150 likes | 181 Vues
Design and Application of Rule Based Access Control Policies. Huiying Li, Xiang Zhang, Honghan Wu & Yuzhong Qu xzhang@seu.edu.cn Dept. Computer Science & Engineering Southeast University, China. Outline. Our Idea Semantic Web Rule Language Model Design Use Cases
E N D
Design and Application of Rule Based Access Control Policies Huiying Li, Xiang Zhang, Honghan Wu & Yuzhong Qu xzhang@seu.edu.cn Dept. Computer Science & Engineering Southeast University, China
Outline • Our Idea • Semantic Web Rule Language • Model Design • Use Cases • Conclusion and Future Work
Our Idea • Requirements of WonderSpace • Express access control policies with powerful expressive ability. • Semantic Web Rule Language (SWRL) • A Horn clause rules extension to OWL proposed in 2004.
What is the Idea • Express access control policies based on OWL and SWRL • OWL: ontology • SWRL: rule • Friend of a Friend (FOAF) • Information about people
Semantic Web Rule Language • SWRL extends OWL DL by adding a simple form of Horn-style rules for the purpose of enhancing expressive ability • The form of a rule • antecedent consequent.
Semantic Web Rule Language • The antecedent and consequent of a rule consist of zero or more atoms. • Atoms can be the form of C(x), P(x, y), Q(x, z), sameAs(x, y) or differentFrom(x, y) • An typical example: • parent(?a, ?b) brother(?b, ?c) uncle(?a, ?c). It is true in China…
Model Design - Ontology • Assertion about what kinds of agents are permitted/prohibited to access to what kinds of resources
Model Design - Rule • Give more explicit meaning to properties • member(?z, ?x) member(?z, ?y) Person(?x) Person(?y) sameGroupOf(?x, ?y)
Model Design - Rule • Express access control policies • member(wonderspace, ?x) isPermittedtoRead(?x, somePaper)
Use Case • Jack published a note about a project plan and asserted that the members of WonderSpace group could read this plan, while the members of his group could edit it online. • member(?z, ?x) member(?z, ?y) Person(?x) Person(?y) sameGroupOf(?x, ?y) • memberOf(?x,WonderSpace) isPermittedtoRead (?x, plan), • sameGroupOf(?y, Jack) isPermittedtoEdit(?y, plan).
Conclusion and Future Work • Prove Our Concept: OWL + SWRL for Access Control Policy • Policy Confliction • Policy Enforcement • Trustworthy of the information source • Operational semantics of the policy language.
Main References • I. Horrocks, P. F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, and M. Dean: SWRL: A semantic web rule language combining owl and ruleml. W3C Member Submission, 21 May 2004. • J. M. Bradshaw, S. Dutfield, P. Benoit, and J. D. Woolley:KAoS: Toward An Industrial-Strength Open Agent Architecture. Software Agents, J.M. Bradshaw (ed.), AAAI Press (1997) 375-418 • L. Kagal, T. Finin, and A. Joshi: A policy language for a pervasive computing environment. IEEE 4th International Workshop on Policies for Distributed Systems and Networks (2003). • P.F. Patel-Schneider, P. Hayes, I. Horrocks (eds.): OWL: Web Ontology Language Semantics and Abstract Syntax. W3C Recommendation 10 February 2004. • P. Hayes (ed.): RDF Semantics. W3C Recommendation 10 February 2004.