1 / 12

Semantic Web and Policy Workshop Panel Contribution

This presentation discusses the challenges of enforcing context-sensitive privacy and security policies in various scenarios such as pervasive computing, enterprise collaboration, and homeland security. It introduces a semantic web approach to model and specify these policies and explores the architecture of a policy enforcing agent.

monaw
Télécharger la présentation

Semantic Web and Policy Workshop Panel Contribution

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Semantic Web and Policy WorkshopPanel Contribution Norman M. Sadeh School of Computer Science Carnegie Mellon University Director, e-Supply Chain Management Laboratory Director, Mobile Commerce Laboratory Co-Director, COS PhD Program

  2. Policies Are Everywhere • B2B contracts • e.g. quantity flexible contracts, late delivery penalties, etc. • Negotiation • e.g. rules associated with auction mechanisms • Security • e.g. access control policies • Privacy • Information Collection Policies (aka “ P3P Privacy Policies”) • Obfuscation Policies • Workflow management • What to do under different sets of conditions • Context aware computing • What service to invoke to access a particular contextual attribute • Context-sensitive preferences 2005 AAAI Fall Symposium- Slide 2

  3. Context-Sensitive Privacy & Security Policies • Pervasive Computing • “My colleagues can only see the building I am in and only when they are on company premises” • Enterprise Collaboration • “Only disclose inventory levels to customers with past due shipments” • DoD Scenarios (e.g. coalition forces) • “Only disclose ship departure time after the ship has left” • “Only disclose information specific to the context of ongoing joint operations” • Homeland Security & Privacy (e.g. video surveillance) • “Only allow for facial recognition when a crime scene is suspected” 2005 AAAI Fall Symposium- Slide 3

  4. Challenges in Enforcing Context-Sensitive Policies • Sources of contextual information: • May not be known ahead of time • May change from one entity to another • May change over time • Examples: • Different sources of location information depending on who & where the subject is • Different sources of information to determine when supplies will arrive, depending on who the supplier is and the particular mode of transportation 2005 AAAI Fall Symposium- Slide 4

  5. Pervasive Computing Instantiation: MyCampus Each entity has its own set of policies & policy evaluation agents 2005 AAAI Fall Symposium- Slide 5

  6. Semantic Web Approach • Interleave reasoning about policies with the dynamic identification of sources of contextual information • Both explicit delegation & dynamic discovery • Sources of contextual information modeled as Semantic Web Services • Service profiles & context-sensitive policies refer to shared ontologies 2005 AAAI Fall Symposium- Slide 6

  7. Specifying Context-Sensitive Policies 2005 AAAI Fall Symposium- Slide 7

  8. -Is Mary allowed to ask this? -Is there a service to find Bob’s current location? Bob 4 Mary What room is Mary in? Mary’s User Agent 1 Personal Service Directory Service Which building is Bob in right now? 3 Company XYZ 2 Is Bob on Mary’s team today? Personal Agent Directory Service Privacy Agents What is the street address for Bob’s current location? Information Disclosure Agent 5 Only people on my team can see the room I am in and only when we are in the same building Task-Specific Agents Cell Phone Operator Policy Repository Service Notification Agent Public Agent Directory Service Public Service Directory Service White Pages Directory Service Motivating Scenario 2005 AAAI Fall Symposium- Slide 8

  9. Meta-Model for Query Processing • Monitoring query processing progress • Including satisfaction of relevant policies • Meta-model information: • Whether/which policy elements have (not) been verified • What facts are still missing • To verify relevant policies/answer the query • What sources of information are available • Local vs. external, whether they have been identified, whether queries have been submitted and answers received • Etc. 2005 AAAI Fall Symposium- Slide 9

  10. Policy Enforcing Agent: Architecture 2005 AAAI Fall Symposium- Slide 10

  11. So, Where Do We Start? • Usability Challenges • “Low Hanging Fruits” • B2B • Easier to invest time in specifying policies • Virtual Enterprise scenarios • Contracting, security, workflow management, pricing, and plenty of other corporate policies • Open Mobile & Pervasive Computing • There’s no other way • Roaming, complexity of Mobile Internet value chain, etc. • Challenges: • Moving away from highly scripted trust management protocols, usability challenges, expressiveness & computational tradeoffs, etc. 2005 AAAI Fall Symposium- Slide 11

  12. Q&A 2005 AAAI Fall Symposium- Slide 12

More Related