Access Control on the Semantic Web


$Revision: 1.1 $ $Date: 2002/04/02 21:57:59 $

A proposal and some discussion


Read and understand how change works, first.

Control Over Reading

Each triple has a "mayBeToldTo" relationship to each receiving (querying) agent. Simple enough, eh?

Do you apply that to the triples describing the Changes or to the triples themselves? Let's flesh out examples of publishing directly and publishing updates and see how you do each.

Interestingly, you can propagate the mayBeToldTo links, (and the links about them!) to create a secure perimiter (with a lot of overhead).

Control Over Changing

To change some data on the Semantic Web, you don't need the permission of the author of the data you're changing; you need the trust of the reader.

Control Over Storing

Sometimes you do want to change what is stored -- either just because you need someplace to store it, or because you want it to be published from a particular address.

One scenario is, which (let's pretend) gives out accounts for a $10 donation. With an account, you can publish RDF from You might do that publishing via ssh, https post on an html form, or some RDF Database Access Protocol. It doesn't really matter; stuff delivered from your account would be authenticated as coming from you by a variety of means. (https vouching from the host, the URI itself, GPG signed files, XML-DSIG signed files, ... etc) Continuing that business plan: I imagine $10 to set up an account, which lasts forever, but has a life-time data transfer quota and some disk space quota. Once the life-time quota is exceeded, a small trick is allowed so data can be moved elsewhere, or something.

Sandro Hawke
First: 2002-03-29; This: $Id: access-control.html,v 1.1 2002/04/02 21:57:59 sandro Exp $