[Mulgara-dev] authentication in Mulgara
Andrae Muys
andrae at netymon.com
Sun Mar 9 07:55:06 UTC 2008
On 09/03/2008, at 2:52 PM, William Mills wrote:
> I wanted to drop a note to restart the conversation about
> authentication in Mulgara. I know it's in the plan for re-
> implementation. To reiterate the point I was making to Andre over
> dinner, lack of any authentication model makes Mulgara a non-
> starter at Yahoo and probably many other corporate environments.
> It is certainly possible to add an authentication layer in the
> application, but that doesn't solve the whole problem.
>
> If I were king I'd probably offer the standard username/password
> authentication model because everyone expects it, but I'd also have
> the option of using something less sucky/replayable.
>
> For authorization/access the common model used for the various SQL
> databases is well defined, but I'm not sure how closely it fits
> Mulgara. Certaibnly I'd like to differentiate between a system/
> root user and a less priveledged user. Access control down to the
> level of insert/delete from a model would be interesting. Control
> down to the row level that was explored in previous incarnations
> is, in my opinion, overkill.
Well the security api is still there, and has in the past been used
to provide control down to the level of per graph insert/delete/
query. I know of one bug in the layer that can permit some queries to
bypass the query-security, but that can be fixed in a few days, and
only hasn't been because we don't currently have anyone using that
functionality.
I must admit I haven't looked at the api for a couple of years now,
so I will have to do that before I can really comment much more.
Andrae
--
Andrae Muys
andrae at netymon.com
Senior RDF/SemanticWeb Consultant
Netymon Pty Ltd
More information about the Mulgara-dev
mailing list