Default user in thrid party VAL authentication

Hi @hwilliams,

I notice that the default user making third party authentication is adminsparql is possible to associate third party user to a specific Virtuoso user .

user: jack ------> user: dba
user: john ------> user: adminsparql
user jane- ------> user: SPARQL



What are you trying to achieve by changing the default Role account that’s integral to the underlying VAL subsystem?

/cc @hwilliams

Hi @kidehen and @hwilliams maybe I am missing something, but the propose is to give different role to each third party user, with different privileges.

Clearly there is some confusion here.

Let’s start from the beginning. I presume you are trying to use VAL which is a Virtuoso Module for handling:

  1. Multi-Protocol Identity Authenticity
  2. Fine-grained Attribute-based Access Controls (ABAC)

All matters of identity and resource access controls are handled by the VAL module i.e., it doesn’t need to be tampered with at any level regarding these matters.

Based on the above, what is it that you are trying to achieve in regards to the requests you are making?

/cc @hwilliams

Ok, thanks,

so if all is demanded to the module VAL there is a console were is possibile to manage identity and resource access ?

/cc @hwilliams

Here’s how it works:

  1. Identity – entities are named using WebIDs, NetIDs (i.e., beyond HTTP e.g., ldap:), or internally using SQL User Accounts Identifiers
  2. Identification – via credentials where resolution is handled by naming method
  3. Authentication – using a variety of protocols (Digest, OpenID Connect + OAuth, OAuth, TLS via extended handshakes re credentials associated with WebIDs and NetIDs)
  4. Authorization – via attribute-based access controls (ABAC) defined using RDF statements, courtesy of terms from the WebACL Ontology

VAL is the layer that handles all of the above. The user simply needs to describe access controls using RDF statements leaving VAL and Virtuoso’s underlying Graph Security Layer to handle the rest.

The very latest edition of VAL will also install a basic rule to simplify matters i.e., a rule that restricts use of the sponger middleware layer to authenticated users using a variety of protocols.

To see VAL in action, you can also login at Protected SPARQL Query Service by clicking on the login button.


  1. Virtuoso Authentication Layer (VAL) - What, Why and How
  2. VAL Docs
  3. Virtuoso’s Graph Security Layer
  4. Virtuoso ABAC ACLs Quick Start Guide

Ok, many thanks ! I will study :slight_smile: