• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SWRL-based Access Policies for Linked Data
 

SWRL-based Access Policies for Linked Data

on

  • 1,023 views

Social applications are one of the fastest growing areas in the Web. However, privacy issues ensue if all information of all users of these applica- tions is stored on a single computer system. With ...

Social applications are one of the fastest growing areas in the Web. However, privacy issues ensue if all information of all users of these applica- tions is stored on a single computer system. With small extensions to Semantic Web technologies and Linked Data concepts, a distributed approach to the social web is possible, where users retain fine-grained control over their data and are still able to combine their data with users on different systems. We describe our concept of a Policy-enabled Linked Data Server (PeLDS) obeying user-defined access policies for the stored information. PeLDS also supports configuration- free distributed authentication. Access policies are expressed in a newly devel- oped compact notation for the Semantic Web Rule Language. Authentication is performed using SSL certificates and the FOAF+SSL verification approach. We evaluate our concept using a prototype implementation and a distributed address book application.

Statistics

Views

Total Views
1,023
Views on SlideShare
1,015
Embed Views
8

Actions

Likes
3
Downloads
6
Comments
0

1 Embed 8

http://www.slideshare.net 8

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    SWRL-based Access Policies for Linked Data SWRL-based Access Policies for Linked Data Presentation Transcript

    • SWRL-Based Access Policies for Linked Data Hannes Mühleisen, Martin Kost and Johann-Christoph Freytag Databases and Information Systems Department of Computer Science Humboldt-Universität zu Berlin
    • “Social Web” What about the system operator? 2
    • Overview 1. Linked Data principles (short) 2. Access policies / data classification 3. “Policy enabled Linked Data Server” concept 4. PeLDS implementation and evaluation 3
    • Linked Data: URLs as identifiers / dereferencing ex:spouse http:// example.com/bob http:// example.com/alice ex:name ex:phone HTTP Req. “Bob Ross” “+4930123456” http://example.com/bob “42° 21′ 32″ N “Alice Ross” 71° 5′ 34″ W” Legende ex:pos ex:name Resource http:// asdf Property example.com/alice “a” Literal Graph http://example.com/alice 4
    • Access Policies • Set of rules, its evaluation determines whether a user can access certain information • Different types: DAC, MAC, RbAC • Generic system should support many types • Data classification required • Linked Data: classify protected parts of a graph • Different levels of classification conceivable: syntax, model, concepts 5
    • Model-based Classification • Data classification on a structure-preserving decomposition of the graph (set of triples) • Resource, property and value of triples can be specified, wildcards select unknown entries. • Example: http:// ex:name “Bob Ross” example.com/bob Resource == http://example.com/bob Property == ex:name Value == * 6
    • Concept-based Classification • Data classification on a structure of concepts and properties • Resources and their properties can be classified using their affiliation with a concept • Example: http:// ex:name “Bob Ross” example.com/bob rdf:type http:// example.com/ per#Person Concept == http://example.com/per#Person 7
    • Concept Policy enabled Linked Data Server • Policy language PsSF • Policy evaluation algorithms • Data and policy management operations • Secure authentication 8
    • Policy Language PsSF • Description Logic (DL) expressions based on the Semantic Web Rule Language (SWRL) • Prolog-style syntax for concise notation • Additional predicates for model- and concept-based data classification: • permit_triple(...), permit_instance(...) 9
    • PsSF Policy Language: Example BobPosRule: QueryAction(?action) && actor(?action, http://example.com/bob) => permit_triple(http://example.com/alice,ex:pos,*); “42° 21′ 32″ N “Alice Ross” 71° 5′ 34″ W” ex:pos ex:name http:// example.com/alice 10
    • Policy evaluation - Query • For each rule contained in the policy, check whether their preconditions are met • Approve graph elements classified by matching rules by adding them to a temporary RDF graph for the current user only containing authorized graph elements • Evaluate queries or dereferencing requests exclusively on those temporary graphs 11
    • sp sp A H * ✔ H wp nm ps Z * * ✔ W nm Rule 1 “Bob” Access Policy Step 1 Secured Graph sp A H nm nm H * ? “Bob” Query Temporary Graph Step 2 nm R1 “Bob” 12 Query Result
    • Required Operations • Definition & modification of access policies • Publication & modification of RDF graphs • Querying RDF graphs • URL dereferencing 13
    • Authentication • Username/password-combinations are unpractical for Linked Data • Central authority would violate the decentralization principle inherent in the WWW • FOAF+SSL enables password-free authentication based on SSL certificates 14
    • PeLDS Implementation • Linked-Data-Server with HTTP API • Supports PsSF policy language • FOAF+SSL for user authentication • Demo: Distributed Address Book 15
    • Demo Application: Distributed Address Book Bob’s View Alice’s View 16
    • PeLDS prototype - Performance 50 PeLDS R! = 0,9943 Joseki / TDB Joseki / TDB / Pellet 37,5 Processing time (s) 25 R! = 0,9959 12,5 450 1462,5 2475 3487,5 4500 Triple count 17
    • Conclusion • Access policies and comprehensive data classifications are possible for Linked Data • PeLDS enables distributed applications with support for access policies • PeLDS-Implementation is available as open source software from www.pelds.org 18