Abstract: The technology described herein protects the privacy and security of data stored in a knowledge graph (“graph”) by enforcing visibility policies when returning property information in response to a query or other attempt to extract property information from the graph and/or about the graph. The visibility policies may be stored with the object and used to prevent restricted properties from being extracted from the object, let alone the graph. The object-specific visibility policy may be stored in the storage layer of the knowledge-graph object with the object properties and content. Some implementations may include multiple visibility records for a single object. Together the visibility records form the object visibility policy. An object visibility policy may have a single visibility record or multiple visibility records.

Abstract: Particular aspects of this disclosure relate to computerized systems for generating and using improved data structures and functionality to efficiently render different multiple access-controlled resources (or properties of access-controlled resources) that are part of a concept. Often times, two or more resources of a concept or properties of a resource are subject to different access controls. This adds computing complexity as to whether or not a user is granted access to the entire concept or resource, a portion of the concept or resource, or none of the concept or resources and what exactly is surfaced back to the user when there are resources or properties the user does and does not have access to. Some embodiments accordingly render an efficient composite view of concepts or resources where some resources or properties are accessible by the requesting user, while other resources or properties are not accessible by the requesting user.

Abstract: The technology described herein protects the privacy and security of data stored in a knowledge graph (“graph”) by enforcing visibility policies when returning property information in response to a query or other attempt to extract property information from the graph and/or about the graph. The visibility policies may be stored with the object and used to prevent restricted properties from being extracted from the object, let alone the graph. The object-specific visibility policy may be stored in the storage layer of the knowledge-graph object with the object properties and content. Some implementations may include multiple visibility records for a single object. Together the visibility records form the object visibility policy. An object visibility policy may have a single visibility record or multiple visibility records.

Abstract: The technology described herein protects the privacy of data stored in a knowledge graph (“graph”) by enforcing privacy policies when returning information in response to a query or other attempt to extract information from the graph and/or about the graph. In one aspect, unauthorized information is trimmed from the information output in response to a query. In other words, the privacy policy for a knowledge graph is enforced during the information extraction process. This is in contrast to other methods that attempt to enforce privacy policies at the information ingestion process or through some other service-level process after information is output from the graph. The privacy policies may be stored in a node of the graph.

Abstract: Particular aspects of this disclosure relate to computerized systems for generating and using improved data structures and functionality to efficiently render different multiple access-controlled resources (or properties of access-controlled resources) that are part of a concept. Often times, two or more resources of a concept or properties of a resource are subject to different access controls. This adds computing complexity as to whether or not a user is granted access to the entire concept or resource, a portion of the concept or resource, or none of the concept or resources and what exactly is surfaced back to the user when there are resources or properties the user does and does not have access to. Some embodiments accordingly render an efficient composite view of concepts or resources where some resources or properties are accessible by the requesting user, while other resources or properties are not accessible by the requesting user.

Abstract: Exposing content to individuals in an enterprise is provided. An external content sharing system includes a graph server comprising an API engine, a graph index, and an activity processing and analytics engine. When a user selects to share external content via a user agent, the API engine receives an API call including a URL of the external content from the user agent. The API engine accesses the content, extracts metadata, and stores the metadata as a node in the graph index, where connections are made between the node and individuals who are socially close to the user. The API engine receives a query request for content associated with an individual socially close to the user, queries the graph index, and provides a result including the metadata of the external content and the URL for generating and exposing a visual information element representative of the external content to the individual.