Material Detail

Abstract Access Control Model for Dynamic RDF Datasets

Abstract Access Control Model for Dynamic RDF Datasets

This video was recorded at European Data Forum (EDF), Copenhagen 2012. Given the increasing amount of sensitive RDF data available on the Web, it becomes increasingly critical to guarantee secure access to this content. Access control is complicated when RDFS inference rules and other dependencies between access permissions of triples need to be considered; this is necessary, e.g., when we want to associate the access permissions of inferred triples with the access permissions of the ones that contributed to the implication of the former. The standard way to enforce selective access to sensitive information is using access control tags. Unfortunately, this simple scheme is problematic in the above setting, because after every change in the dataset, or in the access control tags, one has to recompute the access permissions for the entire dataset. To address this problem, we consider abstract access control models, which use abstract tokens and operators to describe the access permission of a triple. This way, the access label of a triple is a complex expression that encodes how said label was produced. This allows us to know exactly the effects of any possible change, thereby avoiding a complete recomputation of the labels after a change. An additional side-effect of our approach is that it allows the simultaneous enforcement of different access control policies by different applications accessing the same data, as well as the easy experimentation with different policies by the same application. This is achieved using the different concretization of the access labels and operators through concrete access control policies, that are used to determine the access permissions of triples.


  • User Rating
  • Comments
  • Learning Exercises
  • Bookmark Collections
  • Course ePortfolios
  • Accessibility Info

More about this material


Log in to participate in the discussions or sign up if you are not already a MERLOT member.