We are thinking of building a major MDM-type solution for a customer based on semantic technologies. It's not clear whether we can expose a SPARQL endpoint to the collected master data because we can't see how to implement the necessary access controls.
Basically, the solution needs to verify that the user sending the query has access to the given data types (say, person data, income data, and address data). It also needs to verify that the user has access to returned resources with certain attached metadata regarding security sensitivity. (For example, some people for various reasons have secret addresses. Very few users have access to these addresses.)
We need to be able to enforce these rules without placing restrictions on how the SPARQL queries can be written. To put it another way, we need to be able to enforce this without trusting the people who compose the SPARQL queries to get the security checks right.
With SQL we could do this with views, granting access rights to the various views for users, and implementing the sensitivity checks in the view logic. It's not clear to me that this is possible with SPARQL.
Anyone have any ideas how this could be done? Only the major SPARQL engines are really relevant here, like Oracle, Virtuoso and AllegroGraph.