Graph Patterns in Fine-Grained Access Control for Graph-Structured Data
摘要
More and more data, one of organizations’ most important assets, are graph-structured today and require advanced access control. Graph patterns are a promising approach to specify and enforce sophisticated, fine-grained authorization policies for graph-structured data. However, within the context of authorization policy specification, the term graph pattern has been subject to varying interpretations. Therefore, a consistent definition of graph patterns for access control models and their implementations is required. This work contributes to a more precise and consistent understanding of graph patterns within fine-grained authorization models for graph-structured data. We examine how graph patterns are conceptualized and implemented by two representative access control approaches. Both models apply graph patterns for fine-grained access control on property graphs. Although graph patterns are specified in the authorization policy and enforced independently of the datastores, these access control models differ by whether the approach is pattern-first, i.e., patterns are at the core of the model, or the graph pattern is an extension. We study the differences in pattern definition, enforcement, and implementation through a comparative analysis.