Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computational Policies in a Need to Share Environment Tim Finin University of Maryland, Baltimore County SemGrail workshop, Redmond WA, 21 June 2007.

Published byReynard Parsons Modified over 8 years ago

Similar presentations

Presentation on theme: "Computational Policies in a Need to Share Environment Tim Finin University of Maryland, Baltimore County SemGrail workshop, Redmond WA, 21 June 2007."— Presentation transcript:

1 Computational Policies in a Need to Share Environment Tim Finin University of Maryland, Baltimore County SemGrail workshop, Redmond WA, 21 June 2007

2 Introduction Comments on the role of and require- ments for computational policies in today’s environment –Web, 9/11, pervasive computing, … Ideas in development in collaboration with colleagues from UT Dallas, GMU, and MIT

3 Background We’ve been working on computational policies since about 1999 –Started with XML encoded horn clauses for supply chain mgmt & pervasive computing Moved policy research to the Semantic Web in ~2002 –Lalana Kagal developed Rei in her dissertation Applications have varied –Also enhanced P3P, service matching and selection, collaborative teams, RDF store access, and distributed router configuration.

4 Policy-based Automated Wide-Area Network Configuration and Management Goal: self configuring network routers running in a coalition envi- ronment demonstrating constraints on border gateway protocol

5 General approach A computational policy describes a system’s actions or behavior “Describes” can be –Specifies: whenever X, do Y –Constrains: doing X is permitted –Advises: whenever X, doing Y is preferred to doing Z Public policies and common policies foster interoperability and cooperation

6 Some lessons learned Most of the work in developing a policy is in developing the domain ontology –Often the constraints are simple, e.g., “For faculty use only” Sharing policies means sharing domain models –The Semantic Web offers a sound and practical approach for shared domain models

7 Some lessons learned Several approaches to encoded the rules or constraints part of policies –Descriptions of permitted, forbidden and obliged classes of actions (KAOS) –Using rule extensions to RDF (Rei, Rein) Some approaches are problematic –E.g., uncertainty, probabilities, defaults But OWL can do the heavy lifting in reasoning about the terms –Is Mary a full-time faculty member from a higher- educational institution? What’s the evidence?

8 New Requirements 9/11 and related events illustrated problems in how sensitive information is managed Managing information and services on the Web with appropriate security and privacy and simplicity is increasingly important and challenging Autonomous devices like mobile phones, routers and medical equipment need access too.

9 Need to Know, Need to Share Traditional information security frame- works are based on “need to know” Unless you can prove that you have a pre- arranged right to this information, you can’t have it The 9/11 commission recommended moving from this to “need to share” I think this information may be important for you to accomplish your mission and would like to share it with you

10 Need to Know, Need to Share Traditional information security frame- works are based on “need to know” Unless you can prove that you have a pre- arranged right to access this information, you can’t have it The 9/11 commission recommended moving from this to “need to share” I think this information may be important for you to accomplish your mission and would like to share it with you

11 Just a slogan? For “need to share” to be more than just a political slogan, we need to under- stand what it might mean technically … and to explore its feasibility and desirability … and the risks and benefits

12 Required Capabilities Semantic Interoperability Unknown principals Context Speech acts and negotiation Adjustable privacy Usage control, enforcement, accountability Explanations and provenance Ramifications

13 Semantic Interoperability Having a shared policy requires that the parties agree on –The semantics of the policy language (e.g., is everything not explicitly forbidden allowed?) –The semantics of the domain ontology (e.g., who’s a faculty member?) The Semantic Web is a big win here.

14 Unknown Principles Standard access control is based on authentication –I have a list of who can do what. Just prove to me which of these people you are In open environments (Web, pervasive computing) this won’t work We can control access based on their their (provable) attributes –Prove you’re a current UMBC student to use the printer

15 Context What’s forbidden in a normal situation may be allowed in a life-threatening emergency Context descriptions (e.g., tags) can identify the current situation Policy rules can be conditioned by context –E.g., as guards on rules or by enabling/ disabling policy modules

16 Adjustable privacy One way to enforce privacy is to not divulge information Another is to provide general answers Where’s John? –[47.670412403362256, -122.12013959884644] –In Redmond –In Washington state –On travel Policies can control the granularity of answers given to different queries

17 Usage control and accountability Enforcing policies can be a difficult issue in open, distributed systems MIT’s policy aware approach is exploring accountability for use –Policy violations can be detected in logs There’s lots more to usage constraints –E.g., DRM policies constrain how often you can perform certain operations on an object Systems need to reason about there own behavior as well as that of others

18 Explanations and provenance Explaining why a policy decision holds or doesn’t hold can be important –Explaining why a constraint does not hold continues to be a difficult task The explanation may involve provenance, citing the source for the facts and policy constraints used

19 Utility and Ramifications In some environments, the utility of data may be a factor in whether to share or not –This requires reasoning about the requestor’s tasks, the data’s relevance to them and the availability of alternate data This may also require Bayesian reasoning –What’s the likelihood that the patient might have diabetes? In general, a system might reason about the risks and benefits of sharing vs.. not sharing the data

20 Planned Architecture Policy Engine OWL Reasoner Utility Reasoner Policy Ontology Util Ont Bayes Ont Domain Ontology OWL Policy Rules Instance Data RDF SPARQL

21 Conclusion Managing information in open, distributed environments with appropriate security and privacy is increasingly important Computational policies can help Semantic Web technologies offer a way to share common policy concepts, policies, and domain models Other representation and reasoning compo- nents will be needed for many application domains.

22 http://ebiquity.umbc.edu/

Download ppt "Computational Policies in a Need to Share Environment Tim Finin University of Maryland, Baltimore County SemGrail workshop, Redmond WA, 21 June 2007."

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences Paul Smart, Ali.

International Technology Alliance In Network & Information Sciences International Technology Alliance In Network & Information Sciences Paul Smart, Ali.
Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.

Policy based Cloud Services on a VCL platform Karuna P Joshi, Yelena Yesha, Tim Finin, Anupam Joshi University of Maryland, Baltimore County.
Policy Description & Enforcement Languages Anis Yousefi

Policy Description & Enforcement Languages Anis Yousefi
SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.

SmartER Semantic Cloud Sevices Karuna P Joshi University of Maryland, Baltimore County Advisors: Dr. Tim Finin, Dr. Yelena Yesha.
Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.

Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.
1 Department of Computer Science and Engineering, University of South Carolina 2007-01-05 Issues for Discussion and Work Jan 2007  Choose meeting time.

1 Department of Computer Science and Engineering, University of South Carolina Issues for Discussion and Work Jan 2007  Choose meeting time.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
From SHIQ and RDF to OWL: The Making of a Web Ontology Language

From SHIQ and RDF to OWL: The Making of a Web Ontology Language
ICAICT202A - Work and communicate effectively in an IT environment

ICAICT202A - Work and communicate effectively in an IT environment
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
1 of 30 Declarative Policies for Describing Web Service Capabilities and Constraints Lalana Kagal Tim Finin Anupam Joshi University of Maryland Baltimore.

1 of 30 Declarative Policies for Describing Web Service Capabilities and Constraints Lalana Kagal Tim Finin Anupam Joshi University of Maryland Baltimore.
Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.

Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.
Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.

Course 6421A Module 7: Installing, Configuring, and Troubleshooting the Network Policy Server Role Service Presentation: 60 minutes Lab: 60 minutes Module.
Semantics for Big Data (,) Security and Privacy Tim Finin and Anupam Joshi University of Maryland, Baltimore County Baltimore MD NSF Workshop on Big Data.

Semantics for Big Data (,) Security and Privacy Tim Finin and Anupam Joshi University of Maryland, Baltimore County Baltimore MD NSF Workshop on Big Data.
An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.

An Intelligent Broker Architecture for Context-Aware Systems A PhD. Dissertation Proposal in Computer Science at the University of Maryland Baltimore County.
1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.

1 1 Interoperating: MIT’s Fusion Center Prototype & JHU/APL’s Back End Attribute Exchange (Identity Management Testbed) January 2013.
Anupam Joshi and Tim Finin Ebiquity UMBC

Anupam Joshi and Tim Finin Ebiquity UMBC
Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.

Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.
Intelligent Agents Meet the Semantic Web in Smart Spaces Harry Chen,Tim Finin, Anupam Joshi, and Lalana Kagal University of Maryland, Baltimore County.

Intelligent Agents Meet the Semantic Web in Smart Spaces Harry Chen,Tim Finin, Anupam Joshi, and Lalana Kagal University of Maryland, Baltimore County.

Similar presentations

Ads by Google