Trustworthy Semantic Webs

1
Trustworthy Semantic Webs

• Dr. Bhavani Thuraisingham
• The University of Texas at Dallas
• Lecture 3
• Semantic Web, Web Services and Security

2
Outline

• Todays Web
• From web to semantic web
• Applications and Technologies
• Layered Approach
• Web Services Introduction

3
Todays Web

• High recall, low precision Too many web pages
  resulting in searches, many not relevant
• Sometimes low recall
• Results sensitive to vocabulary Different words
  even if they mean the same thing do not results
  in same web pages
• Results are single web pages not linked web pages

4
From Todays Web to the Semantic Web

• Machine understandable web pages
• Activities on the web such as searching with
  little or no human intervention
• Technologies for knowledge management,
  e-commerce, interoperability
• Solutions to the problems faced by todays web
• Retrieving appropriate web pages, sensitive to
  vocabulary etc.
• Semantic web applications including

5
Layered Approach Tim Berners Lees
Visionwww.w3c.org
6
Applications Web Services

• Web Services refers to the technologies that
  allow for making connections.
• Services are what you connect together using Web
  Services.
• A service is the endpoint of a connection.
• Also, a service has some type of underlying
  computer system that supports the connection
  offered.
• The combination of services - internal and
  external to an organization - make up a
  service-oriented architecture. 

7
Knowledge Management

• Corporation Need
• Searching, extracting and maintaining
  information, uncovering hidden dependencies,
  viewing information
• Semantic web for knowledge management
• Organizing knowledge, automated tools for
  maintaining knowledge, question answering,
  querying multiple documents, controlling access
  to documents

8
Business to Consumer E-Commerce

• Users shopping on the web wrapper technology is
  used to extract information about user
  preferences etc. and display the products to the
  user
• Use of semantic web Develop software agents that
  can interpret privacy requirements, pricing and
  product information and display timely and
  correct information to the use also provides
  information about the reputation of shops
• Future negotiation among the behalf of the user

9
Business to Business E-Commerce

• Organizations work together and carrying out
  transactions such as collaborating on a product,
  supply chains etc. With todays web lack of
  standards for data exchange
• Use of semantic web XML is a big improvement,
  but need to agree on vocabulary. Future will be
  the use of ontologies to agree on meanings and
  interpretations

10
Personal Agents

• Agents are essentially processes that have
  evolved from object-oriented programming agent
  is an active objects
• Agents will use metadata to find resources on the
  web ontologies will be used to interpret
  statements logic will be used for drawing
  conclusions
• Agents will not completely replace humans but
  will make the tasks of the humans much easier.
• Example John is a president of a company. He
  needs to have a surgery for a serious but not a
  critical illness. With current web he has to
  check each web page for relevant information,
  make decisions depending on the information
  provided
• With the semantic web, the agent will retrieve
  all the relevant information, synthesize the
  information, ask John if needed, and then present
  the various options to John and also makes
  recommendations

11
Semantic Web Technologies

• Explicit metadata
• XML, RDF, etc.
• Ontologies (e.g, OWL)
• Logic/Rules (e.g., RuleML, SWRL)

12
Explicit metadata

• Metadata is data about data
• Need metadata to be explicitly specified so that
  different groups and organizations will know what
  is on the web
• Using metadata, one can then carry out various
  activities such as searching, integration and
  executing actions
• Metadata specification languages include XML and
  RDF

13
Ontologies

• Explicit and formal specification of
  conceptualization describes a domain of discourse
• Consists of concepts and prelateships between
  them
• Web searches can exploit ontologies to facilitate
  the search process
• Ontology languages include XML, RDF, OWL

14
Ontology Engineering?

• Tools and Techniques to
• Create Ontologies
• Specify Ontologies
• Maintain Ontologies
• Query Ontologies
• Evolve Ontologies
• Reuse Ontologies
• Incorporate features such as security, data
  quality, integrity

15
Logic

• Logic can be used to specify facts as well as
  rules
• New facts and derived from existing facts based
  on the inference rules
• Descriptive Logic is the type of logic that has
  been developed for semantic web applications
• Example Logic-based languages SWRL, RuleML
• Semantic web vs. Artificial Intelligence
• Goal of Artificial Intelligence is to build an
  intelligent agent exhibiting human-level
  intelligence
• Goal of the semantic web is to enable machine
  understandable web pages

16
Overview of Web Services

• Service Oriented Architectures
• Web Services Description Language
• UDDI
• SOAP
• WSDL with XML
• Security
• OASIS
• Federated identity

17
Service Oriented Architectures (SOA)

• A service-oriented architecture is essentially a
  collection of services. These services
  communicate with each other.
• A service is a function that is well-defined,
  self-contained, and does not depend on the
  context or state of other services
• The communication can involve either simple data
  passing or it could involve two or more services
  coordinating some activity. Some means of
  connecting services to each other is needed.
• The technology of web services is the most likely
  connection technology of service-oriented
  architectures. Web services essentially use XML
  Technology create a robust connection.
• A service consumer sends a service request
  message to a service provider The service
  provider returns a response message to the
  service consumer.
• The request and subsequent response connections
  are defined in some way that is understandable to
  both the service consumer and service provider.
• A service provider can also be a service
  consumer. 

18
Web Services
BusinessEntity
ltdsigSignaturegt
tModel
BusinessService
PublisherAssertion
BindingTemplate
Service provider
19
Web Services Description Language

• The Web Services Description Language (WSDL)
  forms the basis for Web Services. The steps
  involved in providing and consuming a service
  are
• A service provider describes its service using
  WSDL. This definition is published to a directory
  of services. The directory could use Universal
  Description, Discovery, and Integration (UDDI).
  Other forms of directories can also be used.
• A service consumer issues one or more queries to
  the directory to locate a service and determine
  how to communicate with that service. 
• Part of the WSDL provided by the service provider
  is passed to the service consumer. This tells the
  service consumer what the requests and responses
  are for the service provider.
• The service consumer uses the WSDL to send a
  request to the service provider.
• The service provider provides the expected
  response to the service consumer.

20
UDDI

• The UDDI registry is intended to eventually serve
  as a means of "discovering" Web Services
  described using WSDL .
• The idea is that the UDDI registry can be
  searched in various ways to obtain contact
  information and the Web Services available for
  various organizations.
• UDDI registry is a way to keep up-to-date on the
  Web Services your organization currently uses
• Alternative to UDDI is ebXML Directory

21
SOAP

• All the messages are sent using SOAP. (SOAP at
  one time stood for Simple Object Access Protocol
  Now, the letters in the acronym have no
  particular meaning .)
• SOAP essentially provides the envelope for
  sending the Web Services messages.
• SOAP generally uses HTTP , but other means of
  connection may be used.
• HTTP is the familiar connection we all use for
  the Internet.
• It is the pervasiveness of HTTP connections that
  will help drive the adoption of Web Services.

22
WDSL with XML

• WSDL uses XML to define messages.
• XML has a tagged message format.
• Both the service provider and service consumer
  use these tags.
• In fact, the service provider could send the data
  in any order.
• The service consumer uses the tags and not the
  order of the data to get the data values.

23
Security

• Security and authorization specifications
  include
• eXtensible Access Control Markup Language (XACML)
• eXtensible Rights Markup Language (XrML)
• Security Assertion Markup Language (SAML)
• Service Protection Markup Language (SPML)
• Web Services Security (WSS)
• XML Common Biometric Format (XCBF)
• XML Key Management Specification (XKMS)

24
Security

• Firewalls
• Specialized XML firewalls offer the promise of
  protecting internal systems when using Web
  Services.
• Traditional firewalls offer protection at the
  packet level and do not examine the contents of
  messages.
• XML firewalls, on the other hand, examine the
  contents of messages. This includes the SOAP
  headers and the XML content.
• They are designed to permit authorized content to
  pass through the firewall.

25
Security Examples XACML, SAML, WSS

• XACML (OASIS Spec)
• eXtensible Access Control Markup Language (XACML)
  provides fine grained control of authorized
  activities, the effect of characteristics of the
  access requestor, the protocol over which the
  request is made, authorization based on classes
  of activities, and content introspection.
• SAML (OASIS Spec)
• It is an XML framework for exchanging
  authentication and authorization information. It
  is used with WSS
• WSS (OASIS Spec)
• It describes enhancements to SOAP messaging in
  order to provide quality of protection through
  message integrity, and single message
  authentication. These mechanisms can be used to
  accommodate a wide variety of security models and
  encryption technologies.

26
OASIS

• Organization for the Advancement of Structured
  Information Standards (OASIS)
• OASIS is a not-for-profit, global consortium that
  drives the development, convergence, and adoption
  of e-business standards.
• Members themselves set the OASIS technical
  agenda, using a lightweight, open process
  expressly designed to promote industry consensus
  and unite disparate efforts.
• OASIS produces worldwide standards for security,
  Web Services, XML conformance, business
  transactions, electronic publishing, topic maps,
  and interoperability within and between
  marketplaces. OASIS also hosts XML.org, which
  provides information about the application of
  XML, and The Cover Pages which is a reference
  collection supporting the SGML/XML family of
  markup language standards and their application.

27
Federated Identity

• Federated identity allows users to link identity
  information between accounts without centrally
  storing personal information.
• Also, users can control when and how their
  accounts and attributes are linked and shared
  between domains and Service Providers, allowing
  for greater control over their personal data.
• In practice, this means that users can be
  authenticated by one company or Web site and be
  recognized and delivered personalized content and
  services in other locations without having to
  re-authenticate or sign on with a separate
  username and password. 
• Standards include Identity Web Services Framework
  (I-WSF)