Dismiss
InnovationQ will be updated on Sunday, Oct. 22, from 10am ET - noon. You may experience brief service interruptions during that time.
Browse Prior Art Database

Access Control for Quads in a Graph Store

IP.com Disclosure Number: IPCOM000244523D
Publication Date: 2015-Dec-17
Document File: 2 page(s) / 79K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method to control user access to data in a graph store by computing query results based on filtering quads in a graph store when users have access controls in place to view data.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 52% of the total text.

Page 01 of 2

Access Control for Quads in a Graph Store

Clients want to prescribe which users have access to sensitive data in graph stores. Currently available graph stores do not provide any mechanism to restrict access to individual quads (a quad is a graph with a ?s ?p ?o) or datasets (a collection of graphs)

when computing a query result. When users execute queries against a graph store, the system uses all of the data to compute the result set.

Independent of a query engine plan to execute a query, any graph that can be consumed by a query engine to compute the results should have the means by which to restrict access to the graph depending on the requesting user.

Once current process is to iterate through query result sets and remove quads and triples that a specific user CANNOT access. In addition to not performing well, this solution leaves the data is visible after the fact, which can lead to exposure of data to

users who do not have access. This disclosure addresses this issue by restricting the data while computing the result set.

Another possible solution is to rewrite incoming queries to restrict graphs as part of the

query itself.

The novel solution is a method to control user access to data in a graph store.

For the purpose of this disclosure, assume the following:


• A graph store that contains quads (a graph Uniform Resource Identifier (URI) plus a triple)


• An access control strategy that dictates to which quads different users have

  viewing access • The graph store can arbitrarily filter quads in real time when computing a query result
• The graph store provides a unique URI to identify the user executing the query

The novel method computes query results based on filtering quads in a graph store

when users have access controls in place to view data.

When a query engine...