Rule-Based Access Control for Social Networks
Web-based social networks (WBSNs) are online communities where participants can establish relationships and share resources across the Web with other users. In recent years, several WBSNs have been adopting Semantic Web technologies, such as FOAF, for representing users’ data and relationships, making it possible to enforce information interchange across multiple WBSNs. Despite its advantages in terms of information diffusion, this raised the need of giving content owners more control on the distribution of their resources, which may be accessed by a community far wider than they expected.
In this paper, we present an access control model for WBSNs, where policies are expressed as constraints on the type, depth, and trust level of existing relationships. Relevant features of our model are the use of certificates for granting relationships’ authenticity, and the client-side enforcement of access control according to a rule-based approach, where a subject requesting to access an object must demonstrate that it has the rights of doing that.
KeywordsAccess Control Trust Level Access Control Policy Access Control Model Resource Owner
Unable to display preview. Download preview PDF.
- 1.Golbeck, J.A.: Computing and Applying Trust in Web-based Social Networks. PhD thesis, Graduate School of the University of Maryland, College Park (2005), http://trust.mindswap.org/papers/GolbeckDissertation.pdf
- 2.Brickley, D., Miller, L.: FOAF vocabulary specification. RDF Vocabulary Specification (2005), http://xmlns.com/foaf/0.1
- 3.Ding, L., Zhou, L., Finin, T.W., Joshi, A.: How the Semantic Web is being used: An analysis of FOAF documents. In: HICSS 2005 Proc. (2005)Google Scholar
- 5.Fitzpatrick, B.: OpenID 1.1. Technical Specification, OpenID (2005) http://www.openid.net/specs.bml
- 6.Weitzner, D.J., Hendler, J., Berners-Lee, T., Connolly, D.: Creating a policy-aware Web: Discretionary, rule-based access for the World Wide Web. In: Ferrari, E., Thuraisingham, B. (eds.) Web & Information Security, pp. 1–31. IDEA Group (2006)Google Scholar
- 7.Carminati, B., Ferrari, E., Perego, A.: The REL-X vocabulary. OWL Vocabulary (2006), http://www.dicom.uninsubria.it/~andrea.perego/vocs/relx.owl
- 8.Berners-Lee, T.: Notation 3 logic: An RDF language for the Semantic Web. W3C Draft, W3C (2005), http://www.w3.org/DesignIssues/N3Logic
- 9.Berners-Lee, T.: Cwm – A general purpose data processor for the Semantic Web. Project Web site, W3C (2006), http://www.w3.org/2000/10/swap/doc/cwm.html
- 10.Davis, I., Vitiello Jr., E.: RELATIONSHIP: A vocabulary for describing relationships between people. RDF Vocabulary Specification (2005), http://purl.org/vocab/relationship
- 11.Golbeck, J.A.: The trust ontology. OWL Vocabulary (2006), http://trust.mindswap.org/ont/trust.owl
- 12.REI: The rule markup initiative (2006) Project Web site, http://www.ruleml.org
- 13.Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A Semantic Web rule language combining OWL and RuleML. W3C Member Submission, W3C (2004), http://www.w3.org/Submission/SWRL