Authorization and Privacy for Semantic Web Services

1
Authorization and Privacy for Semantic Web
Services

• Lalana Kagal, Tim Finin (UMBC)
• Grit Denker (SRI)
• Massimo Paolucci, Naveen Srinivasan, Katia
  Sycara (CMU)

2
Purpose

• Integrate security into semantic web services
• Security levels
• Specification
• Enforcement
• Security requirements include authorization,
  authentication, data integrity, delegation,
  trust, privacy, and more.
• GOAL to provide security annotations for web
  services at high abstraction levels to enable
  reasoning, matchmaking, execution, composition,
  etc.

3
Previous Work

• Extension of OWL-S profile
• Capabilities and requirements associated with
  both services and requesters
• Ontology for describing security protocols and
  credentials
• Security Reasoner matched over security
  requirements and capabilities
• OWL-S MatchMaker SecurityReasoner clients and
  services matched over functional and security

4
Previous Work
A Web Service
Matchmaker Security Reasoner
Agent

• Functional matching
• Security matching

Req Encryption Cap XKMS
Req Authentication, XML Cap OpenPGP
5
Why is this not enough ?

• Authorization only based on
• Protocols
• Credentials (login/password, certificate)
  required
• Need more expressive policies
• Based on attributes of requester, service and
  other context
• Did not handle privacy at all
• Should be able to handle prohibitions as well
• E.g.. No undergraduate student should be able to
  access this service

6
Current Idea

• Policy-based security infrastructure
• Why policies ?
• More expressive, not just requirements and
  capabilities
• Can be over different attributes of the
  Requester, Service, and Context
• Authorization
• Rules for access control
• Privacy
• Rules for protecting information

Policies Semantic Web Services
7
Example policies

• Authorization
• Policy 1 Stock service is not accessible after
  the market closes
• Policy 2 Only members of the LAIT lab who are
  Ph.D. students can use the LAIT lab laser printer
• Privacy/Confidentiality
• Policy 3 Do not disclose my my SSN
• Policy 4 Do not disclose my telephone number
• Policy 5 Do not use a service that doesnt
  encrypt all input/output
• Policy 6 Use only those services that required
  an SSN if it is encrypted

8
Our Approach

• Is mainly at the specification level
• Extension of OWL-S profile with an attribute for
  describing policies
• policyEnforced
• subPropertyOf securityRequirement which is a
  subproperty of profileparameter
• Range Policy in Rei ontology
• Ontology for describing cryptographic
  characteristics of service parameters
• Encrypted/Signed object

9
Our Approach (cont)

• Use of a policy specification language, Rei
• Authorization and Privacy Policy are subclasses
  of Policy in Rei
• Authorization policies are usually associated
  with services
• Privacy policies are usually associated with
  clients
• Algorithm for matching policies
• Integration of the algorithm into CMUs
  Matchmaker and OWL-S Virtual Machine (future
  work)

10
Rei Policy Language

• A declarative policy language for describing
  policies over actions
• Represented in RDF-S logic like variables
• Based on deontic concepts
• Right, Prohibition, Obligation and Dispensation
• Conflict resolution through the use of meta
  policy specifications

11
Rei Example

• All members of the LAIT lab have the right to use
  action printing
• Constraint
• ltconstraintSimpleConstraint rdfabout"labpolicy
  members_of_lait"
• constraintsubject"labpolicyvar1"
• constraintpredicate"univaffiliation"
• constraintobject"labpolicyLaitLab"/gt
• Right
• ltdeonticRight rdfabout"labpolicyright_to_prin
  tgt
• ltdeonticactor rdfresource"labpolicyvar1"/gt
• ltdeonticaction rdfresource"labpolicyprinting
  "/gt
• ltdeonticconstraint rdfresource"labpolicy
  members_of_lait "/gt
• lt/deonticRightgt

Unify
12
Example

• Mary is looking for a reservation service
• foaf description
• Confidentiality policy
• BravoAir is a reservation service
• OWL-S description
• Authorization policy
• Only users belonging to the same project as John
  can access the service

13
Mary

• lt!-- Mary's FOAF description --gt
• ltfoafPerson rdfID"mary"gt
• ltfoafnamegtMary Smithlt/foafnamegt
• ltfoaftitlegtMslt/foaftitlegt
• ltfoaffirstNamegtMarylt/foaffirstNamegt
• ltfoafsurnamegtSmithlt/foafsurnamegt
• ltfoafhomepage rdfresource"http//www.somewebsi
  te.com/marysmith.html"/gt
• ltfoafcurrentProject rdfresource"
  http//www.somewebsite.com/SWS-Project.rdf "/gt
• ltswspolicyEnforced rdfresource"maryConfident
  alityPolicy"/gt
• lt/foafPersongt
• lt/rdfRDFgt

14
Bravo Policy

• ltentityVariable rdfabout"bravo-policyvar1"/gt
• ltentityVariable rdfabout"bravo-policyvar2"/gt
• ltconstraintSimpleConstraint
• rdfabout"bravo-policyGetJohnProject"
• constraintsubject"johnJohn"
• constraintpredicate"foafcurrentProject"
• constraintobject"bravo-policyvar2"/gt
• ltconstraintSimpleConstraint
• rdfabout"bravo-policySameProjectAsJohn"
• constraintsubject"bravo-policyvar1"
• constraintpredicate"foafcurrentProject"
• constraintobject"bravo-policyvar2"/gt
• lt!-- constraints combined --gt
• ltconstraintAnd rdfabout"bravo-policyAndCondit
  ion1"
• constraintfirst"bravo-policyGetJohnPro
  ject"
• constraintsecond"bravo-policySameProje
  ctAsJohn"/gt

• ltdeonticRight rdfabout"bravo-policyAccessRigh
  t"gt
• ltdeonticactor rdfresource"bravo-policyvar1"/
  gt
• ltdeonticaction rdfresource"bravo-serviceBrav
  oAir_ReservationAgent"/gt
• ltdeonticconstraint rdfresource"bravo-policyA
  ndCondition1"/gt
• lt/deonticRightgt
• ltrdfDescription rdfabout"bravo-serviceBravoAi
  r_ReservationAgent"gt
• ltswspolicyEnforced rdfresource"bravo-policyA
  uthPolicy"/gt
• lt/rdfDescriptiongt

15
How it works
BravoAirWeb service
Mary
URL to foaf desc query request
ltswspolicyEnforced rdfresource
"bravo-policyAuthPolicy"/gt
MatchmakerReasoner
Bravo Service OWL-S Desc
16
How it works
Marys query Bravo Service ? YES
Extract Bravos policy
Does Mary meets Bravos policy ?

• ltdeonticRight rdfabout"bravo-policyAccessRigh
  t"gt
• ltdeonticactor rdfresource"bravo-policyvar1"/
  gt
• ltdeonticaction rdfresource"bravo-serviceBrav
  oAir_ReservationAgent"/gt
• ltdeonticconstraint rdfresource"bravo-policyA
  ndCondition1"/gt
• lt/deonticRightgt
• ltpolicyGranting rdfabout"bravo-policyAuthGran
  ting"gt
• ltpolicyto rdfresource"bravo-policyvar1"/gt
• ltpolicydeontic rdfresource"bravo-policyAcces
  sRight"/gt
• lt/policyGrantinggt
• ltswsAuthorizationPolicy rdfabout"bravo-policy
  AuthPolicy"gt
• ltpolicygrants rdfresource"bravo-policyAuthGr
  anting"/gt
• lt/swsAuthorizationPolicygt
• ltrdfDescription rdfabout"bravo-serviceBravoAi
  r_ReservationAgent"gt
• ltswspolicyEnforced rdfresource"bravo-policyA
  uthPolicy"/gt
• lt/rdfDescriptiongt

Authorization enforcement complete
ltconstraintSimpleConstraint rdfabout
"bravo-policyGetJohnProject
constraintsubject"johnJohn"
constraintpredicate"foafcurrentProject"
constraintobject"bravo-policyvar2"/gt var2
http//www.somewebsite.com/SWS-Project.rdf
BravoAirWeb service
Mary
ltfoafcurrentProject rdfresource
"http//www.somewebsite.com/SWS-Project.rdf"/gt
ltconstraintSimpleConstraint
rdfabout"bravo-policySameProjectAsJohn"
constraintsubject"bravo-policyvar1"
constraintpredicate"foafcurrentProject"
constraintobject"bravo-policyvar2"/gt Is the
constraint true when var2 http//www.somewebsit
e.com/SWS-Project.rdfvar1 http//www.cs.umbc.ed
u/lkagal1/rei/examples/sws-sec/MaryProfile.rdf
17
Algorithm for Matching Policies

• After the client sends a query request,
  MatchMaker finds a matching service and fetches
  its OWL-S description
• It extracts the services authorization policy
  from the policyEnforced attribute and sends it to
  the Rei Reasoning Engine along with the clients
  description
• Rei returns true or false based on whether the
  client meets the authorization policy of the
  service. If false, matching failed.
• The matchmaker extracts the clients privacy
  policy and sends it to the Rei Reasoning Engine
  along with the services OWL-S description
• Rei returns true or false based on whether the
  privacy policy is met or violated. If false,
  matching failed.
• Matching between client and service is complete

18
Existing Work

• WS-
• Lack of semantic expressiveness and reasoning
  capabilities
• Most approaches are based on XML.
• E.G., XML signature/encryption, WS-security,
  SAML.
• Restricted extensibility
• Possible solution is ontological approach
• Policy Languages
• XACML OASIS eXtensible Access Control Markup
  Language
• EPAL IBM Enterprise Privacy Authorization
  Language
• Ponder
• KeyNote
• KAoS Knowledgeable Agent-oriented System

19
Some open questions

• Applicability of other policy languages
• Integration with WS standards
• Enforcement of privacy, confidentiality and data
  integrity policies during execution
• Confidentiality
• One possible approach is for the OWL-S virtual
  machine to handle encryption/signing on behalf of
  the web service and the requester
• Privacy
• Reputation
• Trusted third parties

20
Summary

• Contribution
• Specification of security policies for web
  services
• Authorization policies are enforced during
  discovery
• Privacy policies are matched
• Ontologies
• http//www.csl.sri.com/users/denker/owl-sec/infObj
  .owlhttp//www.cs.umbc.edu/lkagal1/rei/examples/
  sws-sec/swspolicy.owlhttp//www.cs.umbc.edu/lkag
  al1/rei/ontologies/
• Examples
• http//www.cs.umbc.edu/lkagal1/rei/examples/sws-s
  ec/