The Policy-Aware Web: Privacy

steelsquareInternet και Εφαρμογές Web

20 Οκτ 2013 (πριν από 3 χρόνια και 9 μήνες)

72 εμφανίσεις

mindswap

maryland information and network dynamics lab semantic web agents project

The Policy
-
Aware Web: Privacy
and Transparency on the
Semantic Web

Jim Hendler

Hendler@cs.umd.edu

http://www.cs.umd.edu/~hendler

2004 NSF National Priorities ITR to UMCP and MIT


(Hendler, Berners
-
Lee, Weitzner
-

PIs)


mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Outline


Motivation


Example


Digression


Content


Challenge(s)


Summary

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

"Because it's there…"

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Access and Privacy Control

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

As we publish more info
-

how do we control
access …

Who can see What??

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Current Policy Languages


A number of languages being explored:


P3P (data
-
centric relational semantics
-
> relational database)


WS
-
Policy (propositional, and & or, but weak not)


Features and Properties (no operators, easier to map to RDF)


Combinators (choose one/all, similar to WS
-
Policy)


KaOS Policy and Domain Services


WSPL and EPAL (subsets of XACMLs)


XACML (and, or, not, first and higher order bag functions)


Rei (OWL
-
Lite + logic
-
like variables)



A lot of ambiguity about exact expressivity and
computational properties (or even the semantics!)

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

An example: WS
-
Policy


WS
-
Policy provides a flexible grammar for
expressing C&C of web services


Normalized form (maybe to do non normalized)


Two translation approaches:


Policies as Instances


Readable, but hard to capture semantics


Available at:


http://mindswap.org/dav/ontologies/ws
-
policy_instance.owl


Policies as Classes


Translate WS
-
Policy constructs into OWL constructs


E.g., wsp:All
--
> owl:intersectionOf

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

WS
-
Policy Example

<
wsp:Policy
>

<wsp:ExactlyOne>


<wsp:All>



<wsse:SecurityToken>




<wsse:TokenType>wsse:Kerberosv5TGT</wsse:TokenType>



</wsse:SecurityToken>


</wsp:All>


<wsp:All>



<wsse:SecurityToken>




<wsse:TokenType>wsse:X509v3</wsse:TokenType>



</wsse:SecurityToken>


</wsp:All>


<wsp:All>



<wsse:SecurityToken>




<wsse:TokenType>wsse:UserNameToken</wsse:TokenType>



</wsse:SecurityToken>


</wsp:All>

</wsp:ExactlyOne>

</
wsp:Policy
>



mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Mapping WS
-
Policy to OWL


“all” is easy: it’s logical conjuction (i.e., intersectionOf)


“exactlyOne” is harder, two readings:


Older version: “oneOrMore”


Inclusive OR, maps to owl:unionOf


“exactlyOne” suggests XOR


Have to map to a disjunction of conjunctions


Quadratic increase in size of disjuncts



Ontology:
http://www.mindswap.org/dav/ontologies/policytest.owl




mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Example


@prefix owl: <
http://www.w3.org/2002/07/owl#
> .

@prefix policytest: <
http://www.mindswap.org/~kolovski/policytest.owl#
> .


policytest:TestPolicy

a

owl:Class
;


owl:intersectionOf

(




owl:unionOf

(



policytest:SecurityTokenTypeUsernameToken


policytest:SecurityTokenTypeX509


policytest:SecurityTokenTypeKerberos

)




owl:complementOf



owl:unionOf

(



owl:intersectionOf

(




policytest:SecurityTokenTypeUsernameToken



policytest:SecurityTokenTypeX509

)



owl:intersectionOf

(




policytest:SecurityTokenTypeUsernameToken



policytest:SecurityTokenTypeKerberos

)



owl:intersectionOf

(




policytest:SecurityTokenTypeX509



policytest:SecurityTokenTypeKerberos

)

)

)


.



mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Use OWL tools

mindswap

maryland information and network dynamics lab semantic web agents project

Digression

MINDSWAP ontology tools

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

SWOOP: OWL ontology tool

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Ontology Debugging Service


Example taken from Sweet
-
JPL OWL Ontology,
where 13 out of ~3000 axioms make one class
unsatisfiable

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Under the hood


The Semantic Web vision requires "plumbing" that lives
on the Web, but provides support for


Ontologies linked together


Reasoning that can scale


Limited expressivity (OWL)


Mixed Logics and Rules (RIF)


Open World reasoning (CW is key to many algorithms performance)


"Hidden" logic
-

users want results, not symbols


Modularity and collaboration



Teams of people creating teams of ontology


And much more


Triple store scaling, HTTP embedding (state free),URIs…


mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

RDF/XML Parser

Species Validation &

Ontology Repair

SPARQL Parser

TBox

ABox

T
g

T
u

TBox

Absorption

XSD

Reasoner

Tableau

Reasoner


Internalization

Jena

Interface

DIG

Interface

KnowledgeBase Interface

(Reasoner SPI)

Jena

Application

OWL API

Application

DIG

Application

ABox Query

Engine

OWL API

Interface

Pellet: a reasoner for the SemWeb

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Pellet: OWL reasoner


Description Logic reasoner based on tableaux algorithms


Specifically designed for OWL


Primarily for OWL
-
DL ontologies


Heuristics to
repair

OWL Full ontologies


Research extensions to OWL FULL


First reasoner to support all of OWL
-
DL


Implements SHOIQ algorithm by Horrocks and Sattler


Provides all the standard reasoning services


KB consistency, concept satisfiability, classification, realization


Plus…


mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Special Features


Query Answering


Conjunctive ABox queries expressed in RDQL or SPARQL


Datatype Reasoning


Check if the intersection of XML Schema datatypes is satisfiable


Support reasoning with user
-
defined derived datatypes


e.g. numeric or time intervals


Multi
-
Ontology Reasoning using E
-
Connections


Defining and instantiating combinations of OWL
-
DL ontologies


An alternative to
owl:imports


Ontology Debugging


Explaining the cause of unsatisfiable concepts


Relations between unsatisfiable concepts


Non
-
monotonic Reasoning with
K
-
operator


Closed
-
world queries using ALCK

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Pellet (more)


Coerces “DL
-
izable” OWL Full ontologies into OWL DL


OWL Full and OWL DL can be unified


Inverse functional properties on datatype properties


Punning: Metaclasses allowed


Type assignment for untyped classes


Combines inverse and nominal correctly (decidably)


Extended datatype support (more built in and user
defined datatypes)


Incremental reasoning through update of the KB:


Optimized classification and realization (50% to order of
magnitude improvements)


Working on updating the completion graph to speed initial
consistency check

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Performance


Dynamic completion strategy selection based on
the ontology expressivity


Nominals (oneOf, hasValue), Inverse Properties
(inverseOf), Individuals


Includes standard optimization techniques


Normalization, simplification, absorption, semantic
branching, dependency directed backjumping,
caching, model merging, binary instance retrieval


Several novel optimizations (see KR ’06 paper)


Nominal absorption, learning
-
based disjunct
selection, partial backjumping, nominal
-
based model
merging, lazy forest generation, forest caching

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Applications using Pellet


Ontology editing and management


Available as a Swoop plug
-
in


DIG interface to support Protégé


Web Service composition


Matchmaking for Web Services


Reasoning about preconditions and effects


Fujitsu Task Computing Environment


Interacting with devices and Web Services


Reasoning about policies


Policy consistency, policy containment, etc.


Process WS
-
Policy descriptions

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Policy Aware Web

(NSF ITR; Hendler, Berners
-
Lee, Weitzner; 2005)

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

PAW demo…

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Web Server

Content

Use case:

A Web browser requests the home
page for a girl scout troop and is
given it by a Web server.

Demo

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Web Server

Content

However, requests for images result
in HTTP Error 401,
“Unauthorized”

401

401

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

The 401 “Unauthorized” response
has been modified to provide a
URL to a policy:

HTTP/1.1 401 Not authorized


Date: Sat, 03 Dec 2005 15:32:18 GMT


Server: TwistedWeb/2.0.1


Policy:
http://groups.csail.mit.edu/dig/2005/09/rein/examples/troop42
-
policy.n3


Content
-
type: text/html; charset=UTF
-
8


Connection: close

10:32:20 ERROR 401: Not authorized.

Demo

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

{ REQ a rein:Request.


REQ rein:resource PHOTO.


?F a TroopStuff; log:includes


{ PHOTO a t:Photo; t:location LOC.


LOC a t:Meeting }.



REQ rein:requester WHO.


WHO session:secret ?S.


?S crypto:md5 TXT.



?F a TroopStuff; log:includes


{ [] t:member [ is foaf:maker of PG ].


LOC t:attendee [ is foaf:maker of PG ] }.


PG log:semantics [ log:includes


{ PG foaf:maker [ session:hexdigest TXT ] }


].


} => { WHO http:can
-
get PHOTO }.


Example policies


Photos taken at meetings of
the troop can be shared with
any current member of the
troop.


Photos taken at a jamboree
can be shared with anyone in
the troop or with anyone who
attended the jamboree.


Photos of any girl in the troop
can be shared with the world
if that girl's parent has given
permission

Policies use linked rules

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Rein "ontology"

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Rein example

{ <http://dig.csail.mit.edu/2005/09/rein/examples/troop42.rdf>

log:semantics ?F } => { ?F a TroopStuff }.


# Photos take at meetings of the troop can be shared with any

# current member of the troop

{ REQ a rein:Request.


REQ rein:resource PHOTO.


?F a TroopStuff; log:includes


{ PHOTO a t:Photo; t:location LOC.


LOC a t:Meeting }.



REQ rein:requester WHO.


WHO session:secret ?S.


?S crypto:md5 TXT.



?F a TroopStuff; log:includes


{ [] t:member [ is foaf:maker of PG ].


LOC t:attendee [ is foaf:maker of PG ] }.


PG log:semantics [ log:includes


{ PG foaf:maker [ session:hexdigest TXT ] }


].


} => { WHO http:can
-
get PHOTO }.



# Photos taken at a jamboree can be shared with anyone in the

# troop or with anyone who attended the jamboree.


# (i) anyone who is in the troop

{ REQ a rein:Request.


REQ rein:resource PHOTO.


?F a TroopStuff; log:includes


{ PHOTO a t:Photo; t:location LOC.



LOC a t:Jamboree }.



REQ rein:requester WHO.


WHO session:secret ?S.


?S crypto:md5 TXT.



?F a TroopStuff; log:includes



{ [] t:member [ is foaf:maker of PG ]. }.


PG log:semantics [ log:includes


{ PG foaf:maker [ session:hexdigest TXT ] }


].


} => { WHO http:can
-
get PHOTO }.




# (ii) anyone who attended the jamboree

{ REQ a rein:Request.


REQ rein:resource PHOTO.


?F a TroopStuff; log:includes


{ PHOTO a t:Photo; t:location LOC.



LOC a t:Jamboree }.



REQ rein:requester WHO.


WHO session:secret ?S.


?S crypto:md5 TXT.



?F a TroopStuff; log:includes



{ LOC t:attendee [ is foaf:maker of PG ]. }.


PG log:semantics [ log:includes


{ PG foaf:maker [ session:hexdigest TXT ] }


].


} => { WHO http:can
-
get PHOTO }.

The RDF/XML syntax is even worse:


Authorability/Editability are important


issues


Specialized use (cf. Creative Commons)


a partial out.

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Web Server

Use of the PAW proof
-
generation
proxy results in a proof which
satisfies the policy:

Third
-
party services may be
consulted to help construct
the proof.

Proof

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

The proxy:


1.
Uses Rein, a policy engine, to specify rules which match
a given policy.

2.
The Rein rules are run in Cwm, a forward
-
chaining
reasoner for the Semantic Web. This generates a proof.

3.
Proof is HTTP
-
PUT on the server, and a HTTP
-
GET on
same document is then invoked (requires HTTP 1.1)

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Web Server

Content

The Web server checks the proof
and serves the content if it is valid.

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

The server:


1.
Uses Cwm to validate the proof.

2.
Takes action based on validation (serves content or
denies).

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Current demo work:


1.
Make use of multiple distributed authentication systems
(instead of holding secrets in the proxy).

2.
Associate content with RDF metadata and base policy
decisions on the RDF

3.
Address issues of eventual integration of the proxy with
a Web browser (e.g. cookie storage).

4.
Extend system to "distributed" scenarios (different
authorities hold parts of policy, may have own rules on
access)

5.
Attack user interface issues

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Open, Distributed Policy Challenges


Identity vs. privacy


How do you identify yourself w/o violating the very privacy
concerns we hope to address?


Current identity schemes are centralized and universal


Can we do a distributed ID model (maybe email based)?


Inconsistency


In logic "P ^
-
P => Q"


On Web it better not!

(Supports(Hillary) ^
-
Supports(Hillary)) => you owe me $1000


Can we use a "non
-
standard" logic solution?


Provenance and downstream tracking


As information flows through the system, later access may
depend on earlier decisions


Policies often dependent on use context


Policies may change depending on how information was acquired


mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Provenance Tracking on the
Semantic Web


Provenance of Data


Who or what services created/input the data


Files on which the data depends


Date and time of creation


Steps taken to compute / produce the data


"recursively" ground to the above

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Producing Provenance Data


On the Semantic Web



Provenance can be stored and tracked


Services represented by Service Descriptions


All files created and and referenced by URIs


Web service executes and also outputs and OWL model of the
service execution, including all provenance data


Service outputs a file with provenance for each output file


Semantic Web triple stores maintain mapping to this file from triples
or subgraphs

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

"Magic" is in URIs

Every piece of data gets its own "web page"

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Ontology for provenance

The "Web page" itself is machine
-
readable (OWL)

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Validation
-

IPAW provenance Challenge


E.g. A user has run the workflow
twice, in the second instance
replacing each procedures
(convert) in the final stage with
two procedures:
pgmtoppm
, then
pnmtojpeg
. Find the differences
between the two workflow runs.


Answered

every query

successfully

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Dana's Challenge


All data directly output from a Predator UAV is classified.


Classified data combined with unclassified data is
considered classified.


Classified data can only be viewed by persons with top
secret clearance, with the following exceptions:


… In warfare conditions, unclassified persons may view perishable
data that is classified if the persons life is threatened due to lack
of that data and if the person's superior has top secret clearance
and has approved such viewing.

Can we apply PAW to Army policies w/in B3AN?

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Conclusions


Information lives in specific contexts


The Semantic Web helps us place information into these (multiple)
contexts.


Control of information requires control of contexts


Explication of policies


Linked in a Web
-
like way


Integrated directly into the Web


With extensions for rules and proofs


Is really hard


Issues of identity, inconsistency, provenance, change over time


But holds great potential


Flexible and adaptive


"Policy
-
Aware" Web project (joint between UMCP and MIT)


First step towards "Semantic Accountability" applications

http://www.policyawareweb.org/

mindswap

maryland information and network dynamics lab semantic web agents project

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Another Cool thing…


What is a rule of logic?


In traditional philosophy it relates to "Truth"


What is truth on the Web?


Ex: How many cows are in Texas?


On the Web, we could use an idea of agreed
upon rules, grounded at URI


Social definition of truth via shared contexts


Ex: Because Mom said so…

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Truth on Web Pages
[based on Heflin etal, 1998]


Inference rules could be used to determine the credibility of claims


I might believe the claims made by a reliable Newspaper


Trustable(x) :
-

x; reliableNewspaper.


And I could establish the Washington Post as reliable...


i.e. I assert:



http://www.washingtonpost.com owl:class reliableNewspaper.


or if I infer it


ReliableNewspaper(X) :
-
>



X owl:class ReliableNewspaper;http://MediaWatchList.


(?) reliableNewspaper(X) :
-





X owl:class ReliableNewspaper; src ^ trusted(src).


The rules are "grounded" in a testable way


cf. If I can HTTP
-
get the fact, then it is asserted

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Rule Sets could be shared


You can ground your sources


X :
-

X; src ^ src owl:class TrustedSource; http://…/myMomSet.rdf


Or infer trusted sources based on other rule sets


X :
-

X; src ^ src owl:class TrustedSource;
http://ex.com/RushLimbaughSet.rdf


X :
-

X; src ^ src owl:class TrustedSource;
http://ex.com/UnabomberRules.rdf


^
--
( X;
http://www.rushLimbaugh.com/truths.rdf)


mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Annotated Logic

(in 25 words or less)


Traditional Logic

P &
-
P => Q (P and
-
P are inconsistent)


Annotated Logic


P;X &
-
P;Y are not inconsistent


P;X &
-
P;X => Q;X but not Q;Y


P;X &
-
(P;X) is inconsistent and must be
avoided (but this is easily checked if inference
of RHS is restricted)

mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

On the Web


Annotations represent document contexts

X;Y and
-
(X;Y) cannot co
-
occur



(unless Web is broken)

(modulo temporal change, but that's another talk)

<foaf:Person>


<foaf:name>Jim Hendler</foaf:name>


<foaf:title>Dr</foaf:title>


<foaf:firstName>Jim</foaf:firstName>


<foaf:surname>Hendler</foaf:surname>


<foaf:mbox_sha1sum>


be972c7a602683f7cf3c7a1fd0949c565debe4d3


</foaf:mbox_sha1sum>


<foaf:homepage rdf:resource="http://www.cs.umd.edu/~hendler"/>


<foaf:depiction rdf:resource="http://www.semanticgrid.org/q
-
iantbljim.jpg"/>


<foaf:workplaceHomepage rdf:resource="http://owl.mindswap.org"/>

</foaf:Person>


http://www.cs.umd.edu/~hendler/2003/foaf.rdf

==

<foaf:name>Jim Hendler</foaf:name>
;



http://www.cs.umd.edu/~hendler/2003/foaf.rdf


mindswap

maryland information and network dynamics lab semantic web agents project

KFRW 06

Leveraging Work in:

Policy Aware Web (W/Berners
-
Lee)

Link
-
mining in PiT data (w/Getoor)

Incremental OWL reasoning

Ontology debugging