Abstract
The Semantic Web aims at enabling sophisticated and autonomic machine to machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the Semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate an automatic access to sensitive information. Policy-based access control provides sophisticated means in order to support protecting sensitive resources and information disclosure.
However, the term policy is often overloaded. A general definition might be “a statement that defines the behaviour of a system”. However, such a general definition encompasses different notions, including security policies, trust management policies, business rules and quality of service specifications, just to name a few. Researchers have mainly focussed on one or more of such notions separately but not on a comprehensive view. Policies are pervasive in web applications and play crucial roles in enhancing security, privacy, and service usability as well. Interoperability and self-describing semantics become key requirements and here is where Semantic Web comes into play. There has been extensive research on policies, also in the Semantic Web community, but there still exist some issues that prevent policy frameworks from being widely adopted by users and real world applications.
This document aims at providing an overall view of the state of the art (requirements for a policy framework, some existing policy frameworks languages, policy negotiation, context awareness, etc.) as well as open research issues in the area (policy understanding in a broad sense, integration of trust management, increase in system cooperation, user awareness, etc.) required to develop a successful Semantic Policy Framework.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Berners-Lee, T., Hendler, J., Lassila, O.: The Semantic Web. Scientific American (May 2001)
Antoniou, G., Baldoni, M., Bonatti, P.A., Nejdl, W., Olmedilla, D.: Rule-based policy specification. In: Yu, T., Jajodia, S. (eds.) Secure Data Management in Decentralized Systems. Advances in Information Security, vol. 33, Springer, Heidelberg (2007)
Blaze, M., Feigenbaum, J., Keromytis, A.D.: Keynote: Trust management for public-key infrastructures (position paper). In: Christianson, B., Crispo, B., Harbison, W.S., Roe, M. (eds.) Security Protocols. LNCS, vol. 1550, pp. 59–63. Springer, Heidelberg (1999)
Blaze, M., Feigenbaum, J., Strauss, M.: Compliance checking in the policymaker trust management system. In: Hirschfeld, R. (ed.) FC 1998. LNCS, vol. 1465, pp. 254–274. Springer, Heidelberg (1998)
Uszok, A., Bradshaw, J.M., Jeffers, R., Suri, N., Hayes, P.J., Breedy, M.R., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: KAoS policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In: POLICY, p. 93 (2003)
Kagal, L., Finin, T.W., Joshi, A.: A policy based approach to security for the semantic web. In: Fensel, D., Sycara, K.P., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003)
Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K.E., Winslett, M.: No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)
Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: POLICY 2005. 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, pp. 14–23. IEEE Computer Society Press, Los Alamitos (2005)
Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei, and Ponder. In: International Semantic Web Conference, pp. 419–437 (2003)
Kagal, L., Paolucci, M., Srinivasan, N., Denker, G., Finin, T.W., Sycara, K.P.: Authorization and privacy for semantic web services. IEEE Intelligent Systems 19(4), 50–56 (2004)
Taveter, K., Wagner, G.: Agent-oriented enterprise modeling based on business rules. In: Kunii, H.S., Jajodia, S., Sølvberg, A. (eds.) ER 2001. LNCS, vol. 2224, pp. 527–540. Springer, Heidelberg (2001)
Winsborough, W.H., Seamons, K.E., Jones, V.E.: Automated trust negotiation. In: DARPA Information Survivability Conference and Exposition, IEEE Press, Los Alamitos (2000)
Nejdl, W., Olmedilla, D., Winslett, M., Zhang, C.C.: Ontology-based policy specification and management. In: Gómez-Pérez, A., Euzenat, J. (eds.) ESWC 2005. LNCS, vol. 3532, pp. 290–302. Springer, Heidelberg (2005)
Bonatti, P.A., Duma, C., Fuchs, N., Nejdl, W., Olmedilla, D., Peer, J., Shahmehri, N.: Semantic web policies - a discussion of requirements and research issues. In: Sure, Y., Domingue, J. (eds.) ESWC 2006. LNCS, vol. 4011, Springer, Heidelberg (2006)
Olmedilla, D.: Security and privacy on the semantic web. In: Petkovic, M., Jonker, W. (eds.) Security, Privacy and Trust in Modern Data Management, Springer, Heidelberg (to appear, 2007)
Bradshaw, J.M., Uszok, A., Jeffers, R., Suri, N., Hayes, P.J., Burstein, M.H., Acquisti, A., Benyo, B., Breedy, M.R., Carvalho, M.M., Diller, D.J., Johnson, M., Kulkarni, S., Lott, J., Sierhuis, M., von Hoof, R.: Representation and reasoning for DAML-based policy and domain services in KAoS and nomads. In: The Second International Joint Conference on Autonomous Agents & Multiagent Systems (AAMAS), Melbourne, Victoria, Australia (2003)
Dean, M., Schreiber, G.: OWL web ontology language reference (2004)
Baader, F., Calvanese, D., McGuinness, D.L., Nardi, D., Patel-Schneider, P.F. (eds.): The Description Logic Handbook: Theory, Implementation, and Applications. Cambridge University Press, Cambridge (2003)
Kagal, L.: A Policy-Based Approach to Governing Autonomous Behaviour in Distributed Environments. PhD thesis, University of Maryland Baltimore County (2004)
Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web. In: CCS 2000. Conference on Computer and Communications Security, Athens (2000)
Li, N., Mitchell, J.C.: RT: A Role-based Trust-management Framework. In: DISCEX. DARPA Information Survivability Conference and Exposition, Washington, DC (2003)
Trevor, J., Suciu, D.: Dynamically distributed query evaluation. In: Proceedings of the twentieth ACM SIGMOD-SIGACT-SIGART Symposium on Principles of Database Systems, Santa Barbara, CA, USA, ACM, New York (2001)
Alves, M., Damásio, C.V., Nejdl, W., Olmedilla, D.: A distributed tabling algorithm for rule based policy systems. In: POLICY 2006. 7th IEEE International Workshop on Policies for Distributed Systems and Networks, London, Ontario, Canada, pp. 123–132. IEEE Computer Society, Los Alamitos (2006)
Bonatti, P.A., Olmedilla, D., Peer, J.: Advanced policy explanations on the web. In: ECAI 2006. 17th European Conference on Artificial Intelligence, Riva del Garda, Italy, pp. 200–204. IOS Press, Amsterdam (2006)
Kolari, P., Ding, L., Ganjugunte, S., Joshi, A., Finin, T.W., Kagal, L.: Enhancing web privacy protection through declarative policies. In: POLICY 2005. 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, pp. 57–66. IEEE Computer Society, Los Alamitos (2005)
Staab, S., Bhargava, B.K., Lilien, L., Rosenthal, A., Winslett, M., Sloman, M., Dillon, T.S., Chang, E., Hussain, F.K., Nejdl, W., Olmedilla, D., Kashyap, V.: The pudding of trust. IEEE Intelligent Systems 19(5), 74–88 (2004)
Denker, G., Kagal, L., Finin, T.W., Paolucci, M., Sycara, K.P.: Security for daml web services: Annotation and matchmaking. In: Fensel, D., Sycara, K.P., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)
Olmedilla, D., Lara, R., Polleres, A., Lausen, H.: Trust negotiation for semantic web services. In: Cardoso, J., Sheth, A.P. (eds.) SWSWPC 2004. LNCS, vol. 3387, pp. 81–95. Springer, Heidelberg (2005)
Grid Security Infrastructure, http://www.globus.org/security/overview.html
Uszok, A., Bradshaw, J.M., Jeffers, R.: Kaos: A policy and domain services framework for grid computing and semantic web services. In: Jensen, C., Poslad, S., Dimitrakos, T. (eds.) iTrust 2004. LNCS, vol. 2995, pp. 16–26. Springer, Heidelberg (2004)
Constandache, I., Olmedilla, D., Nejdl, W.: Policy based dynamic negotiation for grid services authorization. In: Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland (2005)
Li Gong: Inside Java 2 Platform Security: Architecture, API Design, and Implementation. Addison-Wesley, Reading (1999)
Gelfond, M., Lifschitz, V.: The stable model semantics for logic programming. In: Proc. of the 5th ICLP, pp. 1070–1080. MIT Press, Cambridge (1988)
Bertino, E., Ferrari, E., Buccafurri, F., Rullo, P.: A logical framework for reasoning on data access control policies. In: CSFW 1999. Proc. of the 12th IEEE Computer Security Foundations Workshop, pp. 175–189. IEEE Computer Society, Los Alamitos (1999)
Brewer, D.F.C., Nash, M.J.: The chinese wall security policy. In: IEEE Symposium on Security and Privacy, pp. 206–214. IEEE Computer Society Press, Los Alamitos (1989)
Palopoli, L., Zaniolo, C.: Polynomial-time computable stable models. Ann. Math. Artif. Intell. 17(3-4), 261–290 (1996)
Saccà, D., Zaniolo, C.: Stable models and non-determinism in logic programs with negation. In: PODS 1990. Proc. of the Ninth ACM SIGACT-SIGMOD-SIGART Symposium on Principles of Database Systems, pp. 205–217. ACM, New York (1990)
Apt, K.R., Blair, H.A., Walker, A.: Towards a theory of declarative knowledge. In: Foundations of Deductive Databases and Logic Programming, pp. 89–148. Morgan Kaufmann, San Francisco (1988)
Bonatti, P.A., Shahmehri, N., Duma, C., Olmedilla, D., Nejdl, W., Baldoni, M., Baroglio, C., Martelli, A., Patti, V., Coraggio, P., Antoniou, G., Peer, J., Fuchs, N.E.: Rule-based policy specification: State of the art and future work. Technical report, Working Group I2, EU NoE REWERSE (August 2004), http://rewerse.net/deliverables/i2-d1.pdf
Subrahmanian, V.S., Adali, S., Brink, A., Emery, R., Lu, J.J., Rajput, A., Rogers, T.J., Ross, R., Ward, C.: Hermes: Heterogeneous reasoning and mediator system, http://www.cs.umd.edu/projects/publications/abstracts/hermes.html
Subrahmanian, V.S., Bonatti, P.A., Dix, J., Eiter, T., Kraus, S., Ozcan, F., Ross, R.: Heterogenous Active Agents. MIT Press, Cambridge (2000)
Rosenthal, A., Winslett, M.: Security of shared data in large systems: State of the art and research directions. In: Proceedings of the ACM SIGMOD International Conference on Management of Data, Paris, France, June 13-18, 2004, pp. 962–964. ACM, New York (2004)
Bonatti, P.A., Duma, C., Olmedilla, D., Shahmehri, N.: An integration of reputation-based and policy-based trust management. In: Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Ireland (2005)
Blaze, M., Feigenbaum, J., Strauss, M.: Compliance Checking in the PolicyMaker Trust Management System. In: Financial Cryptography, British West Indies (February 1998)
Bonatti, P.A., Samarati, P.: A uniform framework for regulating service access and information release on the web. Journal of Computer Security 10(3), 241–272 (2000)
Winsborough, W., Seamons, K., Jones, V.: Negotiating Disclosure of Sensitive Credentials. In: Second Conference on Security in Communication Networks, Amalfi, Italy (September 1999)
Winsborough, W., Seamons, K., Jones, V.: Automated Trust Negotiation. In: DARPA Information Survivability Conference and Exposition, Hilton Head Island, SC (2000)
Winslett, M., Yu, T., Seamons, K.E., Hess, A., Jacobson, J., Jarvis, R., Smith, B., Yu, L.: Negotiating trust on the web. IEEE Internet Computing 6(6), 30–37 (2002)
Yu, T., Winslett, M., Seamons, K.E.: Supporting structured credentials and sensitive policies through interoperable strategies for automated trust negotiation. ACM Trans. Inf. Syst. Secur. 6(1), 1–42 (2003)
Becker, M.Y., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: 5th IEEE International Workshop on Policies for Distributed Systems and Networks, Yorktown Heights (2004)
Seamons, K., Winslett, M., Yu, T., Smith, B., Child, E., Jacobsen, J., Mills, H., Yu, L.: Requirements for Policy Languages for Trust Negotiation. In: 3rd International Workshop on Policies for Distributed Systems and Networks, Monterey, CA (2002)
Li, N., Winsborough, W., Mitchell, J.C.: Distributed Credential Chain Discovery in Trust Management (Extended Abstract). In: ACM Conference on Computer and Communications Security, Philadelphia, Pennsylvania, ACM, New York (2001)
Zhang, C., Bonatti, P.A., Winslett, M.: Peeraccess: A logic for distributed authorization. In: CCS 2005. 12th ACM Conference on Computer and Communication Security, Alexandria, VA, USA, ACM Press, New York (2005)
McGuinness, D.L., da Silva, P.P.: Explaining answers from the semantic web: The inference web approach. Journal of Web Semantics 1(4), 397–413 (2004)
McGuinness, D.L., da Silva, P.P.: Trusting answers from web applications. In: New Directions in Question Answering, pp. 275–286 (2004)
da Silva, P.P., McGuinness, D.L., Fikes, R.: A proof markup language for semantic web services. Technical Report KSL Tech Report KSL-04-01 (January 2004)
Swartout, W., Paris, C., Moore, J.: Explanations in knowledge systems: Design for explainable expert systems. IEEE Expert: Intelligent Systems and Their Applications 6(3), 58–64 (1991)
Tanner, M.C., Keuneke, A.M.: Explanations in knowledge systems: The roles of the task structure and domain functional models. IEEE Expert: Intelligent Systems and Their Applications 6(3), 50–57 (1991)
Wick, M.R.: Second generation expert system explanation. In: David, J.-M., Krivine, J.-P., Simmons, R. (eds.) Second Generation Expert Systems, pp. 614–640. Springer, Heidelberg (1993)
Kolovski, V., Katz, Y., Hendler, J., Weitzner, D., Berners-Lee, T.: Towards a policy-aware web. In: Semantic Web Policy Workshop in conjunction with 4th International Semantic Web Conference, Galway, Ireland (2005)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Bonatti, P.A., Olmedilla, D. (2007). Rule-Based Policy Representation and Reasoning for the Semantic Web. In: Antoniou, G., et al. Reasoning Web. Reasoning Web 2007. Lecture Notes in Computer Science, vol 4636. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74615-7_4
Download citation
DOI: https://doi.org/10.1007/978-3-540-74615-7_4
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-74613-3
Online ISBN: 978-3-540-74615-7
eBook Packages: Computer ScienceComputer Science (R0)