[Mulgara-dev] authentication in Mulgara

Andrae Muys andrae at netymon.com
Sun Mar 9 07:55:06 UTC 2008


On 09/03/2008, at 2:52 PM, William Mills wrote:

> I wanted to drop a note to restart the conversation about  
> authentication in Mulgara.  I know it's in the plan for re- 
> implementation.  To reiterate the point I was making to Andre over  
> dinner, lack of any authentication model makes Mulgara a non- 
> starter at Yahoo and probably many other corporate environments.   
> It is certainly possible to add an authentication layer in the  
> application, but that doesn't solve the whole problem.
>
> If I were king I'd probably offer the standard username/password  
> authentication model because everyone expects it, but I'd also have  
> the option of using something less sucky/replayable.
>
> For authorization/access the common model used for the various SQL  
> databases is well defined, but I'm not sure how closely it fits  
> Mulgara.  Certaibnly I'd like to differentiate between a system/ 
> root user and a less priveledged user.  Access control down to the  
> level of insert/delete from a model would be interesting.  Control  
> down to the row level that was explored in previous incarnations  
> is, in my opinion, overkill.

Well the security api is still there, and has in the past been used  
to provide control down to the level of per graph insert/delete/ 
query. I know of one bug in the layer that can permit some queries to  
bypass the query-security, but that can be fixed in a few days, and  
only hasn't been because we don't currently have anyone using that  
functionality.

I must admit I haven't looked at the api for a couple of years now,  
so I will have to do that before I can really comment much more.

Andrae

-- 
Andrae Muys
andrae at netymon.com
Senior RDF/SemanticWeb Consultant
Netymon Pty Ltd





More information about the Mulgara-dev mailing list