Flexibility vs. security in linked enterprise data access control graphs

Abstract

Linked Data offers easy extensibility and interoperability of information spaces. This provides a great potential for industrial companies allowing to share information with partners in a virtual enterprise. Hence, together they can become faster and more flexible which results in an advantage in the market. However, there is still the barrier to protect own information with a fine grain. Access control graphs are an approach for this issue. Information is put into different views by executing infer mechanisms on role-based policy rules. Afterwards queries are automatically rewritten at runtime in order to match the generated views and provide only data from views that should be accessible by the authenticated role. This paper demonstrates the balance between flexibility and security using this approach. The amount and complexity of the policy rules are highly dependent on the information model used. However, a moderate restriction of the huge flexibility in the information modelling allows for few rules but those are powerful ones. Additionally, the approach allows can also be leveraged for consistency checking of Linked Data data structures. Thus, clients can rely on these information invariants and the information provider can rely on the fact that fine grained access is granted.