permissions, database notification features?

Help
2014-03-07
2014-03-07
  • Peter Amstutz

    Peter Amstutz - 2014-03-07

    Hello,

    I'm a developer on the Arvados (http://arvados.org) project and we are
    currently evaluating a migration to Bigdata from Postgres. Bigdata
    looks like a really good fit to our needs, but there two key features
    that we require, but available based on the documentation or searching
    the mailing lists I have not been able to determine if they are
    available:

    a) Is there a security/permission system for queries, or hooks to
    implement such a thing (e.g. filtering reads on a per-triple basis,
    validating inserts/deletes)?

    b) Is there a way to get notifications of change sets?

    Thanks,
    Peter

     
    • Bryan Thompson

      Bryan Thompson - 2014-03-07

      Peter,

      The 2nd issue is the easiest, and can give you the means to solve the first issue as well. What you do is register a custom service with bigdata (as in a SPARQL federated query SERVICE uri {….}). The service will be able to observe all transaction starts and can choose to register a listener for mutation events on the KB instance (triples or quads, added or removed). This is addressed on the wiki. See the part of the page on "monitoring updates".

      http://wiki.bigdata.com/wiki/index.php/FederatedQuery

      The 1st issue has been solved in many different ways. One approach is to register a service (as above). This will give you access to the change log and you can use that to secure add/remove of triples or quads. If you want to rewrite each triple pattern to a union with ACLS, you can either do this in the application or you can do this using an ASTOptimizer. Sometimes this is done by attaching a FILTER to the triple pattern. Sometimes it is done by joining against another triple pattern. Sometimes the additional data is maintained as statements about statements. Sometimes the additional data is maintained in a quads mode meta-graph or within the graph. Sometimes the resolution of the security information for the authenticated user is done at the start of the query and the set of named graphs is reduced to only those that are visible to that user, and this can be accelerated using a custom index from user to named graphs and their access privileges and you can maintain that custom index by registering a custom service as described above.

      We have not bundled a specific security model into bigdata precisely because there are so many different ways that people approach this, and those differences seem to be driven by specific business requirements (security on the named graph, security on a document that does not correspond to a named graph, security on a triple, etc.).

      Please let me know if you run into difficulty when trying to integrate a specific security model and I can try to point you to the right interfaces.

      Thanks,
      Bryan

      From: Peter Amstutz tetron@users.sf.net<mailto:tetron@users.sf.net>
      Reply-To: "[bigdata:discussion]" 676946@discussion.bigdata.p.re.sf.net<mailto:676946@discussion.bigdata.p.re.sf.net>
      Date: Thursday, March 6, 2014 10:19 PM
      To: "[bigdata:discussion]" 676946@discussion.bigdata.p.re.sf.net<mailto:676946@discussion.bigdata.p.re.sf.net>
      Subject: [bigdata:discussion] permissions, database notification features?

      Hello,

      I'm a developer on the Arvados (http://arvados.org) project and we are
      currently evaluating a migration to Bigdata from Postgres. Bigdata
      looks like a really good fit to our needs, but there two key features
      that we require, but available based on the documentation or searching
      the mailing lists I have not been able to determine if they are
      available:

      a) Is there a security/permission system for queries, or hooks to
      implement such a thing (e.g. filtering reads on a per-triple basis,
      validating inserts/deletes)?

      b) Is there a way to get notifications of change sets?

      Thanks,
      Peter


      permissions, database notification features?http://sourceforge.net/p/bigdata/discussion/676946/thread/0c67fe7b/?limit=25#51bc


      Sent from sourceforge.net because you indicated interest in https://sourceforge.net/p/bigdata/discussion/676946/

      To unsubscribe from further messages, please visit https://sourceforge.net/auth/subscriptions/

       
  • Anton Kulaga

    Anton Kulaga - 2014-03-07

    I already asked this question some time ago. As I understood it is up to us (developers) to implement security.
    I personally use quad store and thus going to make security restrictions relying in contexts that are not hard to get. To get elements of query you can use native bigdata queries and get their abstract syntax tree from which you can get parts of query. For updates you can assign changelogger that will see what quads will be inserted or removed, You can try to pass closure there that will close trascation before it will be commited.
    A lot of depends on how you organize working with bigdata in your app. Do users use it
    a sparql endpoint or most of the usages are inside classes of your app or both?

     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks