Context-Aware Access Control   for RDF Graph Stores!                                      SELECT … !                      ...
SPARQL	         T	  Berners-­‐Lee,	  et	  al.	  On	  Integra8on	  Issues	  of	  Site-­‐Specific	  APIs	  into	  the	  Web	 ...
Background and SHI3LD Key Features!     WAC [Berners-Lee], [Toninelli et al, ISWC-2006], !     [Abel et al, ISWC-2007], [F...
How it Works – Initial Setup!●  Named Graph Partitioning!●  Access Policy Definition!  !S4AC & PRISSMA Vocabularies!       ...
SHI3LD Vocabularies!                       5	  
Example of Access Conditions!ASK {?resource dcterms:creator ?provider .! ARE	  YOU	  A	  FRIEND	  OF	  	  ?provider rel:ha...
Example of Access Conditions!ASK {?resource dcterms:creator ?provider .!              ARE	  YOU	  A	  MEMBER	  OF	  	     ...
Example of Access Conditions!ASK {?context a prissma:Context;!              prissma:environment ?env.!     ?env tl:start "...
Sample Access Policy!                        Protected named graph                            Conditions                  ...
How it Works!1.  Query Contextualization ! !!    INSERT DATA { !                SELECT … !    GRAPH :ctx1{!    [!    ,!   ...
Example of User Context!:sampleCtx a prissma:Context;!   !prissma:user :sampleUsr; !   !prissma:device :sampleDev;!    pri...
How it Works!2.  Access Policy Evaluation!  ASK {?context !            a prissma:Context; !            prissma:environment...
How it Works!3.  Query Execution on !   accessible Named Graphs!                               :ng1 !   :ng2 !            ...
Response Time Evaluation!RDF	  store	  and	  SPARQL	  1.1.	  engine:	  Corese-­‐KGRAM	  with	  Berlin	  SPARQL	  Benchmark...
Future Work!                                             Privacy!           Context data                                  ...
Upcoming SlideShare
Loading in...5
×

Context-Aware Access Control for RDF Graph Stores

1,011

Published on

ECAI 2012 presentation

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
1,011
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Context-Aware Access Control for RDF Graph Stores

  1. 1. Context-Aware Access Control for RDF Graph Stores! SELECT … ! WHERE {…}!Luca  Costabello,  Serena  Villata,  Fabien  Gandon  
  2. 2. SPARQL   T  Berners-­‐Lee,  et  al.  On  Integra8on  Issues  of  Site-­‐Specific  APIs  into  the  Web  of  Data,  DERI  Tech.Rep.  2009  2007 2009 2011
  3. 3. Background and SHI3LD Key Features! WAC [Berners-Lee], [Toninelli et al, ISWC-2006], ! [Abel et al, ISWC-2007], [Finin et al.,SACMAT-2008], ! [Flouris et al., FIS-2010], [Sacco and Passant, LDOW-2011]
 Semantic Web Pluggable to languages only! any RDF store! > No new Policy languages! > SPARQL 1.1! Granularity from Mobile context in triples to whole graphs! the loop! > Named Graphs! > Context Awareness! [Carroll  et  al,  WWW2005]   [Schilit  and  Theimer,  94]     RDF  1.1   [Dey,  01]   3  
  4. 4. How it Works – Initial Setup!●  Named Graph Partitioning!●  Access Policy Definition! !S4AC & PRISSMA Vocabularies! 4  
  5. 5. SHI3LD Vocabularies! 5  
  6. 6. Example of Access Conditions!ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  FRIEND  OF    ?provider rel:hasFriend ?consumer . }! THE  DATA  PROVIDER  ?  ASK {?resource dcterms:creator ?provider . ! ARE  YOU  A  COLLABORATOR    ?provider rel:collaboratesWith ?consumer . }! THE  DATA  PROVIDER  ?   OF  ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  PARENT  OF    ?provider rel:hasParent ?consumer . }! THE  DATA  PROVIDER  ?   ASK{?resource dcterms:creator ?provider .! ARE  YOU  A  COLLEAGUE  OF     ?provider rel:hasColleague ?consumer . }! THE  DATA  PROVIDER  ?   6  
  7. 7. Example of Access Conditions!ASK {?resource dcterms:creator ?provider .! ARE  YOU  A  MEMBER  OF     ?provider sioc:member_of ?group . ! THE  SAME  GROUP  OF     ?consumer sioc:member_of ?group . }! THE  DATA  PROVIDER  ?  ASK {?consumer a foaf:Person .! ARE  YOU  JOHN  ?   ! FILTER(?consumer = <http://example#John>) }! IF  SO  ASK {?consumer a foaf:Person .! ARE  YOU  JOHN  ?   ! FILTER(!(?consumer = <http://example#John>)) }! IF  SO   DO  YOU  GET  A  NUMBER    ASK { FILTER(rand()>0.5) }! BIGGER  THAN  0.5  ?   7  
  8. 8. Example of Access Conditions!ASK {?context a prissma:Context;! prissma:environment ?env.! ?env tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;! ! tl:duration "PT5H"^^xsd:duration.! ! ?env prissma:currentPOI ?poi.! ! ?poi prissma:poiLabel http://dbpedia.org/resource/Musee_du_Louvre. !}! ARE  YOU  LOCATED  IN  THE  LOUVRE  MUSEUM    ASK {?context a prissma:Context; ! AND  IS  IT  OCTOBER  26 ,  2012  AFTER  12  a.m.?   TH ! prissma:device ?dev;! ! prissma:user ?consumer;! prissma:environment ?env.! ?consumer a foaf:Person;! rel:employedBy <http://example#Bob>.! ?env prissma:currentPOI ?poi.! ! ?poi prissma:poiLabel <http://dbpedia.org/resource/Musee_du_Louvre>.! ?dev a prissma:Device;! ARE  YOU  LOCATED  IN  THE  LOUVRE  MUSEUM,     soft:deviceSoftware ?devsw.! ARE  YOU  EMPLOYED  BY  BOB,  AND  ARE  YOU     ?devsw a soft:DeviceSoftware;! USING  ANDROID?   soft:operatingSystem ?opsys.! ?opsys a soft:Operatingsystem;! common:name "Android".! 8  }!
  9. 9. Sample Access Policy! Protected named graph Conditions to verify 9  
  10. 10. How it Works!1.  Query Contextualization ! !! INSERT DATA { ! SELECT … ! GRAPH :ctx1{! [! ,! ,! ]! ,! , …! +   WHERE {…}! :ctx1! }}! 10  
  11. 11. Example of User Context!:sampleCtx a prissma:Context;! !prissma:user :sampleUsr; ! !prissma:device :sampleDev;! prissma:environment :sampleEnv.!:sampleUsr a prissma:User;! foaf:name "John Doe »;! !foaf:knows <http://example.org/people/alice/>.!:sampleDev a prissma:device;! !soft:deviceSoftware [soft:operatingSystem[common:name "Android"]].!:sampleEnv a prissma:Environment;! prissma:currentPOI [geo:lat "45.43463";! ! ! ! geo:lon "7.843435";! ! ! ! prissma:radius "500"];! tl:start "2012-10-26T12:00:00Z"^^xsd:dateTime;! 11  
  12. 12. How it Works!2.  Access Policy Evaluation! ASK {?context ! a prissma:Context; ! prissma:environment ?env.! ?env prissma:currentPOI ?poi. ! ?poi prissma:radius "500";! foaf:based_near ?p. ! =   "false"   ?p geo:lat "43.615811";! geo:long "7.068532".} ! BINDINGS ?context {(:ctx1)}! 12  
  13. 13. How it Works!3.  Query Execution on ! accessible Named Graphs! :ng1 ! :ng2 ! SELECT … ! :ng3 ! WHERE {…}! SELECT …! FROM :ng2,:ng3! WHERE {…}! 13  
  14. 14. Response Time Evaluation!RDF  store  and  SPARQL  1.1.  engine:  Corese-­‐KGRAM  with  Berlin  SPARQL  Benchmark  Dataset  3.1  • Dataset size still predominant!• Small fraction granted!  Faster!• More context updates, ! More consumers!  Slower! 14  
  15. 15. Future Work! Privacy! Context data User-centered trustworthiness! evaluation!Luca  Costabello  |  Serena  Villata    |  Fabien  Gandon  @lukostaz ! ! @serena_villata @fabien_gandon!tinyurl.com/shi3ld
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×