Abstract
The World Wide Web makes it easy to share information and resources, but offers few ways to limit the manner in which these resources are shared. The specification and automated enforcement of security-related policies offer promise as a way of providing controlled sharing, but few tools are available to assist in policy specification and management, especially in an open system such as the Web, where resource providers and users are often strangers to one another and exact and correct specification of policies will be crucial. In this paper, we propose the use of ontologies to simplify the tasks of policy specification and administration, discuss how to represent policy inheritance and composition based on credential ontologies, formalize these representations and the according constraints in Frame-Logic, and present POLICYTAB, a prototype implementation of our proposed scheme as a Protégé plug-in to support policy specification.
Chapter PDF
References
Liberty Alliance Project, http://www.projectliberty.org/about/whitepapers.php
The Protégé Ontology Editor and Knowledge Acquisition System, http://protege.stanford.edu/
Web Services Trust Language (WS-Trust) Specification, http://www-106.ibm.com/developerworks/library/specification/ws-trust/
Xacml 1.0 specification, http://xml.coverpages.org/ni2003-02-11-a.html
Assertions and protocol for the oasis security assertion markup language (saml); committee specification 01 (2002)
Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A content-based authorization model for digital libraries. IEEE Transactions on Knowledge and Data Engineering 14(2), 296–315 (2002)
Ankolekar, A.: Daml-s: Semantic markup for web services
Bertino, E., Jojodia, S., Samarati, P.: Supporting multiple access control policies in database systems. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 94–109. IEEE Computer Society Press, Los Alamitos (1996)
Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web. In: Conference on Computer and Communications Security, Athens (November 2000)
Cassandra policy for national ehr in england, http://www.cl.cam.ac.uk/users/mywyb2/publications/ehrpolicy.pdf
Denker, G., Kagal, L., Finin, T., Paolucci, M., Sycara, K.: Security for daml web services: Annotation and matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)
Eßmayr, W., Kastner, F., Pernul, G., Preishuber, S., Tjoa, A.: Authorization and access control in iro-db
Erdmann, M., Studer, R.: How to structure and access xml documents with ontologies. Data and Knowledge Engineering, 36(3) (2001)
Fikes, R., McGuinness, D., Rice, J., Frank, G., Sun, Y., Qing, Z.: Distributed repositories of highly expressive reusable knowledge (1999)
Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K., Winslett, M.: No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)
Kagal, L., Finin, T., Joshi, A.: A policy based approach to security for the semantic web. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003)
Kifer, M., Lausen, G., Wu, J.: Logical foundations of object-oriented and frame-based languages. J. ACM 42(4), 741–843 (1995)
Nejdl, W., Olmedilla, D., Winslett, M.: PeerTrust: automated trust negotiation for peers on the semantic web. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 118–132. Springer, Heidelberg (2004)
Persiano, P., Visconti, I.: User privacy issues regarding certificates and the tls protocol. In: Conference on Computer and Communications Security, Athens (November 2000)
Ribeiro, C., Guedes, P.: Spl: An access control language for security policies with complex constraints (1999)
Shum, S.B., Motta, E., Domingue, J.: Scholonto: an ontology-based digital library server for research documents and discourse. Int. J. on Digital Libraries 3(3), 237–248 (2000)
Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nejdl, W., Olmedilla, D., Winslett, M., Zhang, C.C. (2005). Ontology-Based Policy Specification and Management. In: Gómez-Pérez, A., Euzenat, J. (eds) The Semantic Web: Research and Applications. ESWC 2005. Lecture Notes in Computer Science, vol 3532. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11431053_20
Download citation
DOI: https://doi.org/10.1007/11431053_20
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26124-7
Online ISBN: 978-3-540-31547-6
eBook Packages: Computer ScienceComputer Science (R0)