Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005.

Published byErik Johnston Modified over 8 years ago

Similar presentations

Presentation on theme: "Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005."— Presentation transcript:

1

2 Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005

3 SWPW, Nov.7 2005The SWPW Panel2 Piero Bonatti, University of Naples Topics 1) Policies are not just about security or privacy 2) Policies are not islands 3) Policies must be integrated with ontologies 4) Policies must be norms 5) Policies must be X

4 SWPW, Nov.7 2005The SWPW Panel3 Piero Bonatti, University of Naples 1. Policies are not just about security / privacy Aren't these policies, too? Business rules Quality of Service directives Visa eligibility criteria... All these policies make decisions grant/deny access, establish eligibility (visas), make discounts Based on similar pieces of information user / agent / server properties age, nationality, profile, identity, reputation, certifications...

5 SWPW, Nov.7 2005The SWPW Panel4 Piero Bonatti, University of Naples Policies are not (only) passive objects Policies may specify Event logging Communications and notifications Workflow triggering such as (partly) manual registration procedures... So policies are about Decision support + behavior specifications declarative (despite the word “behavior”)

6 SWPW, Nov.7 2005The SWPW Panel5 Piero Bonatti, University of Naples 2. Policies are not islands Decisions need data, information, and knowledge Each organization has its own Already available through legacy software and data A realistic solution must interoperate with them Third parties Credit card sites for validity checking Credential repositories Short term solution Mediation and integration techniques maybe wrappers instantiation efforts needed a challenge for SW interoperation approaches in the long run

7 SWPW, Nov.7 2005The SWPW Panel6 Piero Bonatti, University of Naples 2. Policies are not islands What about standard security mechanisms? They are so robust and efficient Border routers Firewalls DBMS access control, maybe Web Server access control (well...) Can't we exploit them in our smart frameworks? Further advantage: avoid bottlenecks Centralized security monitors for high-level policies (XACML) Standard mechanisms are already widely supported credits: Arnie Rosenthal

8 SWPW, Nov.7 2005The SWPW Panel7 Piero Bonatti, University of Naples 3. Policies must be integrated with ontologies Why, policies are already integrated with ontologies! Rules immersed in the policy Definition of authenticated user Definition of accepted ID Definition of accepted credit card Trusted CA Currently formulated in terms of credentials and declarations x.509 web forms rules No complex prerequisites!

9 SWPW, Nov.7 2005The SWPW Panel8 Piero Bonatti, University of Naples 3. Policies must be integrated with ontologies Challenges: Interoperability on a larger scale interplay with legacy software and third parties lightweight evidence can be based on any web contents how to explain requirements in a machine- understandable way? a standard semantic web issue – ontologies still lightweight?... infrastructural prerequisites

10 SWPW, Nov.7 2005The SWPW Panel9 Piero Bonatti, University of Naples 4. Policies must be norms How strict? Which logic? A lesson from IMPACT: Deontic “Agent Programs” Approach 1: what is possible determines a space of allowed actions what is obligatory determines concrete actions Redundant – eventually we didn't use possibility Approach 2: “obligatory” implies “possible” whatever concrete action you make becomes automatically possible Possibility is useless Should we really start with “traditional” approaches?

11 SWPW, Nov.7 2005The SWPW Panel10 Piero Bonatti, University of Naples 4. Policies must be norms In our scenarios norms establish: A space of possible choices Please disclose a library card or a driving licence Release VISA or MASTERCARD credit card Maybe preferences A SSN is more sensitive than a library card And constraints Date of birth and address should not be disclosed together It is not immediately clear which is the right choice Is it really so much about deontic logic? Optimization, games,...?

12 SWPW, Nov.7 2005The SWPW Panel11 Piero Bonatti, University of Naples 5. Policies must be X X = ACCESSIBLE Users should understand the policies applied by the systems that users interact with and users should be able to personalize those policies With pre-defined policies: machine violated in 5 min. With personalized policy: secure for 2 weeks (end of experiment) Know what your policy does not check (and avoid pitfalls) A social problem: Everybody's machine is on the internet Millions of computers can be exploited for attacks by taking advantage of the users' lack of technical competence

13 SWPW, Nov.7 2005The SWPW Panel12 Piero Bonatti, University of Naples 5. Policies must be accessible Challenges: Make rules intelligible to the common user Use natural language? Suitably restricted to avoid ambiguities Explain policies and system decisions A classical AI problem – perfectly in line with SW Encourage people to personalize their policies

14 SWPW, Nov.7 2005The SWPW Panel13 Piero Bonatti, University of Naples Conclusions (?) Polices & Trust Negotiation are important because: They might prove the effectiveness of semantic web ideas in the short term Nontrivial shared ontologies based on X.509 + rules Rule-based policies are important because: They might alleviate users' lack of awareness about their system's policy The main cause of today's world-scale security problems It is important to keep promises and deliver solutions

Download ppt "Web Policy Zeitgeist Panel SWPW 2005 – Galway, Ireland Piero Bonatti, November 7th, 2005."

Similar presentations

4. May 2007 Workshop on Dynamic Service Level AgreementsPage 1 Dynamic SLA Negotiation in BREIN Bastian Koller High Performance Computing Center Stuttgart.

4. May 2007 Workshop on Dynamic Service Level AgreementsPage 1 Dynamic SLA Negotiation in BREIN Bastian Koller High Performance Computing Center Stuttgart.
Infrastructure Working Group. Infrastructure vs. Services SecurityAuthentication Service Infrastructure.

Infrastructure Working Group. Infrastructure vs. Services SecurityAuthentication Service Infrastructure.
Infrastructure vs. Services SecurityAuthenticationTransactions Services.

Infrastructure vs. Services SecurityAuthenticationTransactions Services.
Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.

Single Sign-On with GRID Certificates Ernest Artiaga (CERN – IT) GridPP 7 th Collaboration Meeting July 2003 July 2003.
Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR.

Semantic Web Policies - A Discussion of Requirements and Research Issues SHIVARAMAN RAGHURAMAN SHIVARAMAN RAGHURAMAN MUKESH SUSILKUMAR MUKESH SUSILKUMAR.
ELAG Trondheim 2004 1 Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.

ELAG Trondheim Distributed Access Control - BIBSYS and the FEIDE solution Sigbjørn Holmslet, BIBSYS, Norway Ingrid Melve, UNINET, Norway.
Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.

Trust, Security and Privacy in Learning Networks Daniel Olmedilla L3S Research Center / Hannover University Learning Networks in Practice 10 th May, 2007.
ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.
Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.
1 CSIT600f: Introduction to Semantic Web Conclusion and Outlook Dickson K.W. Chiu PhD, SMIEEE Text: Antoniou & van Harmelen: A Semantic Web PrimerA Semantic.

1 CSIT600f: Introduction to Semantic Web Conclusion and Outlook Dickson K.W. Chiu PhD, SMIEEE Text: Antoniou & van Harmelen: A Semantic Web PrimerA Semantic.
0 General information Rate of acceptance 37% Papers from 15 Countries and 5 Geographical Areas –North America 5 –South America 2 –Europe 20 –Asia 2 –Australia.

0 General information Rate of acceptance 37% Papers from 15 Countries and 5 Geographical Areas –North America 5 –South America 2 –Europe 20 –Asia 2 –Australia.
A Context Framework for Ambient Intelligence. Context servers Motivation interoperable Machine processable Security & privacy.

A Context Framework for Ambient Intelligence. Context servers Motivation interoperable Machine processable Security & privacy.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
Alan Dekok, CTO Terena 2010 - June 2 Why Identity Management is hard.

Alan Dekok, CTO Terena June 2 Why Identity Management is hard.
Protecting Children Leon Thomas Head of Regulatory Compliance, PartyGaming EGBA Chair of Compliance and Responsible Gaming Committee.

Protecting Children Leon Thomas Head of Regulatory Compliance, PartyGaming EGBA Chair of Compliance and Responsible Gaming Committee.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.

Exploiting Preferences for Minimal Credential Disclosure in Policy-Driven Trust Negotiations Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke L3S Research.
Can Network Security be Fun? An agent-based Simulation Model and Game Proposal A computer lets you make more mistakes faster than any invention in human.

Can Network Security be Fun? An agent-based Simulation Model and Game Proposal "A computer lets you make more mistakes faster than any invention in human.
McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.

McGraw-Hill/Irwin © 2008 The McGraw-Hill Companies, All Rights Reserved Chapter 7 Storing Organizational Information - Databases.
Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Android Security Enforcement and Refinement. Android Applications --- Example Example of location-sensitive social networking application for mobile phones.

Similar presentations

Ads by Google