PPO & PPM 2.0: Extending the Privacy Preference Framework
Upcoming SlideShare
Loading in...5
×
 

PPO & PPM 2.0: Extending the Privacy Preference Framework

on

  • 297 views

Web of Data applications provide users with the means to easily publish their personal information on the Web. However, this information is publicly accessible and users cannot control how to disclose ...

Web of Data applications provide users with the means to easily publish their personal information on the Web. However, this information is publicly accessible and users cannot control how to disclose their personal information. Protecting personal information is deemed important in use cases such as controlling access to sensitive personal information on the Social Semantic Web or even in Linked Open Government Data. The Privacy Preference Ontology (PPO) can be used to define fine-grained privacy preferences to control access to personal information and the Privacy Preference Manager (PPM) can be used to enforce such preferences to determine which specific parts of information can be granted access. However, PPO and PPM require further extensions to create more control when granting access to sensitive data; such as more flexible granularity for defining privacy preferences. In this paper, we (1) extend PPO with new classes and properties to define further fine-grained privacy preferences; (2) provide a new light-weight vocabulary, called the Privacy Preference Manager Ontology (PPMO), to define characteristics about privacy preference managers; and (3) present an extension to PPM to enable further control when publishing and sharing personal information based on the extended PPO and the new vocabulary PPMO. Moreover, the PPM is extended to provide filtering data over SPARQL endpoints.

Statistics

Views

Total Views
297
Views on SlideShare
293
Embed Views
4

Actions

Likes
0
Downloads
1
Comments
0

1 Embed 4

http://www.linkedin.com 4

Accessibility

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

PPO & PPM 2.0: Extending the Privacy Preference Framework PPO & PPM 2.0: Extending the Privacy Preference Framework Presentation Transcript

  • Digital Enterprise Research Institute www.deri.ie PPO & PPM 2.0: Extending the Privacy Preference Framework Owen Sacco and John G. Breslin owen.sacco@deri.org and john.breslin@nuigalway.ie I-SEMANTICS 2012 – Graz, Austria Thursday 6th September 2012 Copyright 2011 Digital Enterprise Research Institute. All rights reserved. Enabling Networked Knowledge
  • IntroductionDigital Enterprise Research Institute www.deri.ie  Increase in shared personal information on the Social Web raised awareness about privacy Enabling Networked Knowledge
  • Current LimitationsDigital Enterprise Research Institute www.deri.ie  Social Web applications provide system default privacy settings Enabling Networked Knowledge View slide
  • Use CaseDigital Enterprise Research Institute www.deri.ie  A FOAF based Social Network Enabling Networked Knowledge View slide
  • Use CaseDigital Enterprise Research Institute www.deri.ie  Protecting a FOAF based Social Network  Users feel more confident to publish their information  Users would be in full control – Which specific information can be shared and to whom  Granting access based on interest and not only to friends in contact lists – Eg: Provide my phone number only to DERI colleagues without being in a friend or group list called DERI Enabling Networked Knowledge
  • PPO OverviewDigital Enterprise Research Institute www.deri.ie  A light weight vocabulary for defining fine-grained privacy preferences for RDF data  A privacy preference contains:  Which resource, statement or graph must be restricted  A condition that must be satisfied  The access control privilege (defined using WAC)  A SPARQL query that tests whether a user requesting information matches a graph pattern Enabling Networked Knowledge
  • PPO OverviewDigital Enterprise Research Institute www.deri.ie ppo:PrivacyPreference ppo:hasAccessSpace ppo:AccessSpace ppo:hasAccessQuery This rdfs:Literal rdfs:Literal represents a SPARQL query as a String.ppo:appliesToResource ppo:appliesToStatement ppo:appliesToNamedGraph ppo:hasCondition ppo:hasAccess rdfs:Resource rdf:Statement trix:Graph ppo:Condition acl:Accessppo:resourceAsSubject ppo:resourceAsObject ppo:classAsSubject ppo:classAsObject ppo:hasLiteral ppo:hasProperty rdf:Propert rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal yRestrictions Conditions Access Test Queries Access Control Privileges Enabling Networked Knowledge
  • Extending PPODigital Enterprise Research Institute www.deri.ie rdfs:Resource acl:Access acl:Access foaf:Agent rdfs:Literal ppo:appliesToResource ppo:hasNoAccess ppo:hasAccess ppo:hasAccessAgent ppo:hasAccessQuery rdf:Statement ppo:appliesToStatement ppo:hasAccessSpace ppo:AccessSpace ppo:PrivacyPreference ppo:appliesToNamedGraph ppo:hasPriority wo:Weight ppo:hasConditionOperator trix:Graph ppo:hasCondition ppo:ConditionOperator ppo:appliesToDataset ppo:conditionOperatorOf ppo:Condition ppo:hasChildConditionOperator void:Dataset ppo:hasLogicalOperator ppo:Operator ppo:appliesToContext rdfs:Resource ppo:resourceAsSubject ppo:resourceAsObject ppo:classAsSubject ppo:classAsObject ppo:hasLiteral ppo:hasProperty rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal rdfs:Propoerty Enabling Networked Knowledge
  • Extending PPODigital Enterprise Research Institute www.deri.ie rdfs:Resource acl:Access acl:Access foaf:Agent rdfs:Literal ppo:appliesToResource ppo:hasNoAccess ppo:hasAccess ppo:hasAccessAgent ppo:hasAccessQuery rdf:Statement ppo:appliesToStatement ppo:hasAccessSpace ppo:AccessSpace ppo:PrivacyPreference ppo:appliesToNamedGraph ppo:hasPriority wo:Weight ppo:hasConditionOperator trix:Graph ppo:hasCondition ppo:ConditionOperator ppo:appliesToDataset ppo:conditionOperatorOf ppo:Condition ppo:hasChildConditionOperator void:Dataset ppo:hasLogicalOperator ppo:Operator ppo:appliesToContext rdfs:Resource ppo:resourceAsSubject ppo:resourceAsObject ppo:classAsSubject ppo:classAsObject ppo:hasLiteral ppo:hasProperty rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal rdfs:Propoerty Enabling Networked Knowledge
  • Extending PPODigital Enterprise Research Institute www.deri.ie rdfs:Resource acl:Access acl:Access foaf:Agent rdfs:Literal ppo:appliesToResource ppo:hasNoAccess ppo:hasAccess ppo:hasAccessAgent ppo:hasAccessQuery rdf:Statement ppo:appliesToStatement ppo:hasAccessSpace ppo:AccessSpace ppo:PrivacyPreference ppo:appliesToNamedGraph ppo:hasPriority wo:Weight ppo:hasConditionOperator trix:Graph ppo:hasCondition ppo:ConditionOperator ppo:appliesToDataset ppo:conditionOperatorOf ppo:Condition ppo:hasChildConditionOperator void:Dataset ppo:hasLogicalOperator ppo:Operator ppo:appliesToContext rdfs:Resource ppo:resourceAsSubject ppo:resourceAsObject ppo:classAsSubject ppo:classAsObject ppo:hasLiteral ppo:hasProperty rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal rdfs:Propoerty Enabling Networked Knowledge
  • Extending PPODigital Enterprise Research Institute www.deri.ie rdfs:Resource acl:Access acl:Access foaf:Agent rdfs:Literal ppo:appliesToResource ppo:hasNoAccess ppo:hasAccess ppo:hasAccessAgent ppo:hasAccessQuery rdf:Statement ppo:appliesToStatement ppo:hasAccessSpace ppo:AccessSpace ppo:PrivacyPreference ppo:appliesToNamedGraph ppo:hasPriority wo:Weight ppo:hasConditionOperator trix:Graph ppo:hasCondition ppo:ConditionOperator ppo:appliesToDataset ppo:conditionOperatorOf ppo:Condition ppo:hasChildConditionOperator void:Dataset ppo:hasLogicalOperator ppo:Operator ppo:appliesToContext rdfs:Resource ppo:resourceAsSubject ppo:resourceAsObject ppo:classAsSubject ppo:classAsObject ppo:hasLiteral ppo:hasProperty rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal rdfs:Propoerty Enabling Networked Knowledge
  • Extending PPODigital Enterprise Research Institute www.deri.ie rdfs:Resource acl:Access acl:Access foaf:Agent rdfs:Literal ppo:appliesToResource ppo:hasNoAccess ppo:hasAccess ppo:hasAccessAgent ppo:hasAccessQuery rdf:Statement ppo:appliesToStatement ppo:hasAccessSpace ppo:AccessSpace ppo:PrivacyPreference ppo:appliesToNamedGraph ppo:hasPriority wo:Weight ppo:hasConditionOperator trix:Graph ppo:hasCondition ppo:ConditionOperator ppo:appliesToDataset ppo:conditionOperatorOf ppo:Condition ppo:hasChildConditionOperator void:Dataset ppo:hasLogicalOperator ppo:Operator ppo:appliesToContext rdfs:Resource ppo:resourceAsSubject ppo:resourceAsObject ppo:classAsSubject ppo:classAsObject ppo:hasLiteral ppo:hasProperty rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal rdfs:Propoerty Enabling Networked Knowledge
  • Extending PPODigital Enterprise Research Institute www.deri.ie rdfs:Resource acl:Access acl:Access foaf:Agent rdfs:Literal ppo:appliesToResource ppo:hasNoAccess ppo:hasAccess ppo:hasAccessAgent ppo:hasAccessQuery rdf:Statement ppo:appliesToStatement ppo:hasAccessSpace ppo:AccessSpace ppo:PrivacyPreference ppo:appliesToNamedGraph ppo:hasPriority wo:Weight ppo:hasConditionOperator trix:Graph ppo:hasCondition ppo:ConditionOperator ppo:appliesToDataset ppo:conditionOperatorOf ppo:Condition ppo:hasChildConditionOperator void:Dataset ppo:hasLogicalOperator ppo:Operator ppo:appliesToContext rdfs:Resource ppo:resourceAsSubject ppo:resourceAsObject ppo:classAsSubject ppo:classAsObject ppo:hasLiteral ppo:hasProperty rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal rdfs:Propoerty Enabling Networked Knowledge
  • Extending PPODigital Enterprise Research Institute www.deri.ie rdfs:Resource acl:Access acl:Access foaf:Agent rdfs:Literal ppo:appliesToResource ppo:hasNoAccess ppo:hasAccess ppo:hasAccessAgent ppo:hasAccessQuery rdf:Statement ppo:appliesToStatement ppo:hasAccessSpace ppo:AccessSpace ppo:PrivacyPreference ppo:appliesToNamedGraph ppo:hasPriority wo:Weight ppo:hasConditionOperator trix:Graph ppo:hasCondition ppo:ConditionOperator ppo:appliesToDataset ppo:conditionOperatorOf ppo:Condition ppo:hasChildConditionOperator void:Dataset ppo:hasLogicalOperator ppo:Operator ppo:appliesToContext rdfs:Resource ppo:resourceAsSubject ppo:resourceAsObject ppo:classAsSubject ppo:classAsObject ppo:hasLiteral ppo:hasProperty rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class rdfs:Literal rdfs:Propoerty Enabling Networked Knowledge
  • Extending PPODigital Enterprise Research Institute www.deri.ie ppo:PrivacyPreference ppo:hasConditionOperator ppo:hasCondition ppo:ConditionOperator ppo:conditionOperatorOf ppo:Condition ppo:hasChildConditionOperator ppo:hasLogicalOperator ppo:Operator AND ppo:Operator rdfs:subClassOf Condition 1 OR rdfs:subClassOf rdfs:subClassOf ppo:And ppo:Or ppo:Not Condition 2 Condition 3 Enabling Networked Knowledge
  • Extending WACDigital Enterprise Research Institute www.deri.ie acl:Access rdfs:subClassOf rdfs:subClassOf rdfs:subClassOf rdfs:subClassOf ppo:Create acl:Read acl:Write acl:Control rdfs:subClassOf rdfs:subClassOf rdfs:subClassOf ppo:Update ppo:Delete acl:Append Enabling Networked Knowledge
  • Extended PPO ExampleDigital Enterprise Research Institute www.deri.ie  Define a privacy preference which is:  Applied to all triples of the investment cost resource ID 90000001  Applied to all triples in the dataset called dataset1  Conditions: – The resource URI 90000001 as the subject of the triple – The resource is an IT System type with ID 8000000002  Apply read and update access control privileges  Apply privacy preference to all those that work at the US Government Department for Health and Human Services Enabling Networked Knowledge
  • Extended PPO ExampleDigital Enterprise Research Institute www.deri.ie ex:pp1 a ppo:PrivacyPreference; ppo:appliesToResource <http://www.example.org/Investment/90000001>; ppo:appliesToDataset <http://www.example.org/repositories/dataset1>; ppo:hasConditionOperator [ ppo:conditionOperatorOf [ ppo:resourceAsSubject <http://www.example.org/Investment/90000001> ]; ppo:hasLogicalOperator ppo:And; ppo:conditionOperatorOf [ ppo:resourceAsObject http://www.example.org/ITSystem/8000000002 ]]; ppo:hasAccess acl:Read; ppo:hasAccess ppo:Update; ppo:hasAccessSpace [ ppo:hasAccessQuery "ASK { ?x foaf:workplaceHomepage <http://www.hhs.gov> Knowledge Enabling Networked }"].
  • Privacy Preference ManagerDigital Enterprise Research Institute www.deri.ie  The Privacy Preference Manager provides two main tasks:  A user creates his/her privacy preferences  A requester logs in to the other user’s manager which returns filtered RDF data – in this case a faceted profile Alex Privacy Preference WebID Manager Private FOAF Profile John Privacy Requester Preferences Enabling Networked Knowledge
  • Privacy Preference Manager OntologyDigital Enterprise Research Institute www.deri.ie ppmo:PrivacyPreferenceManager ppmo:hasPriorityScale wo:Scale ppmo:hasOwner foaf:Agent ppmo:hasDefaultConflictNoAccess ppmo:hasAdministration ppmo:hasDefaultConflictAccess ppmo:hasDefaultAccess ppmo:hasDefaultNoAccess acl:Access ppmo:Administration acl:Access acl:Access acl:Access ppmo:hasAdminAccess ppmo:hasAdminSpace ppmo:hasAdminNoAccess acl:Access acl:Access ppmo:AdminSpace ppmo:hasAdministrator ppmo:hasAdminSpaceQuery foaf:Agent rdfs:Literal Enabling Networked Knowledge
  • Privacy Preference Manager OntologyDigital Enterprise Research Institute www.deri.ie ppmo:PrivacyPreferenceManager ppmo:hasPriorityScale wo:Scale ppmo:hasOwner foaf:Agent ppmo:hasDefaultConflictNoAccess ppmo:hasAdministration ppmo:hasDefaultConflictAccess ppmo:hasDefaultAccess ppmo:hasDefaultNoAccess acl:Access ppmo:Administration acl:Access acl:Access acl:Access ppmo:hasAdminAccess ppmo:hasAdminSpace ppmo:hasAdminNoAccess acl:Access acl:Access ppmo:AdminSpace ppmo:hasAdministrator ppmo:hasAdminSpaceQuery foaf:Agent rdfs:Literal Enabling Networked Knowledge
  • Privacy Preference Manager OntologyDigital Enterprise Research Institute www.deri.ie ppmo:PrivacyPreferenceManager ppmo:hasPriorityScale wo:Scale ppmo:hasOwner foaf:Agent ppmo:hasDefaultConflictNoAccess ppmo:hasAdministration ppmo:hasDefaultConflictAccess ppmo:hasDefaultAccess ppmo:hasDefaultNoAccess acl:Access ppmo:Administration acl:Access acl:Access acl:Access ppmo:hasAdminAccess ppmo:hasAdminSpace ppmo:hasAdminNoAccess acl:Access acl:Access ppmo:AdminSpace ppmo:hasAdministrator ppmo:hasAdminSpaceQuery foaf:Agent rdfs:Literal Enabling Networked Knowledge
  • Privacy Preference Manager OntologyDigital Enterprise Research Institute www.deri.ie ppmo:PrivacyPreferenceManager ppmo:hasPriorityScale wo:Scale ppmo:hasOwner foaf:Agent ppmo:hasDefaultConflictNoAccess ppmo:hasAdministration ppmo:hasDefaultConflictAccess ppmo:hasDefaultAccess ppmo:hasDefaultNoAccess acl:Access ppmo:Administration acl:Access acl:Access acl:Access ppmo:hasAdminAccess ppmo:hasAdminSpace ppmo:hasAdminNoAccess acl:Access acl:Access ppmo:AdminSpace ppmo:hasAdministrator ppmo:hasAdminSpaceQuery foaf:Agent rdfs:Literal Enabling Networked Knowledge
  • Privacy Preference Manager OntologyDigital Enterprise Research Institute www.deri.ie ppmo:PrivacyPreferenceManager ppmo:hasPriorityScale wo:Scale ppmo:hasOwner foaf:Agent ppmo:hasDefaultConflictNoAccess ppmo:hasAdministration ppmo:hasDefaultConflictAccess ppmo:hasDefaultAccess ppmo:hasDefaultNoAccess acl:Access ppmo:Administration acl:Access acl:Access acl:Access ppmo:hasAdminAccess ppmo:hasAdminSpace ppmo:hasAdminNoAccess acl:Access acl:Access ppmo:AdminSpace ppmo:hasAdministrator ppmo:hasAdminSpaceQuery foaf:Agent rdfs:Literal Enabling Networked Knowledge
  • Privacy Preference Manager OntologyDigital Enterprise Research Institute www.deri.ie ppmo:PrivacyPreferenceManager ppmo:hasPriorityScale wo:Scale ppmo:hasOwner foaf:Agent ppmo:hasDefaultConflictNoAccess ppmo:hasAdministration ppmo:hasDefaultConflictAccess ppmo:hasDefaultAccess ppmo:hasDefaultNoAccess acl:Access ppmo:Administration acl:Access acl:Access acl:Access ppmo:hasAdminAccess ppmo:hasAdminSpace ppmo:hasAdminNoAccess acl:Access acl:Access ppmo:AdminSpace ppmo:hasAdministrator ppmo:hasAdminSpaceQuery foaf:Agent rdfs:Literal Enabling Networked Knowledge
  • Extending the Privacy Preference ManagerDigital Enterprise Research Institute www.deri.ie foafssl.org SPARQL Endpoint WebID Authentication Service RDF Documents SSL Certificate Confirmation Request RDF Data Privacy Preference Manager WebID RDF Data Retriever Authenticator & Parser SSL Certificate Confirmation Query RDF Data Request Query Privacy Preferences Privacy Request Enforcer Preferences Privacy Filtered Preference User Interface RDF Data Information Privacy Preferences Privacy Preference User Privacy Creator Preference Enabling Networked Knowledge
  • Future WorkDigital Enterprise Research Institute www.deri.ie  Defining and computing trustworthiness of requesters  Enhancing Privacy Preference Manager to assert trustworthiness whilst enforcing privacy preferences Enabling Networked Knowledge
  • LinksDigital Enterprise Research Institute www.deri.ie  PPO Namespace URI: http://vocab.deri.ie/ppo#  PPMO Namespace URI: http://vocab.deri.ie/ppmo#  Screencasts  Creating Privacy Preferences: http://bit.ly/p0N1Vi  Viewing Filtered FOAF Profiles: http://bit.ly/qiAdxT  Email: owen.sacco@deri.org Enabling Networked Knowledge