. [2007]   Finin et al. [2008]   Flouris et al. [2010]   PPO  [2011]  
  8. 8. 8   SELECT … ! WHERE {…}! Our Proposal: ! Adapting Shi3ld-SPARQL to HTTP!
  9. 9. 9   GET /data/resource HTTP/1.1! Host: example.org! Authorization: ...! Our Proposal: ! Adapting Shi3ld-SPARQL to HTTP!
  10. 10. Outline! ●  Background" ●  Shi3ld Authorization Procedure" ●  Adapting Shi3ld-SPARQL to HTTP! ●  Response Time Evaluation" ●  Future Work"
  11. 11. Shi3ld Access Policy! 11   AccessConditionSet AccessPolicy hasContext AccessPrivilege hasAccessPrivilege appliesTo UserDevice Environment Context environmentdevice user hasAccessConditionSet AccessCondition hasAccessCondition Two “Styles” for Access Conditions" ●  SPARQL-based" ●  SPARQL-less"
  12. 12. Sample Access Policy (SPARQL-based)! 12   :policy1 a s4ac:AccessPolicy; ! s4ac:appliesTo :resource; ! s4ac:hasAccessPrivilege s4ac:Read;! s4ac:hasAccessConditionSet :acs1.! ! :acs1 a s4ac:AccessConditionSet; ! s4ac:hasAccessCondition :ac1.! ! :ac1 a s4ac:AccessCondition;! ! s4ac:hasQueryAsk ! !"""ASK ! ! !{?ctx a prissma:Context; ! ! ! ! prissma:environment ?env;! ! ! prissma:user <http://example.org/john.rdf#me>. ! ! !?env prissma:currentPOI ?poi. ! ! !?poi prissma:based_near ?p.! ! !?p geo:lat ?lat;geo:lon ?lon.! ! !FILTER(((?lat-45.8483) > 0 && (?lat-45.8483) < 0.5! ! !|| (?lat-45.8483) < 0 && (?lat-45.8483) > -0.5)! ! !&& ((?lon-7.3263) > 0 && (?lon-7.3263) < 0.5 ! ! !|| (?lon-7.3263) < 0 && (?lon-7.3263) > -0.5 ))}""".! Protected resource Access Condition to be verified: «User must be John and request must come from a specific location»
  13. 13. Sample Access Policy (SPARQL-less)! 13   :policy1 a s4ac:AccessPolicy; ! s4ac:appliesTo :resource; ! s4ac:hasAccessPrivilege s4ac:Read;! s4ac:hasAccessConditionSet :acs1.! ! :acs1 a s4ac:AccessConditionSet; ! s4ac:hasAccessCondition :ac1.! ! :ac1 a s4ac:AccessCondition;! ! s4ac:hasContext :ctx1.! ! :ctx1 a prissma:Context;! !prissma:user <http://example.org/john.rdf#me>;! !prissma:environment :env1.! ! :env1 a prissma:Environment;! prissma:nearbyEntity <http://alice.org#me>.! Protected resource Access Condition to be verified: «User must be John and Alice must be nearby»
  14. 14. 14   Authorization Procedure
 ! 1. Adding Client Attributes to HTTP operation" 2. Access Conditions Execution! 3. HTTP Response Construction!
  15. 15. Authorization Procedure
 ! 15   GET /data/resource HTTP/1.1! Host: example.org! Authorization: Shi3ld <...>! 1. Adding Client Attributes to HTTP operation" 2. Access Conditions Execution" 3. HTTP Response Construction" UserDevice Environment Context environmentdevice user <http://carl-johnson.org#me> :env_AC1 <http://alice.org#me> p:nearbyEntity p:user p:environment p:nearbyEntity :ctx_AC1 foaf:gender "male"
  16. 16. Authorization Procedure (SPARQL-based)
 ! 16   1. Adding Client Attributes to HTTP operation" 2. Access Conditions Execution! 3. HTTP Response Construction" ASK {?context ! a prissma:Context; ! prissma:user ex:john.} ! =  "false"   VALUES (?context) {(:client_attributes)}! GET /data/resource HTTP/1.1! Host: example.org! Authorization: Shi3ld <...>!
  17. 17. Authorization Procedure (SPARQL-less)
 ! 17   1. Adding Client Attributes to HTTP operation" 2. Access Conditions Execution! 3. HTTP Response Construction" !:context a prissma:Context; ! ! prissma:user ex:john. ! "no match"   GET /data/resource HTTP/1.1! Host: example.org! Authorization: Shi3ld <...>! <http://carl-johnson.org#me> :env_AC1 <http://alice.org#me> p:nearbyEntity p:user p:environment p:nearbyEntity :ctx_AC1 foaf:gender "male"
  18. 18. Authorization Procedure
 ! 18   1. Adding Client Attributes to HTTP operation" 2. Access Conditions Execution" 3. HTTP Response Construction! :resource! 401 Unauthorized!
  19. 19. Outline! ●  Introduction" ●  Authorization Procedure" ●  Shi3ld for HTTP: Scenarios! ●  Response Time Evaluation" ●  Future Work"
  20. 20. HTTP Operations on Linked Data: 
 Our Scenarios! 20   ●  SPARQL 1.1 Graph Store Protocol (GSP)" " ●  W3C Linked Data Platform (LDP) 1.0" Best practices for a read-write HTTP-based Linked Data architecture. "" GET /rdf-graph-store?graph=... HTTP/1.1! Host: example.com! Accept: text/turtle; charset=utf-8! CONSTRUCT { ?s ?p ?o } ! WHERE { GRAPH <...> ! { ?s ?p ?o } }!
  21. 21. HTTP Operations on Linked Data: 
 Our Scenarios! 21   ●  SPARQL 1.1 Graph Store Protocol (GSP)" !Shi3ld-GSP! " ●  W3C Linked Data Platform (LDP) 1.0" "Shi3ld-LDP! •  SPARQL-based! •  SPARQL-less!
  22. 22. HTTP Operations on Linked Data: 
 Our Scenarios! 22   ●  SPARQL 1.1 Graph Store Protocol (GSP)" !Shi3ld-GSP! " ●  W3C Linked Data Platform (LDP) 1.0" "Shi3ld-LDP! •  SPARQL-based! •  SPARQL-less!
  23. 23. Shi3ld- GSP! 23   Shi3ld-GSPClient SPARQL 1.1 GSP Triple Store GET /data/resource HTTP/1.1 Host: example.org Authorization: Shi3ld:base64(attributes) INSERT/DATA(attributes) SELECT(Access Policies) ASK (AC1) ASK (ACn) . . . GET /data/resource HTTP/1.1 Host: example.org 200 OK HTTP HTTP/SPARQL 1. Adding Client Attributes 2. AC Execution 3.  HTTP  Response  Construc:on  
  24. 24. HTTP Operations on Linked Data: 
 Our Scenarios! 24   ●  SPARQL 1.1 Graph Store Protocol (GSP)" !Shi3ld-GSP! " ●  W3C Linked Data Platform (LDP) 1.0" "Shi3ld-LDP! •  SPARQL-based! •  SPARQL-less!
  25. 25. LDP Server INSERT/DATA(attributes) SELECT(Access Policies) ASK (AC1) ASK (ACn) . . . Shi3ld-LDP Internal Triple Store Internal SPARQL Engine Shi3ld Frontend Client GET /data/resource HTTP/1.1 Host: example.org Authorization: Shi3ld:base64(attributes) 200 OK File System/ Triple Store HTTP getData() Shi3ld Internal Shi3ld-LDP (SPARQL-based)! 25   1. Adding Client Attributes 2. AC Execution 3.  HTTP  Response  Construc:on  
  26. 26. 26   Shi3ld-LDP (SPARQL-less)! File System/ Triple Store Save attributes Get Access Policies attributes.contains(AC1) attributes.contains(ACn) . . . Shi3ld-LDP Subgraph matcher Shi3ld Frontend Client GET /data/resource HTTP/1.1 Host: example.org Authorization: Shi3ld:base64(attributes) LDP Server HTTP Shi3ld Internal 200 OK getData() 1. Adding Client Attributes 2. AC Execution 3.  HTTP  Response  Construc:on  
  27. 27. Outline! ●  Background" ●  Authorization Procedure" ●  Shi3ld for HTTP: Scenarios" ●  Response Time Evaluation! ●  Future Work"
  28. 28. Response Time Evaluation! 28   ●  Response time linear w/ AC #" ●  SPARQL-less: 25% faster" ●  Empty RDF Store: only 14% faster"
  29. 29. Response Time Evaluation! 29   ●  AC complexity does not affect response time" ●  Response time independent from HTTP method"
  30. 30. Outline! ●  Background" ●  Authorization Procedure" ●  Shi3ld for HTTP: Scenarios" ●  Response Time Evaluation" ●  Future Work!
  31. 31. Future Work! bit.ly/shi3ld-http Luca  Costabello   @lukostaz!   Serena  Villata   @serena_villata!   Oscar  Rodriguez-­‐Rocha   @orocha!   Fabien  Gandon   @fabien_gandon   ●  Client Attributes Trustworthiness " ●  Client Attributes Caching" ●  Admin UI"

×