Authorization Proxy for SPARQL Endpoints

Conference paper
Part of the Communications in Computer and Information Science book series (CCIS, volume 778)


A large number of emerging services expose their data using various Application Programming Interfaces (APIs). Consuming and fusing data form various providers is a challenging task, since separate client implementation is usually required for each API. The Semantic Web provides a set of standards and mechanisms for unifying data representation on the Web, as well as means of uniform access via its query language – SPARQL. However, the lack of data protection mechanisms for the SPARQL query language and its HTTP-based data access protocol might be the main reason why it is not widely accepted as a data exchange and linking mechanism. This paper presents an authorization proxy that solves this problem using query interception and rewriting. For a given client, it solely returns the permitted data for the requested query, defined via a flexible policy language that combines the RDF and SPARQL standards for policy definition.


  1. 1.
    Abel, F., De Coi, J.L., Henze, N., Koesling, A.W., Krause, D., Olmedilla, D.: Enabling advanced and context-dependent access control in RDF stores. In: Aberer, K., et al. (eds.) ASWC/ISWC -2007. LNCS, vol. 4825, pp. 1–14. Springer, Heidelberg (2007). doi: 10.1007/978-3-540-76298-0_1 CrossRefGoogle Scholar
  2. 2.
    Chen, W., Stuckenschmidt, H.: A model-driven approach to enable access control for ontologies. Wirtschaftsinformatik 1, 663–672 (2009)Google Scholar
  3. 3.
    Dietzold, S., Auer, S.: Access control on RDF triple stores from a semantic wiki perspective. In: ESWC Workshop on Scripting for the Semantic Web, Citeseer (2006)Google Scholar
  4. 4.
    Flouris, G., Fundulaki, I., Michou, M., Antoniou, G.: Controlling access to RDF graphs. In: Berre, A.J., Gómez-Pérez, A., Tutschku, K., Fensel, D. (eds.) FIS 2010. LNCS, vol. 6369, pp. 107–117. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-15877-3_12 CrossRefGoogle Scholar
  5. 5.
    Franzoni, S., Mazzoleni, P., Valtolina, S., Bertino, E.: Towards a fine-grained access control model and mechanisms for semantic databases. In: IEEE International Conference on Web Services (ICWS 2007), pp. 993–1000. IEEE (2007)Google Scholar
  6. 6.
    Godik, S., Anderson, A., Parducci, B., Humenn, P., Vajjhala, S.: Oasis extensible access control 2 markup language (xacml), vol. 3. Technical report, OASIS (2002)Google Scholar
  7. 7.
    Gutierrez, F.: Pro Spring Boot. Springer, Heidelberg (2016)CrossRefGoogle Scholar
  8. 8.
    Heath, T., Bizer, C.: Linked data: evolving the web into a global data space. Synth. Lect. Semant. Web Theor. Technol. 1(1), 1–136 (2011)CrossRefGoogle Scholar
  9. 9.
    Hollenbach, J., Presbrey, J., Berners-Lee, T.: Using rdf metadata to enable access control on the social semantic web. In: Proceedings of the Workshop on Collaborative Construction, Management and Linking of Structured Knowledge (CK 2009), vol. 514 (2009)Google Scholar
  10. 10.
    Kirrane, S.: Linked data with access control. Ph.D. thesis (2015)Google Scholar
  11. 11.
    Lopes, N., Kirrane, S., Zimmermann, A., Polleres, A., Mileo, A.: A logic programming approach for acess control over RDF. Ph.D. thesis (2012)Google Scholar
  12. 12.
    Muhleisen, H., Kost, M., Freytag, J.-C.: SWRL-based access policies for linked data. In: Procs of SPOT, vol. 80 (2010)Google Scholar
  13. 13.
    Oulmakhzoune, S., Cuppens-Boulahia, N., Cuppens, F., Morucci, S.: fQuery: SPARQL query rewriting to enforce data confidentiality. In: Foresti, S., Jajodia, S. (eds.) DBSec 2010. LNCS, vol. 6166, pp. 146–161. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13739-6_10 CrossRefGoogle Scholar
  14. 14.
    Padia, A., Finin, T., Joshi, A.: Attribute-based fine grained access control for triple stores. In: 14th International Semantic Web Conference (2015)Google Scholar
  15. 15.
    Scarioni, C.: Pro Spring Security. Apress, Berkeley (2013)CrossRefGoogle Scholar

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  1. 1.Faculty of Computer Science and EngineeringSs. Cyril and Methodius University in SkopjeSkopjeMacedonia

Personalised recommendations