SHACL Access Control Lists (SHACL-ACL) is a policy-based access control approach for policies defined in the Shapes Constraint Language (SHACL) [1]. When a SPARQL [2] query is posed, SHACL-ACL validates the access control policies defined in SHACL. The policies are validated against a virtual knowledge graph. This virtual knowledge graph is generated on the fly to collect local and external data for the policy evaluation. The data is gathered from local (e.g., a CSV file) and external (e.g., JSON data from a Web API) sources. SHACL-ACL is able to do so by utilizing mappings defined in the RDF Mapping Language (RML) [3]. After the validation, the decision about granting the access is taken. If no violations were detected, i.e., all requirements are met, the access is granted, the query executed, and the query result returned. However, if at least one of the policies is violated, the access is denied. The query is not executed in this case and instead of the query result an error message is returned.

The Jupyter notebook (SHACL-ACL.ipynb) in this repository contains a demonstration of SHACL-ACL. The access control policies consider the current condition of the executing machine as well as the current weather conditions in Hannover, Germany. The SPARQL query used in the demonstration returns the life expectancy in Germany for the last three years (in the data) from the World Bank KG. This knowledge graph contains various indicators like life expectancy, population, inflation, and age distribution per country per year. Since the decision about granting access cannot be guaranteed with the live data, two additional use cases are included that ensure that at least once the access is denied or granted, respectively. Click the binder badge at the top in order to execute the notebook yourself.

In order to run the demo of SHACL-ACL in your local machine, execute the following steps. Note that Python 3.10 is recommended for running the demo. For the sake of simplicity, the instructions do not include the setup of a virtual environment. However, as per recommendation, Python projects should be executed in their own virtual environment.

1. Clone the repository

git clone [email protected]:SDM-TIB/SHACL-ACL.git

2. Change into the directory

cd SHACL-ACL

3. Install dependencies

python -m pip install -r requirements.txt
python -m pip install jupyter

4. Start Jupyter Notebook

jupyter notebook --ip='*' --NotebookApp.token='' --NotebookApp.password=''

5. Access the demo by navigating to the following URL in your web browser

http://localhost:8888/notebooks/SHACL-ACL.ipynb

• Resource Description Framework (RDF) [4]
• RDF Mapping Language (RML) [3]
• Shapes Constraint Language (SHACL) [1]
• SPARQL Protocol And RDF Query Language (SPARQL) [2]

	SDM-RDFizer [5]	Trav-SHACL [6]	DeTrusty [7]
Description	An efficient RML-compliant engine for knowledge graph creation	A SHACL validator capable of planning the traversal and execution of the validation of a shape schema to detect violations early	Federated query engine over RDF sources
Version	modified version (see directory rdfizer)	1.3.0	0.11.2

SHACL-ACL is licensed under Apache-2.0.

Philipp D. Rohde, Enrique Iglesias, Maria-Esther Vidal. SHACL-ACL: Access Control with SHACL. In: The Semantic Web: ESWC 2023 Satelite Events. Springer, 2023, pp. 22–26. Best Demo Award Nominee. DOI: 10.1007/978-3-031-43458-7_4.

[1] SHACL Specification. 2017. URL: https://www.w3.org/TR/2017/REC-shacl-20170720/.

[2] SPARQL Specification. 2008. URL: https://www.w3.org/TR/2008/REC-rdf-sparql-query-20080115/.

[3] A. Dimou, M. Vander Sande, P. Colpaert, R. Verborgh, E. Mannes, R. Van de Walle. RML: A Generic Language for Integrated RDF Mappings of Heterogeneous Data. In: Proceedings of the Workshop on Linked Data on the Web co-located with WWW, CEUR-WS, Aachen, Germany, 2014. URL: https://ceur-ws.org/Vol-1184/ldow2014_paper_01.pdf.

[4] RDF Specification. 2004. URL: https://www.w3.org/TR/2004/REC-rdf-primer-20040210/.

[5] E. Iglesias, S. Jozashoori, D. Chaves-Fraga, D. Collarana, M.-E. Vidal. SDM-RDFizer: An RML Interpreter for the Efficient Creation of RDF Knowledge Graphs. In: CIKM ’20:Proceedings of the 29th ACM International Conference on Information & Knowledge Management, ACM, New York, NY, USA, 2020. DOI: 10.1145/3340531.3412881.

[6] M. Figuera, P.D. Rohde, M.-E. Vidal. Trav-SHACL: Efficiently Validating Networks of SHACL Constraints. In: The Web Conference, ACM, New York, NY, USA, 2021. DOI: 10.1145/3442381.3449877.

[7] P.D. Rohde. DeTrusty v0.11.2. 2023. DOI: 10.5281/zenodo.7670670.