VirtTipsAndTricksGuideSPARQLEndpoints Securing SPARQL endpoints Securing SPARQL endpoints SPARQL endpoints are Web services, and they are capable of more than providing Read-Only access to a back-end graph DBMS. Though commonly general-purpose, SPARQL endpoints can also be purpose-specific, and their privileges may therefore be limited to specific Create, Read, Update, and/or Delete operations. The privileges provided by a given Virtuoso SPARQL endpoint may be based simply upon the endpoint's URL, or upon sophisticated rules which associate specific user identities with specific database roles and privileges. Virtuoso offers three methods for securing SPARQL endpoints: Digest Authentication via SQL Accounts OAuth Protocol based Authentication WebID Protocol based authentication By default, Virtuoso has several purpose-specific SPARQL endpoints, associated with these authentication methods along the following lines -- <tgroup><thead /><tbody> <row /> <row><entry> <emphasis>Basic default</emphasis> </entry><entry> http://<cname>[:<port>]/sparql </entry><entry> Virtuoso <ulink url="http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpoint">SPARQL Web Service Endpoint</ulink> documentation. </entry><entry> </entry></row> <row><entry> <emphasis>SPARQL Digest (Digest Authentication via SQL Accounts)</emphasis> </entry><entry> http://<cname>[:<port>]/sparql-auth </entry><entry> <ulink url="http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpointurisparqlauthex">Demonstration of setting user privileges to interact with OAuth Protected SPARQL Endpoint</ulink> </entry><entry> </entry></row> <row><entry> <emphasis>SPARQL OAuth</emphasis> </entry><entry> http://<cname>[:<port>]/sparql-oauth </entry><entry> <ulink url="VirtOAuthSPARQL">Demonstration of the OAuth keys and Protected SPARQL Endpoint features of the Virtuoso OAuth UI</ulink> </entry><entry> </entry></row> <row><entry> <emphasis>SPARQL <ulink url="WebID">WebID</ulink></emphasis> </entry><entry> https://<cname>[:<port>]/sparql and https://<cname>[:<port>]/sparql-webid </entry><entry> <ulink url="VirtSPARQLSecurityWebID">Demonstration of setting WebID Protocol ACLs using the Virtuoso Authentication Server UI</ulink> </entry><entry> </entry></row> <row><entry> <emphasis>SPARQL Graph Store Protocol</emphasis> </entry><entry> http://<cname>[:<port>]/sparql-graph-crud </entry><entry> Virtuoso <ulink url="http://docs.openlinksw.com/virtuoso/rdfsparql.html#sparqloauthendpointauth">SPARQL Authentication</ulink> documentation. </entry><entry> Primarily intended to serve requests from applications, rather than human interactions via browser. </entry></row> <row><entry> <emphasis>Digest Authentication</emphasis> </entry><entry> http://<cname>[:<port>]/sparql-graph-crud-auth </entry><entry> Virtuoso <ulink url="http://docs.openlinksw.com/virtuoso/rdfsparql.html#sparqloauthendpointauth">SPARQL Authentication</ulink> documentation. </entry><entry> Primarily intended to serve requests from applications, rather than human interactions via browser. </entry></row> </tbody></tgroup></table> <para> We also have step-by-step guides to walk you through the process of setting up your own SPARQL endpoint(s) for --</para> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="VirtReadOnlySPARQL">read-only access</ulink> </listitem> <listitem><ulink url="VirtSPARQLProtectSQLDigestAuthentication">read-write access using digest authentication</ulink> </listitem> <listitem><ulink url="VirtOAuthSPARQL">read-write access using OAuth</ulink> </listitem> <listitem><ulink url="VirtSPARQLSecurityWebID">read-write access using SSL via WebID</ulink></listitem> </itemizedlist><para> </para> <bridgehead class="http://www.w3.org/1999/xhtml:h2">Related</bridgehead> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="VirtSPARQLEndpointProtection">Safeguarding your Virtuoso-hosted SPARQL Endpoint</ulink> </listitem> <listitem><ulink url="VirtTipsAndTricksGuideSPARQLEndpointProtection">SPARQL Endpoint Protection Methods Collection</ulink> </listitem> <listitem><ulink url="http://docs.openlinksw.com/virtuoso/">Virtuoso documentation</ulink> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpoint">SPARQL Service Endpoint</ulink> </listitem> <listitem><ulink url="http://docs.openlinksw.com/virtuoso/rdfsparql.html#rdfsupportedprotocolendpointuri">Service Endpoint Security</ulink> </listitem> <listitem><ulink url="http://docs.openlinksw.com/virtuoso/rdfsparql.html#sparqwebservicetbl">Managing a SPARQL Web Service Endpoint</ulink> </listitem> <listitem><ulink url="http://docs.openlinksw.com/virtuoso/rdfsparql.html">SPARQL</ulink> </listitem> </itemizedlist></listitem> <listitem><ulink url="VirtTipsAndTricksGuide">Virtuoso Tips and Tricks Collection</ulink> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="VirtSPARQLDET">SPARQL Endpoint DET Configuration Guide</ulink> </listitem> <listitem><ulink url="VirtSPARQLSecurityWebID">WebID Protocol & SPARQL Endpoint ACLs Tutorial</ulink> </listitem> <listitem><ulink url="VirtOAuthSPARQL">SPARQL OAuth Tutorial</ulink> </listitem> </itemizedlist></listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/OdsSPARQLAuth">SPARUL over SPARQL using the http://cname:port/sparql-auth endpoint</ulink> </listitem> <listitem><ulink url="VirtAuthServerUI">Virtuoso Authentication Server UI</ulink> </listitem> <listitem><ulink url="VirtSPARQLSSL">Manage a SPARQL-WebID based Endpoint</ulink> </listitem> <listitem><ulink url="VirtSetupSSL">Configure Virtuoso instance as an X.509 Certificate Authority and HTTPS listener</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSSetupSSL">Configure Virtuoso+ODS instance as an X.509 Certificate Authority and HTTPS listener</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/VirtODSSecurityWebID">WebID Protocol Support in OpenLink Data Spaces</ulink>. </listitem> <listitem>Manage ODS Datadspaces Objects <ulink url="WebID">WebID</ulink> Access Control Lists (ACLs): <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebID">ODS Briefcase WebID based ACL Guide</ulink> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDPerson">Person Entity WebID based ACL Guide</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDGroup">Group Entity WebID based ACL Guide</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDPublic">Public WebID based ACL Guide</ulink> </listitem> </itemizedlist></listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACL">ODS Feed Manager WebID based ACL Guide</ulink> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLPerson">Person Entity Specific ACL</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLGroup">Group Entity Specific ACL</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSFeedManagerWebIDACLPublic">Public Specific ACL for anyone with a WebID</ulink> </listitem> </itemizedlist></listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACL">ODS Calendar WebID based ACL Guide</ulink> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLPerson">Person Entity Specific ACL</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLGroup">Group Entity Specific ACL</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSCalendarWebIDACLPublic">Public Specific ACL for anyone with a WebID</ulink> </listitem> </itemizedlist></listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACL">ODS Bookmark Manager WebID based ACL Guide</ulink> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLPerson">Person Entity Specific ACL</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLGroup">Group Entity Specific ACL</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBookmarksWebIDACLPublic">Public Specific ACL for anyone with a WebID</ulink> </listitem> </itemizedlist></listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACL">ODS Addressbook WebID based ACL Guide</ulink> <itemizedlist mark="bullet" spacing="compact"><listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLPerson">Person Entity Specific ACL</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLGroup">Group Entity Specific ACL</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSAddressBookWebIDACLPublic">Public Specific ACL for anyone with a WebID</ulink> </listitem> </itemizedlist></listitem> </itemizedlist></listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSPkiSetup">Guide for Set up a X.509 certificate issuer and HTTPS listener and generate ODS user certificates.</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/VirtODSPubSubHub">Setting up PubSubHub in ODS</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/VirtPubSubHub">PubSubHubBub Demo Client Example</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/VirtFeedPubSubHub">Feed subscription via PubSubHub protocol Example</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/VirtPubSubHubACL">Setting Up PubSubHub to use WebID Protocol or IP based control lists</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/OdsKeyImport">CA Keys Import using Conductor</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSGenerateX509Certificate">Generate an X.509 Certificate hosted WebID Guide</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSGenerateWebIDX509CertOSKeystore">Generate an X.509 Certificate (with a WebID watermark) to be managed by host operating system keystore</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSGenerateWebIDX509CertBrsKeystore">Generate an X.509 Certificate (with a WebID watermark) to be managed by a browser-based keystore</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdP">Using Virtuoso's WebID Verification Proxy Service with a WebID-bearing X.509 certificate</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSWebIDIdpProxy">Using Virtuoso's WebID Identity Provider (IdP) Proxy Service with an X.509 certificate</ulink> </listitem> <listitem><ulink url="http://ods.openlinksw.com/wiki/ODS/ODSBriefcaseWebIDShareFile">ODS Briefcase WebID Protocol Share File Guide</ulink> </listitem> <listitem><ulink url="http://esw.w3.org/topic/foaf+ssl">WebID Protocol Specification</ulink> </listitem> <listitem><ulink url="https://foaf.me/simpleLogin.php">Test WebID Protocol Certificate page</ulink> </listitem> <listitem><ulink url="http://test.foafssl.org/cert/">WebID Protocol Certificate Generation page</ulink></listitem> </itemizedlist><para><ulink url="CategoryVirtuoso">CategoryVirtuoso</ulink> <ulink url="CategoryHowTo">CategoryHowTo</ulink> <ulink url="CategorySPARQL">CategorySPARQL</ulink> <ulink url="CategoryOAuth">CategoryOAuth</ulink> <ulink url="CategoryFOAFSSL">CategoryFOAFSSL</ulink> <ulink url="CategoryDocumentation">CategoryDocumentation</ulink> <ulink url="CategoryTutorial">CategoryTutorial</ulink></para> </section></docbook>