Security and Privacy on the Semantic Web

  • Daniel Olmedilla
Part of the Data-Centric Systems and Applications book series (DCSA)


The semantic Web aims to enable sophisticated and autonomic machine-to-machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate automatic access to sensitive information. Policy-based access control provides sophisticated means to support the protection of sensitive resources and information disclosure. This chapter provides an introduction to policy-based security and privacy protection by analyzing several existing policy languages. Furthermore, it shows how these languages can be used in a number of semantic Web scenarios.


Credit Card Policy Language Trust Management Horn Clause Access Control Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    T. Berners-Lee, J. Hendler, and O. Lassila. The Semantic Web. Scientific American, May 2001.Google Scholar
  2. 2.
    G. Antoniou, M. Baldoni, P.A. Bonatti, W. Nejdl, and D. Olmedilla. Rule-based policy specification. In Ting Yu and Sushil Jajodia, editors, Decentralized Data Management Security. Springer, 2006.Google Scholar
  3. 3.
    M. Blaze, J. Feigenbaum, and A.D. Keromytis. Keynote: Trust management for public-key infrastructures (position paper). In Security Protocols, 6th International Workshop, volume 1550 of LNCS, pages 59–63, Cambridge, April, 1998. Springer.Google Scholar
  4. 4.
    M. Blaze, J. Feigenbaum, and M. Strauss. Compliance checking in the policymaker trust management system. In Financial Cryptography, Second International Conference, volume 1465 of LNCS, pages 254–274, Anguilla, British West Indies, February 1998. Springer.Google Scholar
  5. 5.
    A. Uszok, J.M. Bradshaw, R. Jeffers, N. Suri, P.J. Hayes, M.R. Breedy, L. Bunch, M. Johnson, S. Kulkarni, and J. Lott. KAoS policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In POLICY, page 93, 2003.Google Scholar
  6. 6.
    L. Kagal, T.W. Finin, and A. Joshi. A policy based approach to security for the semantic web. In The Semantic Web-ISWC 2003, Second International Semantic Web Conference, Sanibel Island, FL, USA, October 20–23, 2003, Proceedings, LNCS, pages 402–418. Springer, 2003.Google Scholar
  7. 7.
    R. Gavriloaie, W. Nejdl, D. Olmedilla, K.E. Seamons, and M. Winslett. No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In 1st European Semantic Web Symposium (ESWS 2004), volume 3053 of LNCS, pages 342–356, Heraklion, Crete, Greece, May 2004. Springer.Google Scholar
  8. 8.
    M.Y. Becker and P. Sewell. Cassandra: Distributed access control policies with tunable expressiveness. In 5th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2004), 7–9 June 2004, Yorktown Heights, NY, USA, pages 159–168. IEEE Computer Society, 2004.Google Scholar
  9. 9.
    P. A. Bonatti and D. Olmedilla. Driving and monitoring provisional trust negotiation with metapolicies. In 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), pages 14–23, Stockholm, Sweden, 2005. IEEE Computer Society.Google Scholar
  10. 10.
    G. Tonti, J.M. Bradshaw, R. Jeffers, R. Montanari, N. Suri, and A. Uszok. Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei, and Ponder. In International Semantic Web Conference, pages 419–437, 2003.Google Scholar
  11. 11.
    L. Kagal, M. Paolucci, N. Srinivasan, G. Denker, T. W. Finin, and K.P. Sycara. Authorization and privacy for semantic web services. IEEE Intelligent Systems, 19(4):50–56, 2004.CrossRefGoogle Scholar
  12. 12.
    K. Taveter and G. Wagner. Agent-oriented enterprise modeling based on business rules. In ER’ 01: Proceedings of the 20th International Conference on Conceptual Modeling, pages 527–540. Springer-Verlag, 2001.Google Scholar
  13. 13.
    W.H. Winsborough, K.E. Seamons, and V.E. Jones. Automated trust negotiation. DARPA Information Survivability Conference and Exposition, IEEE Press, Jan 2000.Google Scholar
  14. 14.
    W. Nejdl, D. Olmedilla, M. Winslett, and C.C. Zhang. Ontology-based policy specification and management. In 2nd European Semantic Web Conference (ESWC), volume 3532 of LNCS, pages 290–302, Heraklion, Crete, Greece, May 2005. Springer.Google Scholar
  15. 15.
    M. Richardson, R. Agrawal, and P. Domingos. Trust management for the semantic web. In The Semantic Web-ISWC 2003, Second International Semantic Web Conference, Sanibel Island, FL, USA, October 20–23, 2003, Proceedings, LNCS, pages 351–368. Springer, 2003.Google Scholar
  16. 16.
    J. Golbeck and J.A. Hendler. Accuracy of metrics for inferring trust and reputation in semantic web-based social networks. In Engineering Knowledge in the Age of the Semantic Web, 14th International Conference, EKAW 2004, Whittle-bury Hall, UK, October 5–8, 2004, Proceedings, LNCS, pages 116–131. Springer, 2004.Google Scholar
  17. 17.
    J. Golbeck, B. Parsia, and J.A. Hendler. Trust networks on the semantic web. In Cooperative Information Agents VII, 7th International Workshop, CIA 2003, Helsinki, Finland, August 27–29, 2003, Proceedings, LNCS, pages 238–249. Springer, 2003.Google Scholar
  18. 18.
    J.M. Bradshaw, A. Uszok, R. Jeffers, N. Suri, P. J. Hayes, M.H. Burstein, A. Acquisti, B. Benyo, M. R. Breedy, M.M. Carvalho, D.J. Diller, M. Johnson, S. Kulkarni, J. Lott, M. Sierhuis, and R. van Hoof. Representation and reasoning for DAML-based policy and domain services in KAoS and nomads. In The Second International Joint Conference on Autonomous Agents & Multiagent Systems (AAMAS), Melbourne, Victoria, Australia, July 2003.Google Scholar
  19. 19.
    M. Dean and G. Schreiber. OWL web ontology language reference, 2004.Google Scholar
  20. 20.
    F. Baader, D. Calvanese, D.L. McGuinness, D. Nardi, and P.F. Patel-Schneider, editors. The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, 2003.Google Scholar
  21. 21.
    L. Kagal. A Policy-Based Approach to Governing Autonomous Behaviour in Distributed Environments. PhD thesis, University of Maryland Baltimore County, 2004.Google Scholar
  22. 22.
    P. Bonatti and P. Samarati. Regulating Service Access and Information Release on the Web. In Conference on Computer and Communications Security (CCS’00), Athens, November 2000.Google Scholar
  23. 23.
    N. Li and J.C. Mitchell. RT: A Role-based Trust-management Framework. In DARPA Information Survivability Conference and Exposition (DISCEX), Washington, D.C., April 2003.Google Scholar
  24. 24.
    J. Trevor and D. Suciu. Dynamically distributed query evaluation. In Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, Santa Barbara, CA, USA, May 2001.Google Scholar
  25. 25.
    M. Alves, C. Viegas Damásio, D. Olmedilla, and W. Nejdl. A distributed tabling algorithm for rule based policy systems. In 7th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2006), London, Ontario, Canada, 2006. IEEE Computer Society.Google Scholar
  26. 26.
    P. Kolari, L. Ding, S. Ganjugunte, A. Joshi, T.W. Finin, and L. Kagal. Enhancing web privacy protection through declarative policies. In 6th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), pages 57–66, Stockholm, Sweden, June 2005. IEEE Computer Society.Google Scholar
  27. 27.
    S. Staab, B.K. Bhargava, L. Lilien, A. Rosenthal, M. Winslett, M. Sloman, T.S. Dillon, E. Chang, F.K. Hussain, W. Nejdl, D. Olmedilla, and V. Kashyap. The pudding of trust. IEEE Intelligent Systems, 19(5):74–88, 2004.CrossRefGoogle Scholar
  28. 28.
    G. Denker, L. Kagal, T. W. Finin, M. Paolucci, and K.P. Sycara. Security for daml web services: Annotation and matchmaking. In The Semantic Web-ISWC 2003, Second International Semantic Web Conference, Sanibel Island, FL, USA, October 20–23, 2003, Proceedings, LNCS, pages 335–350. Springer, 2003.Google Scholar
  29. 29.
    D. Olmedilla, R. Lara, A. Polleres, and H. Lausen. Trust negotiation for semantic web services. In 1st International Workshop on Semantic Web Services and Web Process Composition (SWSWPC), volume 3387 of LNCS, pages 81–95, San Diego, CA, USA, July 2004. Springer.Google Scholar
  30. 30.
    Grid Security Infrastructure. Scholar
  31. 31.
    A. Uszok, J.M. Bradshaw, and R. Jeffers. Kaos: A policy and domain services framework for grid computing and semantic web services. In Trust Management, Second International Conference, iTrust 2004, Oxford, UK, March 29–April 1, 2004, Proceedings, LNCS, pages 16–26. Springer, 2004.Google Scholar
  32. 32.
    I. Constandache, D. Olmedilla, and W. Nejdl. Policy based dynamic negotiation for grid services authorization. In Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland, November 2005.Google Scholar
  33. 33.
    P.A. Bonatti, C. Duma, N. Fuchs, W. Nejdl, D. Olmedilla, J. Peer, and N. Shahmehri. Semantic Web policies-A discussion of requirements and research issues. In 3rd European Semantic Web Conference (ESWC), Lecture Notes in Computer Science, Budva, Montenegro, June 2006.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Daniel Olmedilla
    • 1
  1. 1.L3S Research Center and University of HannoverGermany

Personalised recommendations