Presentation - Department of Computer Science and Electrical
Download
Report
Transcript Presentation - Department of Computer Science and Electrical
Design and Application of Rule Based
Access Control Policies
Huiying Li, Xiang Zhang, Honghan Wu & Yuzhong Qu
[email protected]
Dept. Computer Science & Engineering
Southeast University, China
Nov. 2, 2005
1
Outline
Our Idea
Semantic Web Rule Language
Model Design
Use Cases
Conclusion and Future Work
Nov. 2, 2005
2
Our Idea
Requirements of WonderSpace
Express access control policies with powerful
expressive ability.
Semantic Web Rule Language (SWRL)
A Horn clause rules extension to OWL
proposed in 2004.
Nov. 2, 2005
3
What is the Idea
Express access control policies based on
OWL and SWRL
OWL: ontology
SWRL: rule
Friend of a Friend (FOAF)
Information about people
Nov. 2, 2005
4
Semantic Web Rule Language
SWRL extends OWL DL by adding a
simple form of Horn-style rules for the
purpose of enhancing expressive ability
The form of a rule
antecedent consequent.
Nov. 2, 2005
5
Semantic Web Rule Language
The antecedent and consequent of a rule
consist of zero or more atoms.
Atoms can be the form of C(x), P(x, y),
Q(x, z), sameAs(x, y) or differentFrom(x,
y)
An typical example:
parent(?a, ?b) brother(?b, ?c)
uncle(?a, ?c). It is true in China…
Nov. 2, 2005
6
Model Design - Ontology
Assertion about what kinds of agents are
permitted/prohibited to access to what
kinds of resources
Nov. 2, 2005
7
Model Design - Ontology
Nov. 2, 2005
8
Model Design - Ontology
Nov. 2, 2005
9
Model Design - Rule
Give more explicit meaning to properties
member(?z, ?x) member(?z, ?y)
Person(?x) Person(?y)
sameGroupOf(?x, ?y)
Nov. 2, 2005
10
Model Design - Rule
Express access control policies
member(wonderspace, ?x)
isPermittedtoRead(?x, somePaper)
Nov. 2, 2005
11
Use Case
Jack published a note about a project plan and
asserted that the members of WonderSpace
group could read this plan, while the members
of his group could edit it online.
member(?z, ?x) member(?z, ?y) Person(?x)
Person(?y) sameGroupOf(?x, ?y)
memberOf(?x,WonderSpace) isPermittedtoRead (?x,
plan),
sameGroupOf(?y, Jack) isPermittedtoEdit(?y, plan).
Nov. 2, 2005
12
Conclusion and Future Work
Prove Our Concept:
OWL + SWRL for Access Control Policy
Policy Confliction
Policy Enforcement
Trustworthy of the information source
Operational semantics of the policy language.
Nov. 2, 2005
13
Main References
I. Horrocks, P. F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, and
M. Dean: SWRL: A semantic web rule language combining owl and
ruleml. W3C Member Submission, 21 May 2004.
J. M. Bradshaw, S. Dutfield, P. Benoit, and J. D. Woolley:KAoS:
Toward An Industrial-Strength Open Agent Architecture. Software
Agents, J.M. Bradshaw (ed.), AAAI Press (1997) 375-418
L. Kagal, T. Finin, and A. Joshi: A policy language for a pervasive
computing environment. IEEE 4th International Workshop on Policies
for Distributed Systems and Networks (2003).
P.F. Patel-Schneider, P. Hayes, I. Horrocks (eds.): OWL: Web
Ontology Language Semantics and Abstract Syntax. W3C
Recommendation 10 February 2004.
P. Hayes (ed.): RDF Semantics. W3C Recommendation 10 February
2004.
Nov. 2, 2005
14
Thank you !
Nov. 2, 2005
15