Semantic Web Policies – A Discussion of Requirements and Research Issues

  • P. A. Bonatti
  • C. Duma
  • N. Fuchs
  • W. Nejdl
  • D. Olmedilla
  • J. Peer
  • N. Shahmehri
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4011)


Policies are pervasive in web applications. They play crucial roles in enhancing security, privacy and usability of distributed services. There has been extensive research in the area, including the Semantic Web community, but several aspects still exist that prevent policy frameworks from widespread adoption and real world application. This paper discusses important requirements and open research issues in this context, focusing on policies in general and their integration into trust management frameworks, as well as on approaches to increase system cooperation, usability and user-awareness of policy issues.


Integrated heterogeneous policies Cooperative policy enforcement Lightweight trust Trust management Natural language interfaces Explanation mechanisms 


  1. 1.
    Becker, M.Y., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks, Yorktown Heights (June 2004)Google Scholar
  2. 2.
    Blaze, M., Feigenbaum, J., Strauss, M.: Compliance Checking in the PolicyMaker Trust Management System. In: Financial Cryptography, British West Indies (February 1998)Google Scholar
  3. 3.
    Bonatti, P.A., Shahmehri, N., Duma, C., Olmedilla, D., Nejdl, W., Baldoni, M., Baroglio, C., Martelli, A., Patti, V., Coraggio, P., Antoniou, G., Peer, J., Fuchs, N.E.: Rule-based policy specification: State of the art and future work. Technical report, Working Group I2, EU NoE REWERSE (August 2004),
  4. 4.
    Bonatti, P.A., Olmedilla, D., Peer, J.: Advanced policy queries. Technical Report I2-D4, Working Group I2, EU NoE REWERSE (August 2005),
  5. 5.
    Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002); Short version in the Proc. of the Conference on Computer and Communications Security (CCS 2000), Athens (2000)Google Scholar
  6. 6.
    Bonatti, P.A., Duma, C., Olmedilla, D., Shahmehri, N.: An integration of reputation-based and policy-based trust management. In: Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland (November 2005)Google Scholar
  7. 7.
    Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, June 2005, pp. 14–23. IEEE Computer Society Press, Los Alamitos (2005)CrossRefGoogle Scholar
  8. 8.
    da Silva, P.P., McGuinness, D.L., Fikes, R.: A proof markup language for semantic web services. Technical Report KSL Tech Report KSL-04-01 (January 2004)Google Scholar
  9. 9.
    Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K.E., Winslett, M.: No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  10. 10.
    Kolovski, V., Katz, Y., Hendler, J., Weitzner, D., Berners-Lee, T.: Towards a policy-aware web. In: Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland (November 2005)Google Scholar
  11. 11.
    Li, N., Winsborough, W., Mitchell, J.C.: Distributed Credential Chain Discovery in Trust Management (Extended Abstract). In: ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania (November 2001)Google Scholar
  12. 12.
    McGuinness, D.L., da Silva, P.P.: Explaining answers from the semantic web: The inference web approach. Journal of Web Semantics 1(4), 397–413 (2004)Google Scholar
  13. 13.
    McGuinness, D.L., da Silva, P.P.: Trusting answers from web applications. In: New Directions in Question Answering, pp. 275–286 (2004)Google Scholar
  14. 14.
    Rosenthal, A., Winslett, M.: Security of shared data in large systems: State of the art and research directions. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, Paris, France, June 13-18, 2004, pp. 962–964. ACM Press, New York (2004)CrossRefGoogle Scholar
  15. 15.
    Seamons, K., Winslett, M., Yu, T., Smith, B., Child, E., Jacobsen, J., Mills, H., Yu, L.: Requirements for Policy Languages for Trust Negotiation. In: 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, CA (June 2002)Google Scholar
  16. 16.
    Staab, S., Bhargava, B.K., Lilien, L., Rosenthal, A., Winslett, M., Sloman, M., Dillon, T.S., Chang, E., Hussain, F.K., Nejdl, W., Olmedilla, D., Kashyap, V.: The pudding of trust. IEEE Intelligent Systems 19(5), 74–88 (2004)CrossRefGoogle Scholar
  17. 17.
    Subrahmanian, V.S., Bonatti, P.A., Dix, J., Eiter, T., Kraus, S., Ozcan, F., Ross, R.: Heterogenous Active Agents. MIT Press, Cambridge (2000)Google Scholar
  18. 18.
    Subrahmanian, V.S., Adali, S., Brink, A., Emery, R., Lu, J.J., Rajput, A., Rogers, T.J., Ross, R., Ward, C.: Hermes: Heterogeneous reasoning and mediator system,
  19. 19.
    Swartout, W., Paris, C., Moore, J.: Explanations in knowledge systems: Design for explainable expert systems. IEEE Expert: Intelligent Systems and Their Applications 6(3), 58–64 (1991)Google Scholar
  20. 20.
    Tanner, M.C., Keuneke, A.M.: Explanations in knowledge systems: The roles of the task structure and domain functional models. IEEE Expert: Intelligent Systems and Their Applications 6(3), 50–57 (1991)Google Scholar
  21. 21.
    Wick, M.R.: Second generation expert system explanation. In: David, J.-M., Krivine, J.-P., Simmons, R. (eds.) Second Generation Expert Systems. LNCS, pp. 614–640. Springer, Heidelberg (1993)Google Scholar
  22. 22.
    Winsborough, W., Seamons, K., Jones, V.: Negotiating Disclosure of Sensitive Credentials. In: Second Conference on Security in Communication Networks, Amalfi, Italy (September 1999)Google Scholar
  23. 23.
    Winsborough, W., Seamons, K., Jones, V.: Automated Trust Negotiation. In: DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC (January 2000)Google Scholar
  24. 24.
    Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: Negotiating trust on the web. IEEE Internet Computing 6(6), 30–37 (2002)CrossRefGoogle Scholar
  25. 25.
    Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6(1), 1–42 (2003)CrossRefzbMATHGoogle Scholar
  26. 26.
    Zhang, C., Bonatti, P.A., Winslett, M.: Peeraccess: A logic for distributed authorization. In: 12th ACM Conference on Computer and Communication Security (CCS 2005), Alexandria, VA, USA. ACM Press, New York (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • P. A. Bonatti
    • 1
  • C. Duma
    • 2
  • N. Fuchs
    • 3
  • W. Nejdl
    • 4
  • D. Olmedilla
    • 4
  • J. Peer
    • 5
  • N. Shahmehri
    • 2
  1. 1.Università di Napoli Federico IINapoliItaly
  2. 2.Linköpings universitetLinköpingsSweden
  3. 3.University of ZurichZurichSwitzerland
  4. 4.L3S Research Center and University of HanoverHanoverGermany
  5. 5.St. Gallen UniversitySt. GallenSwitzerland

Personalised recommendations