A policy-based system to determine access control in RDF stores

Resource Description Format (RDF) stores have formed an essential part of many semantic web applications. Current RDF store systems have primarily focused on efficiently storing and querying large numbers of triples. Little attention has been given to how triples would be updated and maintained or how access to store can be controlled.

In RDF stores addition and deletion of facts are not atomic, addition of a fact might result in addition of other knowledge, than the one added and similarly deletion of a fact might lead to deletion of other knowledge, which was derived using the fact being deleted. Current access control mechanisms are mostly indigent to this aspect of the system. We propose a policy based mechanism to determine access control for a Resource Description Format (RDF) store.

In our implementation RDF-Store Access-Control Policies (RAP) we provide a RDF store with maintenance capabilities and access control using user defined policies. All actions to the store are routed through RAP policy engine, to determine whether the action is permitted or prohibited. In the RAP framework, the same RDF store is also used to store the policy, as well as meta-data about the triples, allowing greater range in policy specification.