Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Context-Aware Access Control and Presentation of Linked Data

7,127 views

Published on

My PhD Thesis defence slideshow. The work discusses the influence of mobile context in accessing Linked Data from handheld devices. The work dissects this issue into two research questions: how to enable context-aware adaptation for Linked Data consumption, and how to protect access to RDF stores from context-aware devices.

Published in: Technology, Education
  • Be the first to comment

Context-Aware Access Control and Presentation of Linked Data

  1. 1. CONTEXT-AWARE 
 ACCESS CONTROL AND PRESENTATION OF LINKED DATA PhD Thesis Defence Luca COSTABELLO 29 November 2013
  2. 2. Mobile Guide “Is it optimized for my tablet?” “Does it have a visuallyimpaired mode?” “Does it provide practical information when I am on my way?” Museum triplestore “Paintings metadata accessible only to on-site visitors.” “Museum Data accessible this week only” “Metadata can be edited by employers only” 2
  3. 3. How Does Mobile Context Influence Linked Data Access? Mobile Context Model Context-Aware Linked Data Presentation Context-Aware Linked Data Access control 3
  4. 4. Outline 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control with Web Standards 4
  5. 5. Outline 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control with Web Standards 5
  6. 6. Mobile Context Model • PRISSMA Ontology 6
  7. 7. Domain independence Coverage Variable Context Granularity Extensibility Core ontology approach Lightweight Ontology Reuse of Existing Terms Availability on the Web ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ PRISSMA DCO Hervás Korpipää CoDaMoS CONON CoOL SOUPA Context Ontologies ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ 7
  8. 8. The PRISSMA vocabulary http://ns.inria.fr/prissma 8
  9. 9. Example: at the museum
 :atTheMuseum a prissma:Context ;! prissma:environment :museumEnv .! ! prissma:Context :museumEnv a prissma:Environment ;! :atTheMuseum prissma:poi :museumGeo.! ! prissma:environment :museumGeo geo:lat "48.86034" ;! geo:long "2.337599" ;! prissma:Environment prissma:radius ”200" .! :museumEnv ! prissma:poi :museumGeo geo:lat 48.86034 prissma:radius geo:long 200 2.337599 9
  10. 10. Outline 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control with Web Standards 10
  11. 11. Presentation Model • Extending Fresnel with PRISSMA 11
  12. 12. ✓ Linked Data support Context-awareness ✓ ✓ Standard Languages ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Runtime adaptation ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Multimodality ✓ Client-side only Evaluation PRISSMA CSS Media Queries COIN Adipat CAMB MIMOSA Paternò Butter Chamaleon Zhang Chen Laakko NAC Adaptive Presentation Frameworks for the Web ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ 12
  13. 13. Declarative approach Domain Independence Standard Languages Context Awareness PRISSMA Fresnel LDVM Hide the Stack LESS Tal4Rdf Xenon Surrogates Noadster Haystack Presentation Frameworks for the Semantic Web ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Automatic stylesheets ✓ Evaluation ✓ Distribution Multimodality ✓ ✓ ✓ ✓ 13
  14. 14. Fresnel [Pietriga et al. 2006] Content selection and ordering! Content formatting and additional content! Styling instructions for fonts, colors, and borders! Retrieved from [Pietriga et al. 2006] 14
  15. 15. Fresnel Example :paintingGroup a fresnel:Group ;! fresnel:stylesheetLink <http://example.org/style.css> .! ! ! :paintingLens a fresnel:Lens;! fresnel:group :paintingGroup ;! Lens fresnel:classLensDomain art:Painting ;! fresnel:showProperties (dc:title! dc:creator) .! ! ! :titleFormat a fresnel:Format ;! !fresnel:group :paintingGroup ;! Format !fresnel:propertyFormatDomain dc:title ;! !fresnel:valueStyle ”title"^^fresnel:styleClass .! ! ! ! ! ! ! ! ! ! 15
  16. 16. Extending Fresnel with PRISSMA PRISSMA Context Context Context Description PRISSMA Prism Prism 16
  17. 17. Extending Fresnel with PRISSMA [ISWC DC, 2011] Prism fresnel:group fresnel:Group Prism owl:equivalentClass fresnel:group fresnel:purpose fresnel:Lens fresnel:Format owl:equivalentClass fresnel:Purpose Context 17
  18. 18. Prism, Example Prism :PaintingPrism a prissma:Prism, fresnel:Group ;! fresnel:stylesheetLink <http://example.org/style.css> ;! !fresnel:purpose :atTheMuseum .! ! :foaflens a fresnel:Lens;! fresnel:group :foafPrism;! Lens fresnel:classLensDomain art:Painting ;! fresnel:showProperties (foaf:name! dcn:author) .! ! :depictionFormat a fresnel:Format ;! !fresnel:group :foafPrism ;! Format !fresnel:propertyFormatDomain foaf:name ;! !fresnel:valueStyle "depiction"^^fresnel:styleClass .! ! :atTheMuseum a prissma:Context ;! Context prissma:environment :museumEnv .! ! :museumEnv a prissma:Environment ;! prissma:poi :museumGeo .! ! :museumGeo geo:lat "48.86034" ;! geo:long "2.337599" ;! prissma:radius ”200" .! 18
  19. 19. Examples
 PRISSMA Browser for Android Smartphone, user walking in museum town. Tablet, user at home. 19
  20. 20. Outline 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control with Web Standards 20
  21. 21. Error-Tolerant RDF Matching • Prism Selection Algorithm 21
  22. 22. Presentation Metadata Selection Prism Prism :smartphoneMoving :tabletAtHome Prism :maleVisitorAtTheMuseum :actualContext 22
  23. 23. The Problem of Context Imprecision Ambiguity Incompleteness :user1 :user1 prissma:nearbyEntity foaf:interest "computers" :user1 foaf:interest "computer science" Sensor Noise :poi geo:lat prissma:radius geo:long :John :Anita :Karl 10 48.843453 2.32434 :user1 geo:lat prissma:nearbyEntity :Karl :Anita :poi prissma:radius geo:long 5 48.86034 2.337599 23
  24. 24. RDF-specific ✓ ✓ ✓ PRISSMA Messmer and Bunke Zou Silk iSPARQL Error-tolerant matching for RDF Graphs ✓ Data Heterogeneity ✓ Client-side Execution ✓ Incremental index updates ✓ ✓ ✓ Selective matching cache 24
  25. 25. Adapting Messmer to RDF and Mobile Context Optimal error-tolerant subgraph isomorphism algorithm based on graph edit distance. Extensions: • Atomic element might be a graph: Context Units •  Core Classes :poi •  Entities geo:lat prissma:radius •  Literals geo:long 10 •  Geo 48.843453 2.32434 •  Time • Customized Cost Functions •  Strings (Monge-Elkan) •  Geographic (Haversine distance + Decay) •  Temporal (Interval Inclusion + Decay) •  Missing nodes 25
  26. 26. Prism Selection: Decomposition :museumGeo prissma:Context prissma:Context :atTheMuseum 0 prissma:radius geo:lat geo:lon 200 48.86034 -2.337599 1 prissma:Environment 2 prissma:environment :museumEnv prissma:Environment prissma:poi :museumGeo geo:lat 48.86034 {3,1,2,{prissma:poi}} prissma:radius geo:long 200 2.337599 :atTheMuseum {4,0,3,{prissma:environment}} Context Units 26
  27. 27. Prism Selection: Search Algorithm! 1. Compute context units isomorphisms costs prissma:environment :ActualCtx 1  2  3  4  5  6  7  8  9  foreach context unit S in D do! compute_subgraph_isomorphisms(S,GI)! ! C=0! while C(fcheapest)< T { ! if S1 is Prism then! prissma:Context R.add(S1)! 0 ! foreach child of S1 do! fchild= combine(fS1,fS2)! 10  11  prissma:poi :actualPOI :actualEnv geo:lat prissma:radius geo:long 10 }! return R! 48.843453 2.32434 C=0.34 ! C=0! :museumGeo prissma:radius geo:lat geo:lon 200 48.86034 -2.337599 1 prissma:Environment 2 {3,1,2,{prissma:poi}} :atTheMuseum {4,0,3,{prissma:environment}} 27
  28. 28. Prism Selection: Search Algorithm! prissma:environment :ActualCtx 1  2  3  4  5  6  7  8  9  foreach context unit S in D do! compute_subgraph_isomorphisms(S,GI)! ! C=0!✓ while C(fcheapest)< T { ! if S1 is Prism then! prissma:Context R.add(S1)! 0 ! foreach child of S1 do! fchild= combine(fS1,fS2)! 10  11  prissma:poi :actualPOI :actualEnv geo:lat prissma:radius geo:long 10 }! return R! 48.843453 2.32434 C=0.34 ! C=0!✓ ✓ :museumGeo prissma:radius geo:lat geo:lon 200 48.86034 -2.337599 1 prissma:Environment 2 C=0.17! ✓ {3,1,2,{prissma:poi}} T=0.6! C=0.09! ✓ 2. Combine costs :atTheMuseum {4,0,3,{prissma:environment}} 28
  29. 29. Evaluation: Memory Consumption 250 20 Memory [KB] 25 Decomposition Items 300 200 150 100 50 0 0.1 0.3 0.5 0.7 0.9 Percentage of common context units Total decomposition Items Context Units (decomposition) Context Units (raw prisms) 15 10 5 0 0.1 0.3 0.5 0.7 0.9 Percentage of common context units PRISSMA decomposition Jena Models 29
  30. 30. Evaluation: Response Time → If prisms are completely different if prisms are highly similar 30
  31. 31. Outline 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control with Web Standards 31
  32. 32. Access Control Model 32
  33. 33. SPARQL ✓ ✓ Policies in RDF/ SPARQL ✓ ✓ Context Awareness ✓ ✓ ✓ ✓ ✓ ✓ Resource-level Granularity Shi3ld ubiCosm PPO ✓ ✓ Attribute-Based AC Model Flouris Abel ✓ ✓ Finin HTTP Operations Proteus WAC Access Control Frameworks ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Conflict Verification ✓ ✓ ✓ Evaluation ✓ ✓ ✓ ✓ ✓ 33
  34. 34. Context-Aware Access Control Model [ECAI 2012] s4ac:[Villata 2011] DisjunctiveACS subClassOf hasAccessPrivilege hasAccessConditionSet subClassOf ConjunctiveACS appliesTo AccessPolicy AccessPrivilege AccessConditionSet hasAccessCondition AccessCondition hasQueryAsk Device device hasContext Context User user environment Environment 34
  35. 35. Sample Access Policy :policy1 a s4ac:AccessPolicy; ! Protected resource s4ac:appliesTo :resource; ! s4ac:hasAccessPrivilege s4ac:Read;! s4ac:hasAccessConditionSet :acs1.! ! Access Condition to be verified: :acs1 a s4ac:AccessConditionSet; ! «User must be John and request must s4ac:hasAccessCondition :ac1.! come from a specific location» ! :ac1 a s4ac:AccessCondition;! ! s4ac:hasQueryAsk ! !"""ASK ! ! !{?ctx a prissma:Context; ! ! ! prissma:environment ?env;! ! ! prissma:user <http://example.org/john.rdf#me>. ! ! !?env prissma:currentPOI ?poi. ! ! !?poi prissma:based_near ?p.! ! !?p geo:lat ?lat;geo:lon ?lon.! ! !FILTER(((?lat-45.8483) > 0 && (?lat-45.8483) < 0.5! ! !|| (?lat-45.8483) < 0 && (?lat-45.8483) > -0.5)! ! !&& ((?lon-7.3263) > 0 && (?lon-7.3263) < 0.5 ! ! !|| (?lon-7.3263) < 0 && (?lon-7.3263) > -0.5 ))}""".! 35
  36. 36. Policy Manager New Named Graph creation Access Privileges assignment 36
  37. 37. Policy Manager Location-based access condition Time-based access condition 37
  38. 38. Outline 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control 38
  39. 39. Enforcing Access Control • The Shi3ld Framework 39
  40. 40. Shi3ld Framework SPARQL (Shi3ld-SPARQL) [ECAI 2012] SELECT … ! WHERE {…}! GET /data/resource HTTP/1.1! HTTP Operations (Shi3ld-HTTP) [ESWC 2013] • SPARQL Graph Store Protocol (GSP) • Linked Data Platform (SPARQL-less) 40
  41. 41. Authorization Procedure 1. Adding Client Attributes to the Query (SPARQL) SELECT … ! WHERE {…}! + INSERT DATA { ! GRAPH :ctx1{…} }! :ctx_AC1 p:user p:environment Context user device environment Device Environment :env_AC1 <http://carl-johnson.org#me> p:nearbyEntity User p:nearbyEntity "male" foaf:gender <http://alice.org#me> 41
  42. 42. Authorization Procedure 1. Adding Client Attributes to the Query (HTTP) GET /data/resource HTTP/1.1! Host: example.org! ! Authorization: Shi3ld <...>! :ctx_AC1 Context p:user p:environment user device environment User Device Environment :env_AC1 <http://carl-johnson.org#me> p:nearbyEntity p:nearbyEntity "male" foaf:gender <http://alice.org#me> 42
  43. 43. Authorization Procedure 2. Access Conditions Execution = ASK {?context a prissma:Context; ! prissma:user ?u;! prissma:environment ?e.! ?u rel:employedBy :Louvre_Museum.! ?e prissma:nearbyEntity :Director. ! } ! VALUES (?context) {(:client_attributes)}! GET /data/resource HTTP/1.1! Host: example.org! Authorization: Shi3ld <...>! "false" INSERT DATA { ! GRAPH :ctx1{…} }! 43
  44. 44. Authorization Procedure
 3. Response Construction (SPARQL) :ng1! :ng3! :ng2! SELECT … ! WHERE {…}! SELECT …! FROM :ng2,:ng3! WHERE {…}! 44
  45. 45. Authorization Procedure
 3. Response Construction (HTTP) 401 Unauthorized! 45
  46. 46. Response Time Evaluation (Shi3ld-SPARQL) Corese-KGRAM SPARQL Engine 3.0.14 with Berlin SPARQL Benchmark Dataset 3.1 Dataset size still predominant Small fraction access granted → Faster More context updates, more consumers → Slower 46
  47. 47. Response Time Evaluation (Shi3ld-HTTP) Jena Fuseki 0.2.6 (Shi3ld-GSP), Corese-KGRAM 3.0.14 (Shi3ld-LDP) •  Response time linear w/ AC number •  Shi3ld-HTTP SPARQL-less: 25% faster •  AC complexity does not affect response time 47
  48. 48. Conclusions 48
  49. 49. How Does Mobile Context Influence Linked Data Access? 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control with Web Standards 49
  50. 50. Limitations and Open Issues 1 Mobile Context Model 2 Presentation Model 3 Prisms Distribution: Linked Presentation-level Metadata. Machine learning to optimize cost functions parameterization. Error-Tolerant Subgraph Matching for Context Graphs User acceptability evaluation campaign. 4 5 Access Control Model Enforcing Access Control with Web Standards Explanation mechanism for “access denied” responses. Trustworthiness of Client Context Deeper privacy-preserving mechanism. 50
  51. 51. Perspectives Context-based Linked Data Discovery Enhanced Information Retrieval for mobile users Web of Data interlinking 51
  52. 52. •  L. Costabello. PRISSMA, Towards Mobile Adaptive Presentation of the Web of Data. Doctoral Consortium, ISWC 2011. •  L. Costabello, S. Villata, N. Delaforge and F. Gandon. Linked Data Access Goes Mobile: Context-Aware Authorization for Graph Stores, LDOW 2012. •  L. Costabello, S. Villata and F. Gandon. Context-Aware Access Control for RDF Graph Stores. ECAI 2012. •  S. Villata, L. Costabello, N. Delaforge and F. Gandon. A Social Semantic Web Access Control Model. Journal on Data Semantics, Springer, 2013. •  L. Costabello, S. Villata. O. Rodriguez-Rocha and F. Gandon. Access Control for HTTP Operations on Linked Data, ESWC 2013. PRISSMA wimmics.inria.fr/projects/prissma Shi3ld wimmics.inria.fr/projects/shi3ld http://luca.costabello.info Thanks 52

×