Efficient authorization conflict detection using graph labeling in controlling access to RDF

Since the Resource Description Framework (RDF) has a graph structure, called an RDF graph, which consists of RDF triples, and an authorization conflict problem related to RDF inference exists, the access control mechanism for RDF data differs from that for eXtensible Markup Language (XML) data. The authorization conflict problem is to detect efficiently the conflicts between access authorizations caused by RDF inference. Since various RDF inferences for large amounts of RDF data may be involved, the detection cost can be very high. In this paper, we introduce a fine-grained authorization model for RDF data based on the RDF triple, and suggest a heuristic approach considering large RDF data. In particular, for subsumption inference, we introduce an efficient detection method that uses prefix-based graph labeling (Dewey Decimal Coding). Since an RDF graph can become so large and complex that the authorization specification becomes a complex and difficult task, we also propose the simple RDFacl graph, which is derived from the more complex RDF graph. In our system, the authorization specification and conflict detection tasks are performed in the simple RDFacl graph.