The Policy-Aware Web: Privacy and Transparency on the Semantic Web - PowerPoint PPT Presentation

About This Presentation
Title:

The Policy-Aware Web: Privacy and Transparency on the Semantic Web

Description:

Title: Science and the Semantic Web Author: James Hendler Last modified by: James Hendler Created Date: 12/7/2005 4:29:08 AM Document presentation format – PowerPoint PPT presentation

Number of Views:170
Avg rating:3.0/5.0
Slides: 34
Provided by: JamesH145
Learn more at: http://dig.csail.mit.edu
Category:

less

Transcript and Presenter's Notes

Title: The Policy-Aware Web: Privacy and Transparency on the Semantic Web


1
The Policy-Aware Web Privacy and Transparency on
the Semantic Web
  • Jim Hendler
  • Hendler_at_cs.umd.edu
  • http//www.cs.umd.edu/hendler

2004 NSF National Priorities ITR to UMCP and MIT
(Hendler, Berners-Lee, Weitzner- PIs)
2
(No Transcript)
3
Access and Privacy Control
4
As we publish more info- how do we control access

Who can see What??
5
Current Policy Languages
  • A number of languages being explored
  • P3P (data-centric relational semantics -gt
    relational database)
  • WS-Policy (propositional, and or, but weak not)
  • Features and Properties (no operators, easier to
    map to RDF)
  • Combinators (choose one/all, similar to
    WS-Policy)
  • KaOS Policy and Domain Services
  • WSPL and EPAL (subsets of XACMLs)
  • XACML (and, or, not, first and higher order bag
    functions)
  • Rei (OWL-Lite logic-like variables)
  • A lot of ambiguity about exact expressivity and
    computational properties (or even the semantics!)

6
An example WS-Policy
  • WS-Policy provides a flexible grammar for
    expressing CC of web services
  • Normalized form (maybe to do non normalized)
  • Two translation approaches
  • Policies as Instances
  • Readable, but hard to capture semantics
  • Available at
  • http//mindswap.org/dav/ontologies/ws-policy_inst
    ance.owl
  • Policies as Classes
  • Translate WS-Policy constructs into OWL
    constructs
  • E.g., wspAll --gt owlintersectionOf

7
WS-Policy Example
  • ltwspPolicygt
  • ltwspExactlyOnegt
  • ltwspAllgt
  • ltwsseSecurityTokengt
  • ltwsseTokenTypegtwsseKerberosv5TGTlt/wsseTokenT
    ypegt
  • lt/wsseSecurityTokengt
  • lt/wspAllgt
  • ltwspAllgt
  • ltwsseSecurityTokengt
  • ltwsseTokenTypegtwsseX509v3lt/wsseTokenTypegt
  • lt/wsseSecurityTokengt
  • lt/wspAllgt
  • ltwspAllgt
  • ltwsseSecurityTokengt
  • ltwsseTokenTypegtwsseUserNameTokenlt/wsseTokenT
    ypegt
  • lt/wsseSecurityTokengt
  • lt/wspAllgt
  • lt/wspExactlyOnegt
  • lt/wspPolicygt

8
Mapping WS-Policy to OWL
  • all is easy its logical conjuction (i.e.,
    intersectionOf)
  • exactlyOne is harder, two readings
  • Older version oneOrMore
  • Inclusive OR, maps to owlunionOf
  • exactlyOne suggests XOR
  • Have to map to a disjunction of conjunctions
  • Quadratic increase in size of disjuncts
  • Ontology http//www.mindswap.org/dav/ontologies/p
    olicytest.owl

9
Example
  • _at_prefix owl lthttp//www.w3.org/2002/07/owlgt
    ._at_prefix policytest lthttp//www.mindswap.org/ko
    lovski/policytest.owlgt .policytestTestPolicy  
       a owlClass     owlintersectionOf     (    
            owlunionOf     (                policyte
    stSecurityTokenTypeUsernameToken               p
    olicytestSecurityTokenTypeX509               pol
    icytestSecurityTokenTypeKerberos )           
    owlcomplementOf                     owlunionOf 
        (                     owlintersectionOf     
    (                           policytestSecurityTo
    kenTypeUsernameToken                         
    policytestSecurityTokenTypeX509 )               
          owlintersectionOf     (                   
            policytestSecurityTokenTypeUsernameToken
                              policytestSecurityToken
    TypeKerberos )                     owlintersecti
    onOf     (                          
    policytestSecurityTokenTypeX509                 
             policytestSecurityTokenTypeKerberos )  )
        )  .

10
Use OWL tools
11
Policy Aware WEB
(NSF ITR Hendler, Berners-Lee, Weitzner 2005)
12
PAW demo
13
(No Transcript)
14
Use case A Web browser requests the home page
for a girl scout troop and is given it by a Web
server.
Web Server
Content
Demo
15
However, requests for images result in HTTP Error
401, Unauthorized
Web Server
401
Content
401
16
The 401 Unauthorized response has been modified
to provide a URL to a policy
HTTP/1.1 401 Not authorized Date Sat, 03 Dec
2005 153218 GMT Server TwistedWeb/2.0.1
Policy http//groups.csail.mit.edu/dig/2005/09/re
in/examples/troop42-policy.n3 Content-type
text/html charsetUTF-8 Connection
close 103220 ERROR 401 Not authorized.
Demo
17
Policies use linked rules
  • Example policies
  • Photos taken at meetings of the troop can be
    shared with any current member of the troop.
  • Photos taken at a jamboree can be shared with
    anyone in the troop or with anyone who attended
    the jamboree.
  • Photos of any girl in the troop can be shared
    with the world if that girl's parent has given
    permission

REQ a reinRequest. REQ reinresource PHOTO.
?F a TroopStuff logincludes PHOTO a
tPhoto tlocation LOC. LOC a
tMeeting . REQ reinrequester WHO. WHO
sessionsecret ?S. ?S cryptomd5 TXT. ?F a
TroopStuff logincludes tmember
is foafmaker of PG . LOC tattendee
is foafmaker of PG . PG logsemantics
logincludes PG foafmaker
sessionhexdigest TXT . gt WHO
httpcan-get PHOTO .
18
Rein "ontology"
19
Rein example
lthttp//dig.csail.mit.edu/2005/09/rein/examples/
troop42.rdfgt logsemantics ?F gt ?F a
TroopStuff . Photos take at meetings of the
troop can be shared with any current member
of the troop REQ a reinRequest. REQ
reinresource PHOTO. ?F a TroopStuff
logincludes PHOTO a tPhoto
tlocation LOC. LOC a tMeeting .
REQ reinrequester WHO. WHO sessionsecret ?S.
?S cryptomd5 TXT. ?F a TroopStuff
logincludes tmember is
foafmaker of PG . LOC tattendee is
foafmaker of PG . PG logsemantics
logincludes PG foafmaker
sessionhexdigest TXT . gt WHO
httpcan-get PHOTO . Photos taken at a
jamboree can be shared with anyone in the
troop or with anyone who attended the
jamboree. (i) anyone who is in the troop REQ
a reinRequest. REQ reinresource PHOTO. ?F a
TroopStuff logincludes PHOTO a tPhoto
tlocation LOC. LOC a tJamboree . REQ
reinrequester WHO. WHO sessionsecret ?S. ?S
cryptomd5 TXT. ?F a TroopStuff logincludes
tmember is foafmaker of PG . .
PG logsemantics logincludes PG
foafmaker sessionhexdigest TXT .
gt WHO httpcan-get PHOTO .
(ii) anyone who attended the jamboree REQ
a reinRequest. REQ reinresource PHOTO. ?F a
TroopStuff logincludes PHOTO a tPhoto
tlocation LOC. LOC a tJamboree . REQ
reinrequester WHO. WHO sessionsecret ?S. ?S
cryptomd5 TXT. ?F a TroopStuff logincludes
LOC tattendee is foafmaker of PG . .
PG logsemantics logincludes PG
foafmaker sessionhexdigest TXT .
gt WHO httpcan-get PHOTO .
The RDF/XML syntax is even worse
Authorability/Editability are important issues
Specialized use (cf. Creative Commons) a
partial out.
20
Use of the PAW proof-generation proxy results in
a proof which satisfies the policy
Web Server
Proof
Third-party services may be consulted to help
construct the proof.
Demo
21
  • The proxy
  • Uses Rein, a policy engine, to specify rules
    which match a given policy.
  • The Rein rules are run in Cwm, a forward-chaining
    reasoner for the Semantic Web. This generates a
    proof.
  • Proof is HTTP-PUT on the server, and a HTTP-GET
    on same document is then invoked (requires HTTP
    1.1)

Demo
22
The Web server checks the proof and serves the
content if it is valid.
Web Server
Content
Demo
23
  • The server
  • Uses Cwm to validate the proof.
  • Takes action based on validation (serves content
    or denies).

Demo
24
  • Current demo work
  • Get it working - Fix cwm proof generation
    (logsupports?)
  • Make use of multiple distributed authentication
    systems (instead of holding secrets in the
    proxy).
  • Associate content with RDF metadata and base
    policy decisions on the RDF (cf. policy 3)
  • Address issues of eventual integration of the
    proxy with a Web browser (e.g. cookie storage).
  • Extend system to "distributed" scenarios
    (different authorities hold parts of policy, may
    have own rules on access)

Demo
25
Open, Distributed Rules Challenges
  • Common Notation
  • "Small matter of standardization"
  • N3, SWRL, RuleML
  • Identity vs. privacy
  • How do you identify yourself w/o violating the
    very privacy concerns we hope to address?
  • Current identity schemes are centralized and
    universal
  • Can we do a distributed ID model (maybe email
    based)?
  • Inconsistency
  • In logic "P -P gt Q"
  • On Web it better not!
  • (Supported(Bush) --Supported(Bush)) gt you owe
    me 1000
  • Can we use a "non-standard" logic solution?

26
Another Cool thing
  • What is a rule of logic?
  • In traditional philosophy it relates to "Truth"
  • What is truth on the Web?
  • Ex How many cows are in Texas?
  • On the Web, we could use an idea of agreed upon
    rules, grounded at URI
  • Social definition of truth via shared contexts
  • Ex Because Mom said so

27
Conclusions
  • Information lives in specific contexts
  • The Semantic Web helps us place information into
    these (multiple) contexts.
  • Control of information requires control of
    contexts
  • Explication of policies
  • Linked in a Web-like way
  • Integrated directly into the Web
  • With extensions for rules and proofs
  • Is really hard
  • Issues of identity, inconsistency, grouding,
    change over time
  • But holds great potential
  • Personal Control of your information spaces
  • "Policy-Aware" Web project (joint between UMCP
    and MIT)
  • Goal make this real!

http//www.mindswap.org/hendler/2004/PAW.html
28
backup
29
Truth on Web Pages based on Heflin etal, 1998
  • Inference rules could be used to determine the
    credibility of claims
  • I might believe the claims made by a reliable
    Newspaper
  • Trustable(x) - x reliableNewspaper.
  • And I could establish the Washington Post as
    reliable...
  • i.e. I assert
  • http//www.washingtonpost.com owlclass
    reliableNewspaper.
  • or if I infer it
  • ReliableNewspaper(X) -gt
  • X owlclass ReliableNewspaperhttp//MediaWatchL
    ist.
  • (?) reliableNewspaper(X) -
  • X owlclass ReliableNewspaper src
    trusted(src).
  • The rules are "grounded" in a testable way
  • cf. If I can HTTP-get the fact, then it is
    asserted

30
Rule Sets could be shared
  • You can ground your sources
  • X - X src src owlclass TrustedSource
    http///myMomSet.rdf
  • Or infer trusted sources based on other rule sets
  • X - X src src owlclass TrustedSource
    http//ex.com/RushLimbaughSet.rdf
  • X - X src src owlclass TrustedSource
    http//ex.com/UnabomberRules.rdf
  • --( Xhttp//www.rushLimbaugh.com/truths.rdf)

31
Annotated Logic(in 25 words or less)
  • Traditional Logic
  • P -P gt Q (P and -P are inconsistent)
  • Annotated Logic
  • PX -PY are not inconsistent
  • PX -PX gt QX but not QY
  • PX -(PX) is inconsistent and must be avoided
    (but this is easily checked if inference of RHS
    is restricted)

32
On the Web
ltfoafPersongt ltfoafnamegtJim
Hendlerlt/foafnamegt ltfoaftitlegtDrlt/foaftitlegt
ltfoaffirstNamegtJimlt/foaffirstNamegt
ltfoafsurnamegtHendlerlt/foafsurnamegt
ltfoafmbox_sha1sumgt be972c7a602683f7cf3c7a1fd0
949c565debe4d3 lt/foafmbox_sha1sumgt
ltfoafhomepage rdfresource"http//www.cs.umd.edu
/hendler"/gt ltfoafdepiction
rdfresource"http//www.semanticgrid.org/q-iantbl
jim.jpg"/gt ltfoafworkplaceHomepage
rdfresource"http//owl.mindswap.org"/gt lt/foafPe
rsongt
ltfoafnamegtJim Hendlerlt/foafnamegt
http//www.cs.umd.edu/hendler/2003/foaf.rdf

http//www.cs.umd.edu/hendler/2003/foaf.rdf
  • Annotations represent document contexts
  • XY and -(XY) cannot co-occur (unless Web is
    broken)
  • (modulo temporal change, but that's another talk)

33
"Because it's there"
Write a Comment
User Comments (0)
About PowerShow.com