Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling Access Control and Privacy through Ontology Mohammad M. R. Chowdhury Dr. Josef Noll UniK - University Graduate Center, Norway Dr. Juan Miguel.

Published byEzra Mason Modified over 8 years ago

Similar presentations

Presentation on theme: "Enabling Access Control and Privacy through Ontology Mohammad M. R. Chowdhury Dr. Josef Noll UniK - University Graduate Center, Norway Dr. Juan Miguel."— Presentation transcript:

1 Enabling Access Control and Privacy through Ontology Mohammad M. R. Chowdhury Dr. Josef Noll UniK - University Graduate Center, Norway Dr. Juan Miguel Gomez Universidad Carlos III de Madrid, Spain Nov. 19, Innovations’07, Dubai This is a part of Research (work-in-progress) - ’Identity-based Service Interaction’ under the project SWACOM (www.swacom.org ) with funding from Norwegian Research Council.www.swacom.org

2 Contents Background –Identity: Real world to digital world –Role based identity mechanism Proposed SemID (semantic identity) –Use case scenario –Policies and rules Implementations –Class, subclass, instances and properties –Rules and inference engine Future work Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

3 Background Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

4 Identity: Real world to digital world Real world Identities Digital world identities Identity Digital world Passwords everywhere Gartner says (annual IT security summit 2005) 80% of organizations will reach a password breaking point by 2007. Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai Managing these Many!!! Reuse, Write down

5 Based on human roles played in real life, Chowdhury (ICWMC 2007, Guadeloupe) proposed personal, corporate and social identities. Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

6 Human roles Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

7 Role based identity mechanism My digital identity –Personal identities (PID): Identify ourselves in our very personal interactions. –My corporate identities (CID): Identify ourselves in our corporate/professional interactions. –My social identity (SID): Identify ourselves in our society/ community/ interpersonal interactions. Very personal mobile phone is the preferred device to access and store ’my digital identity’ … ” user carries mobile phone more often than Wallet these days” Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai ’my digital identity’ - partly placed in the network and - partly in mobile phone SIM card

8 We proposed to combine capabilities of Semantic Web Technology for representation of corporate and social identities. We designed SemID (www.semid.org) ontology to manage corporate identities (social identities in a parallel work) facilitating access control and privacy support in project oriented corporate environment. Knowledge of the identity management domain needs to be encoded to facilitate understanding and manipulation of computers. This encoding is achieved through specification and utilization of Ontology – formal representation of a domain. In this paper, OWL, Web Ontology Language is used to formalize and define the proposed identity management domain. Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

9 OWL is a part of the "Semantic Web Vision" - a future where: –Web information has exact meaning –Web information can be processed by computers –Computers can integrate information from different places on the web Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

10 SemID (Semantic Identity) Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

11 Use Case scenario Objective: Access control to project resources Maintaining privacy of project oriented group and its members --- based on members’ roles in a project Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

12 Use case: goals Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

13 The access control and privacy goals are achieved through policies and rules. Each role has certain policy (or policies). A Policy (P) represents the privilege reserved for each role in a community and expressed through a set of Rules ( ). Therefore Policy, Essentially a Rule is a function that takes an access request as input and results an action (permit, deny or not-application). So, the Rule is simplified as, If Josef Noll is the project leader and he wants to write over a project deliverables, the corresponding rule will be defined as, Policies and Rules Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

14 We model the ontology of the use case scenario with OWL-DL (sub-language of OWL) using Protègè ontology editor platform. Assume, - Individuals are already authenticated to the project. - Visitors are those whose identity instances are not defined in the ontology Implementation Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

15 Description of corporate identities (assuming them as ’name’ string) Ensure general visibility of Group Ensure visibility of member details of Group Role definition and its properties Ontology has 4 distinct policies

16 Lets, visualize the whole ontology using OntovizTab of Protègè. SemID_1.pdf SemID_1.pdf Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

17 Rules have not been added in this paper (added recently) Rules have been represented using SWRL (Semantic Web Rule Language) There is SWRLTab in Protégé to add rules from our proposed ontology Jess rule engine provides the inference of SWRL rules There is SWRLJessTab in Protégé for this purpose Rules and inference engine Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

18 Rules Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai It is assumed that requester already authenticated to the project

19 Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

20

21

22 What is the requester’s Role? What is the corresponding Policy? What is the Action of the Policy and Rule? Which one is the Rule of this policy?

23 Future research Develop a front-end (software) based on this ontology and rules Develop an ontology which can take care of social community scenarios –Access to community resources based on the relationships (ex. Parents of student who belongs to class 2 of Sogn School) Bear in mind: Project leader of Release 9 project (corporate identity) Parents of a Maria (social identity) Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

24 Thank You ? Mohammad M. R. Chowdhury Innovations’07, Nov. 19, Dubai

Download ppt "Enabling Access Control and Privacy through Ontology Mohammad M. R. Chowdhury Dr. Josef Noll UniK - University Graduate Center, Norway Dr. Juan Miguel."

Similar presentations

Improving Learning Object Description Mechanisms to Support an Integrated Framework for Ubiquitous Learning Scenarios María Felisa Verdejo Carlos Celorrio.

Improving Learning Object Description Mechanisms to Support an Integrated Framework for Ubiquitous Learning Scenarios María Felisa Verdejo Carlos Celorrio.
Design by Contract.

Design by Contract.
AVATAR: Advanced Telematic Search of Audivisual Contents by Semantic Reasoning Yolanda Blanco Fernández Department of Telematic Engineering University.

AVATAR: Advanced Telematic Search of Audivisual Contents by Semantic Reasoning Yolanda Blanco Fernández Department of Telematic Engineering University.
Operating System Security

Operating System Security
CH-4 Ontologies, Querying and Data Integration. Introduction to RDF(S) RDF stands for Resource Description Framework. RDF is a standard for describing.

CH-4 Ontologies, Querying and Data Integration. Introduction to RDF(S) RDF stands for Resource Description Framework. RDF is a standard for describing.
Chronos: A Tool for Handling Temporal Ontologies in Protégé

Chronos: A Tool for Handling Temporal Ontologies in Protégé
Chapter 6: Modeling and Representation Service-Oriented Computing: Semantics, Processes, Agents – Munindar P. Singh and Michael N. Huhns, Wiley, 2005.

Chapter 6: Modeling and Representation Service-Oriented Computing: Semantics, Processes, Agents – Munindar P. Singh and Michael N. Huhns, Wiley, 2005.
Semantic Web Thanks to folks at LAIT lab Sources include :

Semantic Web Thanks to folks at LAIT lab Sources include :
The Acquisition and Sharing of Domain Knowledge Contained in Software with a Compliant SIK Architecture by Prof. dr. Vasile AVRAM Academy of Economic Studies.

The Acquisition and Sharing of Domain Knowledge Contained in Software with a Compliant SIK Architecture by Prof. dr. Vasile AVRAM Academy of Economic Studies.
SELBO Agent Ivan Minov University of Plovdiv “Paisii Hilendarski“

SELBO Agent Ivan Minov University of Plovdiv “Paisii Hilendarski“
SOFTWARE ENGINEERING ONTOLOGY A DEVELOPMENT METHODOLOGY Projects: eLSE & SELBO Iveta Georgieva.

SOFTWARE ENGINEERING ONTOLOGY A DEVELOPMENT METHODOLOGY Projects: eLSE & SELBO Iveta Georgieva.
Chapter 6: Modeling and Representation Service-Oriented Computing: Semantics, Processes, Agents – Munindar P. Singh and Michael N. Huhns, Wiley, 2005.

Chapter 6: Modeling and Representation Service-Oriented Computing: Semantics, Processes, Agents – Munindar P. Singh and Michael N. Huhns, Wiley, 2005.
1 SWE 205 - Introduction to Software Engineering Lecture 23 – Architectural Design (Chapter 13)

1 SWE Introduction to Software Engineering Lecture 23 – Architectural Design (Chapter 13)
Sensemaking and Ground Truth Ontology Development Chinua Umoja William M. Pottenger Jason Perry Christopher Janneck.

Sensemaking and Ground Truth Ontology Development Chinua Umoja William M. Pottenger Jason Perry Christopher Janneck.
Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.

Data Management I DBMS Relational Systems. Overview u Introduction u DBMS –components –types u Relational Model –characteristics –implementation u Physical.
Semantic Location Based Services for Smart Spaces Kostas Kolomvatsos, Vassilis Papataxiarhis, Vassileios Tsetsos P ervasive C omputing R esearch G roup.

Semantic Location Based Services for Smart Spaces Kostas Kolomvatsos, Vassilis Papataxiarhis, Vassileios Tsetsos P ervasive C omputing R esearch G roup.
ReQuest (Validating Semantic Searches) Norman Piedade de Noronha 16 th July, 2004.

ReQuest (Validating Semantic Searches) Norman Piedade de Noronha 16 th July, 2004.
FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.
From SHIQ and RDF to OWL: The Making of a Web Ontology Language

From SHIQ and RDF to OWL: The Making of a Web Ontology Language
Terregov: eGovernment interoperability on a semantically driven world Interop-ESA/eGov Interop conference Geneva, February 2005 Santos Vicente, María Pérez,

Terregov: eGovernment interoperability on a semantically driven world Interop-ESA/eGov Interop conference Geneva, February 2005 Santos Vicente, María Pérez,

Similar presentations

Ads by Google