Context-Aware Access Control and Presentation of Linked Data

1. CONTEXT-AWARE   ACCESS CONTROL AND PRESENTATION OF LINKED DATA PhD Thesis Defence Luca COSTABELLO 29 November 2013

2. Mobile Guide “Is it optimized for my tablet?” “Does it have a visuallyimpaired mode?” “Does it provide practical information when I am on my way?” Museum triplestore “Paintings metadata accessible only to on-site visitors.” “Museum Data accessible this week only” “Metadata can be edited by employers only” 2

3. How Does Mobile Context Inﬂuence Linked Data Access? Mobile Context Model Context-Aware Linked Data Presentation Context-Aware Linked Data Access control 3

4. Outline 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control with Web Standards 4

6. Mobile Context Model • PRISSMA Ontology 6

7. Domain independence Coverage Variable Context Granularity Extensibility Core ontology approach Lightweight Ontology Reuse of Existing Terms Availability on the Web ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ PRISSMA DCO Hervás Korpipää CoDaMoS CONON CoOL SOUPA Context Ontologies ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ 7

8. The PRISSMA vocabulary http://ns.inria.fr/prissma 8

9. Example: at the museum  :atTheMuseum a prissma:Context ;! prissma:environment :museumEnv .! ! prissma:Context :museumEnv a prissma:Environment ;! :atTheMuseum prissma:poi :museumGeo.! ! prissma:environment :museumGeo geo:lat "48.86034" ;! geo:long "2.337599" ;! prissma:Environment prissma:radius ”200" .! :museumEnv ! prissma:poi :museumGeo geo:lat 48.86034 prissma:radius geo:long 200 2.337599 9

11. Presentation Model • Extending Fresnel with PRISSMA 11

12. ✓ Linked Data support Context-awareness ✓ ✓ Standard Languages ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Runtime adaptation ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Multimodality ✓ Client-side only Evaluation PRISSMA CSS Media Queries COIN Adipat CAMB MIMOSA Paternò Butter Chamaleon Zhang Chen Laakko NAC Adaptive Presentation Frameworks for the Web ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ 12

13. Declarative approach Domain Independence Standard Languages Context Awareness PRISSMA Fresnel LDVM Hide the Stack LESS Tal4Rdf Xenon Surrogates Noadster Haystack Presentation Frameworks for the Semantic Web ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Automatic stylesheets ✓ Evaluation ✓ Distribution Multimodality ✓ ✓ ✓ ✓ 13

14. Fresnel [Pietriga et al. 2006] Content selection and ordering! Content formatting and additional content! Styling instructions for fonts, colors, and borders! Retrieved from [Pietriga et al. 2006] 14

15. Fresnel Example :paintingGroup a fresnel:Group ;! fresnel:stylesheetLink <http://example.org/style.css> .! ! ! :paintingLens a fresnel:Lens;! fresnel:group :paintingGroup ;! Lens fresnel:classLensDomain art:Painting ;! fresnel:showProperties (dc:title! dc:creator) .! ! ! :titleFormat a fresnel:Format ;! !fresnel:group :paintingGroup ;! Format !fresnel:propertyFormatDomain dc:title ;! !fresnel:valueStyle ”title"^^fresnel:styleClass .! ! ! ! ! ! ! ! ! ! 15

16. Extending Fresnel with PRISSMA PRISSMA Context Context Context Description PRISSMA Prism Prism 16

17. Extending Fresnel with PRISSMA [ISWC DC, 2011] Prism fresnel:group fresnel:Group Prism owl:equivalentClass fresnel:group fresnel:purpose fresnel:Lens fresnel:Format owl:equivalentClass fresnel:Purpose Context 17

18. Prism, Example Prism :PaintingPrism a prissma:Prism, fresnel:Group ;! fresnel:stylesheetLink <http://example.org/style.css> ;! !fresnel:purpose :atTheMuseum .! ! :foaflens a fresnel:Lens;! fresnel:group :foafPrism;! Lens fresnel:classLensDomain art:Painting ;! fresnel:showProperties (foaf:name! dcn:author) .! ! :depictionFormat a fresnel:Format ;! !fresnel:group :foafPrism ;! Format !fresnel:propertyFormatDomain foaf:name ;! !fresnel:valueStyle "depiction"^^fresnel:styleClass .! ! :atTheMuseum a prissma:Context ;! Context prissma:environment :museumEnv .! ! :museumEnv a prissma:Environment ;! prissma:poi :museumGeo .! ! :museumGeo geo:lat "48.86034" ;! geo:long "2.337599" ;! prissma:radius ”200" .! 18

19. Examples  PRISSMA Browser for Android Smartphone, user walking in museum town. Tablet, user at home. 19

21. Error-Tolerant RDF Matching • Prism Selection Algorithm 21

22. Presentation Metadata Selection Prism Prism :smartphoneMoving :tabletAtHome Prism :maleVisitorAtTheMuseum :actualContext 22

23. The Problem of Context Imprecision Ambiguity Incompleteness :user1 :user1 prissma:nearbyEntity foaf:interest "computers" :user1 foaf:interest "computer science" Sensor Noise :poi geo:lat prissma:radius geo:long :John :Anita :Karl 10 48.843453 2.32434 :user1 geo:lat prissma:nearbyEntity :Karl :Anita :poi prissma:radius geo:long 5 48.86034 2.337599 23

24. RDF-speciﬁc ✓ ✓ ✓ PRISSMA Messmer and Bunke Zou Silk iSPARQL Error-tolerant matching for RDF Graphs ✓ Data Heterogeneity ✓ Client-side Execution ✓ Incremental index updates ✓ ✓ ✓ Selective matching cache 24

25. Adapting Messmer to RDF and Mobile Context Optimal error-tolerant subgraph isomorphism algorithm based on graph edit distance. Extensions: • Atomic element might be a graph: Context Units •  Core Classes :poi •  Entities geo:lat prissma:radius •  Literals geo:long 10 •  Geo 48.843453 2.32434 •  Time • Customized Cost Functions •  Strings (Monge-Elkan) •  Geographic (Haversine distance + Decay) •  Temporal (Interval Inclusion + Decay) •  Missing nodes 25

26. Prism Selection: Decomposition :museumGeo prissma:Context prissma:Context :atTheMuseum 0 prissma:radius geo:lat geo:lon 200 48.86034 -2.337599 1 prissma:Environment 2 prissma:environment :museumEnv prissma:Environment prissma:poi :museumGeo geo:lat 48.86034 {3,1,2,{prissma:poi}} prissma:radius geo:long 200 2.337599 :atTheMuseum {4,0,3,{prissma:environment}} Context Units 26

27. Prism Selection: Search Algorithm! 1. Compute context units isomorphisms costs prissma:environment :ActualCtx 1  2  3  4  5  6  7  8  9  foreach context unit S in D do! compute_subgraph_isomorphisms(S,GI)! ! C=0! while C(fcheapest)< T { ! if S1 is Prism then! prissma:Context R.add(S1)! 0 ! foreach child of S1 do! fchild= combine(fS1,fS2)! 10  11  prissma:poi :actualPOI :actualEnv geo:lat prissma:radius geo:long 10 }! return R! 48.843453 2.32434 C=0.34 ! C=0! :museumGeo prissma:radius geo:lat geo:lon 200 48.86034 -2.337599 1 prissma:Environment 2 {3,1,2,{prissma:poi}} :atTheMuseum {4,0,3,{prissma:environment}} 27

28. Prism Selection: Search Algorithm! prissma:environment :ActualCtx 1  2  3  4  5  6  7  8  9  foreach context unit S in D do! compute_subgraph_isomorphisms(S,GI)! ! C=0!✓ while C(fcheapest)< T { ! if S1 is Prism then! prissma:Context R.add(S1)! 0 ! foreach child of S1 do! fchild= combine(fS1,fS2)! 10  11  prissma:poi :actualPOI :actualEnv geo:lat prissma:radius geo:long 10 }! return R! 48.843453 2.32434 C=0.34 ! C=0!✓ ✓ :museumGeo prissma:radius geo:lat geo:lon 200 48.86034 -2.337599 1 prissma:Environment 2 C=0.17! ✓ {3,1,2,{prissma:poi}} T=0.6! C=0.09! ✓ 2. Combine costs :atTheMuseum {4,0,3,{prissma:environment}} 28

29. Evaluation: Memory Consumption 250 20 Memory [KB] 25 Decomposition Items 300 200 150 100 50 0 0.1 0.3 0.5 0.7 0.9 Percentage of common context units Total decomposition Items Context Units (decomposition) Context Units (raw prisms) 15 10 5 0 0.1 0.3 0.5 0.7 0.9 Percentage of common context units PRISSMA decomposition Jena Models 29

30. Evaluation: Response Time → If prisms are completely different if prisms are highly similar 30

32. Access Control Model 32

33. SPARQL ✓ ✓ Policies in RDF/ SPARQL ✓ ✓ Context Awareness ✓ ✓ ✓ ✓ ✓ ✓ Resource-level Granularity Shi3ld ubiCosm PPO ✓ ✓ Attribute-Based AC Model Flouris Abel ✓ ✓ Finin HTTP Operations Proteus WAC Access Control Frameworks ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ ✓ Conﬂict Veriﬁcation ✓ ✓ ✓ Evaluation ✓ ✓ ✓ ✓ ✓ 33

34. Context-Aware Access Control Model [ECAI 2012] s4ac:[Villata 2011] DisjunctiveACS subClassOf hasAccessPrivilege hasAccessConditionSet subClassOf ConjunctiveACS appliesTo AccessPolicy AccessPrivilege AccessConditionSet hasAccessCondition AccessCondition hasQueryAsk Device device hasContext Context User user environment Environment 34

35. Sample Access Policy :policy1 a s4ac:AccessPolicy; ! Protected resource s4ac:appliesTo :resource; ! s4ac:hasAccessPrivilege s4ac:Read;! s4ac:hasAccessConditionSet :acs1.! ! Access Condition to be veriﬁed: :acs1 a s4ac:AccessConditionSet; ! «User must be John and request must s4ac:hasAccessCondition :ac1.! come from a speciﬁc location» ! :ac1 a s4ac:AccessCondition;! ! s4ac:hasQueryAsk ! !"""ASK ! ! !{?ctx a prissma:Context; ! ! ! prissma:environment ?env;! ! ! prissma:user <http://example.org/john.rdf#me>. ! ! !?env prissma:currentPOI ?poi. ! ! !?poi prissma:based_near ?p.! ! !?p geo:lat ?lat;geo:lon ?lon.! ! !FILTER(((?lat-45.8483) > 0 && (?lat-45.8483) < 0.5! ! !|| (?lat-45.8483) < 0 && (?lat-45.8483) > -0.5)! ! !&& ((?lon-7.3263) > 0 && (?lon-7.3263) < 0.5 ! ! !|| (?lon-7.3263) < 0 && (?lon-7.3263) > -0.5 ))}""".! 35

36. Policy Manager New Named Graph creation Access Privileges assignment 36

37. Policy Manager Location-based access condition Time-based access condition 37

38. Outline 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control 38

39. Enforcing Access Control • The Shi3ld Framework 39

40. Shi3ld Framework SPARQL (Shi3ld-SPARQL) [ECAI 2012] SELECT … ! WHERE {…}! GET /data/resource HTTP/1.1! HTTP Operations (Shi3ld-HTTP) [ESWC 2013] • SPARQL Graph Store Protocol (GSP) • Linked Data Platform (SPARQL-less) 40

41. Authorization Procedure 1. Adding Client Attributes to the Query (SPARQL) SELECT … ! WHERE {…}! + INSERT DATA { ! GRAPH :ctx1{…} }! :ctx_AC1 p:user p:environment Context user device environment Device Environment :env_AC1 <http://carl-johnson.org#me> p:nearbyEntity User p:nearbyEntity "male" foaf:gender <http://alice.org#me> 41

42. Authorization Procedure 1. Adding Client Attributes to the Query (HTTP) GET /data/resource HTTP/1.1! Host: example.org! ! Authorization: Shi3ld <...>! :ctx_AC1 Context p:user p:environment user device environment User Device Environment :env_AC1 <http://carl-johnson.org#me> p:nearbyEntity p:nearbyEntity "male" foaf:gender <http://alice.org#me> 42

43. Authorization Procedure 2. Access Conditions Execution = ASK {?context a prissma:Context; ! prissma:user ?u;! prissma:environment ?e.! ?u rel:employedBy :Louvre_Museum.! ?e prissma:nearbyEntity :Director. ! } ! VALUES (?context) {(:client_attributes)}! GET /data/resource HTTP/1.1! Host: example.org! Authorization: Shi3ld <...>! "false" INSERT DATA { ! GRAPH :ctx1{…} }! 43

44. Authorization Procedure  3. Response Construction (SPARQL) :ng1! :ng3! :ng2! SELECT … ! WHERE {…}! SELECT …! FROM :ng2,:ng3! WHERE {…}! 44

45. Authorization Procedure  3. Response Construction (HTTP) 401 Unauthorized! 45

46. Response Time Evaluation (Shi3ld-SPARQL) Corese-KGRAM SPARQL Engine 3.0.14 with Berlin SPARQL Benchmark Dataset 3.1 Dataset size still predominant Small fraction access granted → Faster More context updates, more consumers → Slower 46

47. Response Time Evaluation (Shi3ld-HTTP) Jena Fuseki 0.2.6 (Shi3ld-GSP), Corese-KGRAM 3.0.14 (Shi3ld-LDP) •  Response time linear w/ AC number •  Shi3ld-HTTP SPARQL-less: 25% faster •  AC complexity does not affect response time 47

48. Conclusions 48

49. How Does Mobile Context Inﬂuence Linked Data Access? 1 Mobile Context Model 2 Presentation Model 3 Error-Tolerant Subgraph Matching for Context Graphs 4 Access Control Model 5 Enforcing Access Control with Web Standards 49

50. Limitations and Open Issues 1 Mobile Context Model 2 Presentation Model 3 Prisms Distribution: Linked Presentation-level Metadata. Machine learning to optimize cost functions parameterization. Error-Tolerant Subgraph Matching for Context Graphs User acceptability evaluation campaign. 4 5 Access Control Model Enforcing Access Control with Web Standards Explanation mechanism for “access denied” responses. Trustworthiness of Client Context Deeper privacy-preserving mechanism. 50

51. Perspectives Context-based Linked Data Discovery Enhanced Information Retrieval for mobile users Web of Data interlinking 51

52. •  L. Costabello. PRISSMA, Towards Mobile Adaptive Presentation of the Web of Data. Doctoral Consortium, ISWC 2011. •  L. Costabello, S. Villata, N. Delaforge and F. Gandon. Linked Data Access Goes Mobile: Context-Aware Authorization for Graph Stores, LDOW 2012. •  L. Costabello, S. Villata and F. Gandon. Context-Aware Access Control for RDF Graph Stores. ECAI 2012. •  S. Villata, L. Costabello, N. Delaforge and F. Gandon. A Social Semantic Web Access Control Model. Journal on Data Semantics, Springer, 2013. •  L. Costabello, S. Villata. O. Rodriguez-Rocha and F. Gandon. Access Control for HTTP Operations on Linked Data, ESWC 2013. PRISSMA wimmics.inria.fr/projects/prissma Shi3ld wimmics.inria.fr/projects/shi3ld http://luca.costabello.info Thanks 52

Context-Aware Access Control and Presentation of Linked Data

You are reading a preview.

Context-Aware Access Control and Presentation of Linked Data

More Related Content

More from Luca Costabello

Featured

Related Books

Related Audiobooks