In federated query processing, different datasets can be queried simultaneously. Each dataset has different privacy policies attached, but, which privacy policy will govern the usage of the query result? In this work we propose a mechanism, based on semantic web technologies, to compose privacy policies. The originality of our approach is that our composition rules are based on the data usage context and deduced implicit terms.
Nightside clouds and disequilibrium chemistry on the hot Jupiter WASP-43b
Policies Composition Based on Data Usage Context
1. Policies Composition Based on
Data Usage Context
Valeria Soto-Mendoza, Patricia Serrano-Alvarado,
Emmanuel Desmontils, José-Antonio García-Macías
1
In International Workshop on Consuming Linked Data (COLD) at ISWC, 12 pages,
Bethlehem, Pennsylvania, United States,12 October 2015
https://hal.archives-ouvertes.fr/hal-01184660
2. Problem
• Massive production and usage of
(personal) data
• Usage policies should be defined for every
data (PriLoo, ODRL, PPo, l4all, CC, GPL,
etc.)
• But in a collaborative application
combining data, which will be the usage
policy of the resulting data?
12/01/16 2
3. Our goal
• A method to combine policies
– based on semantic web technologies
(ontologies, reasoning rules, rdf,…)
– considering usage context
– easy to extend
12/01/16 3
4. Proposed approach
• Federation of personal
data servers servers
(e.g., SPARQL endpoints)
• Usage policies linked to
personal data
• Federated query
• Before query evaluation,
PrODUCE makes policies
composition
PrODUCE is a mechanism for policies composition
based on semantic web technologies
12/01/16 4
5. PriLoo usage policies
Like other policies, but in
addition they describe:
• the contexte under
which data should be
used
– Usage purposes, usage
duration, usage locality,
storage locality, etc.
• What to do with non-
explicit terms/properties
– implicitProperties (all-
but-prohibited, all-but-
permitted-or-obliged)
• Families of licensesPriLoo ontology
http://www.privacy-lookout.net/pluxml/index.php
12/01/16 5
6. Some details
• For ImplicitStatus, two values are allowed:
– all-but-prohibited, to prohibit all implicit terms and
– all-but-permits-or-obliges, to permit or to oblige
implicit terms
• LegalTerms, Operations and Purposes are terms
structured in a hierarchical tree
– For instance, LegalTerm “moral rights preserve”
inherits of “rights preserve”, consultation purpose
inherits of medical purpose
– For legal terms, operations and purposes defined in
PriLoo, see http://privacy-lookout.net/ontologies/
2015/06/28/pl-usage-terms.n3
12/01/16 6
7. PriLoo – available usage policies
• Several standard licenses have been
defined in PriLoo like CC-By or Beerware
http://privacy-lookout.net/ontologies/2015/06/28/pl-licenses.n3
12/01/16 7
lic:Beerware a pl:License ;
rdfs:label "Beer-ware Licence (Revision 42)"@en ;
rdfs:comment "If we meet some day, and you think this stuff is worth it, you can buy me a beer in
return"@en ;
pl:legalTermsURL "http://people.freebsd.org/~phk/"^^xsd:anyURI ;
pl:memberOfTheFamily lic:PublicDomain ;
pl:permitedOperation operation:rename ;
pl:obligedLegalTerm term:copyrightNotice ;
pl:permitedLegalTerm term:warranty .
lic:CC-BYv3 a pl:License ;
rdfs:label "CC BY 3.0"@en , "CC BY 3.0"@fr ;
rdfs:comment "Creative Commons Attribution 3.0 Unported"@en ;
pl:obligedLegalTerm term:by ;
pl:legalTermsURL "http://creativecommons.org/licenses/by/3.0/legalcode"^^xsd:anyURI ;
pl:memberOfTheFamily lic:CreativeCommonsFreeCulture ;
pl:permitedOperation operation:write ;
owl:sameAs sc_registro:CC-BY_1, <http://creativecommons.org/licenses/by/3.0/> .
8. PrODUCE composition process
• Stage 0 applies ontology-
based rules to consider data
usage context: Bussines rules,
propagation rules, implicit
management rules
• Stage 1 applies operators
AND and OR: AND for
permissions, OR for
prohibitions/obligations
• Stage 2 uses priorities to
resolve conflicts: 1 for
original terms, 2 for terms
produced by bussines rule, 3
for rules produced by implicit
management and propagation
rules
12/01/16 8
12. Stage 1 – composition operations (1/2)
#Policy 1 extended
1. :License1 a pl:License ;
2. pl:obliges legalTerm:fairDealing, legalTerm:constraintDerivative, legalTerm:waiver, … ;
3. pl:prohibits operation:rename, operation:write ;
4. pl:permits operation:read , operation:distribute , operation:publishing .
5. :PUCelder1 a pl:PUC ;
6. pl:begin "2014-02-03T00:00:00.000+01:00" ;
7. pl:duration "P0Y0M2D"^ ^ xsd:duration ;
8. pl:getPurposeFrom :License1 ;
9. pl:grantee <http://serenaseniorcare.com/> ;
10.pl:grantor <Resident1.n3> ;
11.pl:hasLicense :License1 ;
12.pl:implicitProperties pl:all-but-prohibited ;
13.pl:object <Resident1PersonalData.n3> ;
14.pl:permits purpose:consultation , purpose:scientific , purpose:tracking , purpose:medical ;
#Policy 4 extended
1. :License4 a pl:License ;
2. pl:obliges legalTerm:by, legalTerm:constraintDerivative ;
3. pl:prohibits legalTerm:otherRightsPreserve, legalTerm:copyrightNotice, legalTerm:warranty, … ;
4. pl:permits operation:read, operation:sharing, operation:publishing .
5. :PUCelder3 a pl:PUC ;
6. pl:begin "2014-02-03T00:00:00.000+01:00" ;
7. pl:duration "P0Y0M2D"^ ^ xsd:duration ;
8. pl:getPurposeFrom :License4 ;
Model Operator Description
Permits operation/purpose AND
An operation or purpose is permitted in
the composed policy if it appears in all
policies.
Prohibits operation/purpose/
legalTerm
OR
An operation, purpose or legalTerm is
prohibited in the composed policy if it
appears in at least one policy.
Obliges legalTerm OR
A legalTerm is obligated in the
composed policy if it appears in at least
one policy.
Operators applied for
legalTerms and
operations in the
licenses.
12/01/16 12
#Policy 5 extended
1. :License5 a pl:License ;
2. pl:obliges legalTerm:fairDealing , legalTerm:otherRightsPreserve, legalTerm:copyrightNotice, legalTerm:warranty, … ;
3. pl:permits operation:read, operation:sharing, operation:rename, operation:distribute, operation:publishing, … .
13. Stage 1 – composition operations (2/2)
#Policy 1 extended
1. …
2. :PUCelder1 a pl:PUC ;
2. pl:permits purpose:consultation , purpose:scientific , purpose:tracking , purpose:medical ;
3. pl:prohibits purpose:sales , purpose:commercial , purpose:care, purpose:gift, purpose:privateUse, … ;
4. … .
#Policy 4 extended
1. …
2. :PUCelder3 a pl:PUC ;
3. pl:permits purpose:wellbeing, purpose:management , purpose:commercial , purpose:tracking ,
4. purpose:consultation , purpose:scientific, purpose:sales, purpose:medical, purpose:care, purpose:gift ;
5. pl:prohibits purpose:privateUse ;
6. … .
Model Operator Description
Permits operation/purpose AND
An operation or purpose is permitted in
the composed policy if it appears in all
policies.
Prohibits operation/purpose/
legalTerm
OR
An operation, purpose or legalTerm is
prohibited in the composed policy if it
appears in at least one policy.
Obliges legalTerm OR
A legalTerm is obligated in the
composed policy if it appears in at least
one policy.
Operators applied to
purposes in the PUC.
12/01/16 13
#Policy 5 extended
1. …
2. :PUC elder2 a pl:PUC ;
14. Stage 2 – solution of conflicts
12/01/16 14
• Based on priorities
– High priority: original terms/purposes
– Medium priority: terms/purposes added by business rules
– Low priority: terms/purposes added by implicit management and propagation
rules
• In addition
– If same priority for a permitted term/purpose that is prohibited in at least one
policy, then it will not be included in the final policy;
– if two terms are not compatible then one of them is chosen based on the
requester purposes.
#Composite policy
1. :scientificCompositePolicy a pl:License ;
2. pl:obliges legalTerm:moralRightsPreserve, legalTerm:by, legalTerm:notice,
3. legalTerm:lesserCopyLeft, legalTerm:holdLiable, legalTerm:fairDealing, legalTerm:origin,
4. legalTerm:rightsPreserve, legalTerm:publicDomainPreserve, legalTerm:warranty,
5. legalTerm:copyrightNotice, legalTerm:waiver, legalTerm:sa, legalTerm:otherRightsPreserve,
6. legalTerm:constraintDerivative, legalTerm:history, legalTerm:freeSourceCode, legalTerm:limitedCommercial ;
7. pl:permits operation:publishing, operation:read ;
8. pl:prohibits operation:rename, operation:write, operation:using, operation:distribute, operation:derivative,
9. operation:copy, operation:sharing, operation:unlimitedDisclosure, legalTerm:publicDomainPreserve,
10. legalTerm:waiver, legalTerm:fairDealing, legalTerm:otherRightsPreserve, legalTerm:holdLiable,
11. legalTerm:coyrightNotice, legalTerm:warranty, legalTerm:sa, legalTerm:rightsPreserve, legalTerm:lesserCopyLeft,
12. legalTerm:by, legalTerm:history, legalTerm:moralRightsPreserve, legalTerm:freeSourceCode, legalTerm:origin,
13. legalTerm:notice .
17. Gangadharan, et
al.
Mesiti, et al. Villata, et al. PrODUCE
Context Web services MPEG resources Web of data Web of data
Policies
representation
Ontology-based Set of grants Ontology-based Ontology-based
Models
Permission,
requirement,
constraint
-
Permissions,
obligations,
prohibitions
Permissions,
obligations,
prohibitions
Terms
By scopes. Rights:
{adaptation, composition,
derivation, attribution,
shareAlike, non-
commercial}, Financial:
{peruse,payment}
By groups. Use:{play, print,
execute}, Manage:{install,
uninstall, move, delete},
Transformation:{reduce,
enlarge, modify, diminish
enhance, adapt, embed}
DerivativeWorks, Sharing,
Distribution, Reproduction,
Notice, Attribution,
ShareAlike, SourceCode,
CopyLeft, NonCommercial,
Commercial,
HighIncomeNationUse
Operations:{read, write,
unlimitedDisclosure,rename
}, terms:{notice,
copyrightNotice, waranty,
holdliable, fairDealing},
purposes:{commercial,
private, medical, scientific}
Composition
rules
Meaning-based Group-based
Deontic logic-
based
Ontology-based
Unspecified
terms
Rules case-by-
case
-
Conservative
decision
Decision based on
the data-usage
context
Data-usage
context
No
Yes (only usage
purpose in the
composition
request)
No Yes
17
18. Perspectives
• Custom policies and resulting policies are
legal ? We have to talk with Jurists…
• To define new rules for contextual aspects
like Laws of the usage and storage locations
of concerned data
• To construct a feedback when the policies
combination is not possible
12/01/16 18