Which triple stores include security and encryption?

I'm reviewing Jena TDB, Jena SDB, 4store , OWLIM and Virtuoso w.r.t their native security and access control features and was wondering whether any of these have implemented some access control that can be used to determine who can see which data.


Virtuoso has graph-based security. Users can be granted access to specific named graphs inside the store, either read-write or read-only. This is in addition to privileges required to access RDF data at all.

Stardog supports database and Named Graph-level role-based access control; it supports extensible authentication via both internally stored user info and external mechanisms (LDAP, AD, etc) via Shiro.

It supports encrypted credentials in-flight over Avro protocol via CRAM-MD5 (moving to a better mechanism before 1.0 release) and supports in-flight encryption of credentials and payload data via HTTPS.

Oracle has security at the triple level. See slide 30 from their SemTech 2010 presentation. Though, I'm not sure I would say it is all that intuitive to work with, you kind of have to do things "the Oracle way".

For encryption, since the triple/quad store lives in Oracle you can it get it via their rather mature security stack via the Oracle Advanced Security option.

If security in a triple/quad store is your main concern you probably won't beat Oracle's stack. Although, I'm not sure I would give it a confidence vote in areas other than security.

TopBraid Live has role-based access control on a per-graph basis. The data can come from Jena TDB, Sesame, Oracle, Allegro, etc., and J2EE RBAC is applied to all of them.

For encryption, I'm not aware of any RDF triple store that encrypts its data, but it's usually sufficient to configure the server to use https.