Access Control for HTTP Operations on Linked Data

  • Luca Costabello
  • Serena Villata
  • Oscar Rodriguez Rocha
  • Fabien Gandon
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7882)


Access control is a recognized open issue when interacting with RDF using HTTP methods. In literature, authentication and authorization mechanisms either introduce undesired complexity such as SPARQL and ad-hoc policy languages, or rely on basic access control lists, thus resulting in limited policy expressiveness. In this paper we show how the Shi3ld attribute-based authorization framework for SPARQL endpoints has been progressively converted to protect HTTP operations on RDF. We proceed by steps: we start by supporting the SPARQL 1.1 Graph Store Protocol, and we shift towards a SPARQL-less solution for the Linked Data Platform. We demonstrate that the resulting authorization framework provides the same functionalities of its SPARQL-based counterpart, including the adoption of Semantic Web languages only.


  1. 1.
    Abel, F., De Coi, J.L., Henze, N., Koesling, A.W., Krause, D., Olmedilla, D.: Enabling Advanced and Context-Dependent Access Control in RDF Stores. In: Aberer, K., et al. (eds.) ISWC/ASWC 2007. LNCS, vol. 4825, pp. 1–14. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Corby, O., Faron-Zucker, C.: The KGRAM Abstract Machine for Knowledge Graph Querying. In: Procs. of WI, pp. 338–341. IEEE (2010)Google Scholar
  3. 3.
    Corradi, A., Montanari, R., Tibaldi, D.: Context-Based Access Control Management in Ubiquitous Environments. In: Procs. of NCA, pp. 253–260. IEEE (2004)Google Scholar
  4. 4.
    Costabello, L., Villata, S., Gandon, F.: Context-Aware Access Control for RDF Graph Stores. In: Procs. of ECAI, pp. 282–287 (2012)Google Scholar
  5. 5.
    Covington, M.J., Long, W., Srinivasan, S., Dey, A.K., Ahamad, M., Abowd, G.D.: Securing Context-aware Applications using Environment Roles. In: Procs. of SACMAT, pp. 10–20. ACM (2001)Google Scholar
  6. 6.
    Cuppens, F., Cuppens-Boulahia, N.: Modeling Contextual Security Policies. Int. J. Inf. Sec. 7(4), 285–305 (2008)CrossRefGoogle Scholar
  7. 7.
    Dey, A.K.: Understanding and using context. Personal and Ubiquitous Computing 5, 4–7 (2001)CrossRefGoogle Scholar
  8. 8.
    Duckham, M.: Moving Forward: Location Privacy and Location Awareness. In: Procs. of SPRINGL, pp. 1–3. ACM (2010)Google Scholar
  9. 9.
    Finin, T.W., Joshi, A., Kagal, L., Niu, J., Sandhu, R.S., Winsborough, W.H., Thuraisingham, B.M.: ROWLBAC: representing role based access control in OWL. In: Procs. of SACMAT, pp. 73–82. ACM (2008)Google Scholar
  10. 10.
    Flouris, G., Fundulaki, I., Michou, M., Antoniou, G.: Controlling Access to RDF Graphs. In: Berre, A.J., Gómez-Pérez, A., Tutschku, K., Fensel, D. (eds.) FIS 2010. LNCS, vol. 6369, pp. 107–117. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  11. 11.
    Giereth, M.: On Partial Encryption of RDF-Graphs. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729, pp. 308–322. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  12. 12.
    Giunchiglia, F., Zhang, R., Crispo, B.: Ontology Driven Community Access Control. In: Procs. of SPOT (2009)Google Scholar
  13. 13.
    Hollenbach, J., Presbrey, J., Berners-Lee, T.: Using RDF Metadata to Enable Access Control on the Social Semantic Web. In: Procs. of CK (2009)Google Scholar
  14. 14.
    Hulsebosch, R., Salden, A., Bargh, M., Ebben, P., Reitsma, J.: Context Sensitive Access Control. In: Procs. of SACMAT, pp. 111–119. ACM (2005)Google Scholar
  15. 15.
    Krumm, J.: A Survey of Computational Location Privacy. Personal Ubiquitous Comput. 13(6), 391–399 (2009)CrossRefGoogle Scholar
  16. 16.
    Kulkarni, D., Tripathi, A.: Context-aware Role-based Access Control in Pervasive Computing Systems. In: Procs. of SACMAT, pp. 113–122. ACM (2008)Google Scholar
  17. 17.
    Muhleisen, H., Kost, M., Freytag, J.C.: SWRL-based Access Policies for Linked Data. In: Procs. of SPOT (2010)Google Scholar
  18. 18.
    Priebe, T., Fernández, E.B., Mehlau, J.I., Pernul, G.: A Pattern System for Access Control. In: Procs. of DBSec, pp. 235–249. Kluwer (2004)Google Scholar
  19. 19.
    Sacco, O., Passant, A., Decker, S.: An Access Control Framework for the Web of Data. In: Proc. of TrustCom, pp. 456–463. IEEE (2011)Google Scholar
  20. 20.
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-Based Access Control Models. IEEE Computer 29(2), 38–47 (1996)CrossRefGoogle Scholar
  21. 21.
    Shen, H., Cheng, Y.: A Semantic Context-Based Model for Mobile Web Services Access Control. I. J. Computer Network and Information Security 1, 18–25 (2011)CrossRefGoogle Scholar
  22. 22.
    Toninelli, A., Montanari, R., Kagal, L., Lassila, O.: A Semantic Context-Aware Access Control Framework for Secure Collaborations in Pervasive Computing Environments. In: Cruz, I., Decker, S., Allemang, D., Preist, C., Schwabe, D., Mika, P., Uschold, M., Aroyo, L.M. (eds.) ISWC 2006. LNCS, vol. 4273, pp. 473–486. Springer, Heidelberg (2006)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Luca Costabello
    • 1
  • Serena Villata
    • 1
  • Oscar Rodriguez Rocha
    • 2
  • Fabien Gandon
    • 1
  1. 1.INRIA Sophia AntipolisFrance
  2. 2.Politecnico di TorinoItaly

Personalised recommendations