• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SWRL-based Access Policies for Linked Data

SWRL-based Access Policies for Linked Data



Social applications are one of the fastest growing areas in the Web. However, privacy issues ensue if all information of all users of these applica- tions is stored on a single computer system. With ...

Social applications are one of the fastest growing areas in the Web. However, privacy issues ensue if all information of all users of these applica- tions is stored on a single computer system. With small extensions to Semantic Web technologies and Linked Data concepts, a distributed approach to the social web is possible, where users retain fine-grained control over their data and are still able to combine their data with users on different systems. We describe our concept of a Policy-enabled Linked Data Server (PeLDS) obeying user-defined access policies for the stored information. PeLDS also supports configuration- free distributed authentication. Access policies are expressed in a newly devel- oped compact notation for the Semantic Web Rule Language. Authentication is performed using SSL certificates and the FOAF+SSL verification approach. We evaluate our concept using a prototype implementation and a distributed address book application.



Total Views
Views on SlideShare
Embed Views



1 Embed 8

http://www.slideshare.net 8



Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

    SWRL-based Access Policies for Linked Data SWRL-based Access Policies for Linked Data Presentation Transcript

    • SWRL-Based Access Policies for Linked Data Hannes Mühleisen, Martin Kost and Johann-Christoph Freytag Databases and Information Systems Department of Computer Science Humboldt-Universität zu Berlin
    • “Social Web” What about the system operator? 2
    • Overview 1. Linked Data principles (short) 2. Access policies / data classification 3. “Policy enabled Linked Data Server” concept 4. PeLDS implementation and evaluation 3
    • Linked Data: URLs as identifiers / dereferencing ex:spouse http:// example.com/bob http:// example.com/alice ex:name ex:phone HTTP Req. “Bob Ross” “+4930123456” http://example.com/bob “42° 21′ 32″ N “Alice Ross” 71° 5′ 34″ W” Legende ex:pos ex:name Resource http:// asdf Property example.com/alice “a” Literal Graph http://example.com/alice 4
    • Access Policies • Set of rules, its evaluation determines whether a user can access certain information • Different types: DAC, MAC, RbAC • Generic system should support many types • Data classification required • Linked Data: classify protected parts of a graph • Different levels of classification conceivable: syntax, model, concepts 5
    • Model-based Classification • Data classification on a structure-preserving decomposition of the graph (set of triples) • Resource, property and value of triples can be specified, wildcards select unknown entries. • Example: http:// ex:name “Bob Ross” example.com/bob Resource == http://example.com/bob Property == ex:name Value == * 6
    • Concept-based Classification • Data classification on a structure of concepts and properties • Resources and their properties can be classified using their affiliation with a concept • Example: http:// ex:name “Bob Ross” example.com/bob rdf:type http:// example.com/ per#Person Concept == http://example.com/per#Person 7
    • Concept Policy enabled Linked Data Server • Policy language PsSF • Policy evaluation algorithms • Data and policy management operations • Secure authentication 8
    • Policy Language PsSF • Description Logic (DL) expressions based on the Semantic Web Rule Language (SWRL) • Prolog-style syntax for concise notation • Additional predicates for model- and concept-based data classification: • permit_triple(...), permit_instance(...) 9
    • PsSF Policy Language: Example BobPosRule: QueryAction(?action) && actor(?action, http://example.com/bob) => permit_triple(http://example.com/alice,ex:pos,*); “42° 21′ 32″ N “Alice Ross” 71° 5′ 34″ W” ex:pos ex:name http:// example.com/alice 10
    • Policy evaluation - Query • For each rule contained in the policy, check whether their preconditions are met • Approve graph elements classified by matching rules by adding them to a temporary RDF graph for the current user only containing authorized graph elements • Evaluate queries or dereferencing requests exclusively on those temporary graphs 11
    • sp sp A H * ✔ H wp nm ps Z * * ✔ W nm Rule 1 “Bob” Access Policy Step 1 Secured Graph sp A H nm nm H * ? “Bob” Query Temporary Graph Step 2 nm R1 “Bob” 12 Query Result
    • Required Operations • Definition & modification of access policies • Publication & modification of RDF graphs • Querying RDF graphs • URL dereferencing 13
    • Authentication • Username/password-combinations are unpractical for Linked Data • Central authority would violate the decentralization principle inherent in the WWW • FOAF+SSL enables password-free authentication based on SSL certificates 14
    • PeLDS Implementation • Linked-Data-Server with HTTP API • Supports PsSF policy language • FOAF+SSL for user authentication • Demo: Distributed Address Book 15
    • Demo Application: Distributed Address Book Bob’s View Alice’s View 16
    • PeLDS prototype - Performance 50 PeLDS R! = 0,9943 Joseki / TDB Joseki / TDB / Pellet 37,5 Processing time (s) 25 R! = 0,9959 12,5 450 1462,5 2475 3487,5 4500 Triple count 17
    • Conclusion • Access policies and comprehensive data classifications are possible for Linked Data • PeLDS enables distributed applications with support for access policies • PeLDS-Implementation is available as open source software from www.pelds.org 18