Get documents about "The Policy-Aware Web Privacy and Transparency on the Semantic Web
Document Sample
mindswap
maryland information and network dynamics lab semantic web agents project
The Policy-Aware Web: Privacy
and Transparency on the
Semantic Web
Jim Hendler
Hendler@cs.umd.edu
http://www.cs.umd.edu/~hendler
2004 NSF National Priorities ITR to UMCP and MIT
(Hendler, Berners-Lee, Weitzner- PIs)
mindswap
maryland information and network dynamics lab semantic web agents project
Outline
• Motivation
• Example
• Digression
• Content
• Challenge(s)
• Summary
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
"Because it's there…"
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Access and Privacy Control
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
As we publish more info- how do we control
access …
Who can see What??
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Current Policy Languages
• A number of languages being explored:
– P3P (data-centric relational semantics -> relational database)
– WS-Policy (propositional, and & or, but weak not)
– Features and Properties (no operators, easier to map to RDF)
• Combinators (choose one/all, similar to WS-Policy)
– KaOS Policy and Domain Services
– WSPL and EPAL (subsets of XACMLs)
– XACML (and, or, not, first and higher order bag functions)
– Rei (OWL-Lite + logic-like variables)
• A lot of ambiguity about exact expressivity and
computational properties (or even the semantics!)
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
An example: WS-Policy
• WS-Policy provides a flexible grammar for
expressing C&C of web services
– Normalized form (maybe to do non normalized)
• Two translation approaches:
– Policies as Instances
• Readable, but hard to capture semantics
• Available at:
http://mindswap.org/dav/ontologies/ws-policy_instance.owl
– Policies as Classes
• Translate WS-Policy constructs into OWL constructs
• E.g., wsp:All --> owl:intersectionOf
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
WS-Policy Example
<wsp:Policy >
<wsp:ExactlyOne>
<wsp:All>
<wsse:SecurityToken>
<wsse:TokenType>wsse:Kerberosv5TGT</wsse:TokenType>
</wsse:SecurityToken>
</wsp:All>
<wsp:All>
<wsse:SecurityToken>
<wsse:TokenType>wsse:X509v3</wsse:TokenType>
</wsse:SecurityToken>
</wsp:All>
<wsp:All>
<wsse:SecurityToken>
<wsse:TokenType>wsse:UserNameToken</wsse:TokenType>
</wsse:SecurityToken>
</wsp:All>
</wsp:ExactlyOne>
</wsp:Policy >
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Mapping WS-Policy to OWL
• “all” is easy: it’s logical conjuction (i.e., intersectionOf)
• “exactlyOne” is harder, two readings:
– Older version: “oneOrMore”
• Inclusive OR, maps to owl:unionOf
– “exactlyOne” suggests XOR
• Have to map to a disjunction of conjunctions
• Quadratic increase in size of disjuncts
– Ontology:
http://www.mindswap.org/dav/ontologies/policytest.owl
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Example
• @prefix owl: <http://www.w3.org/2002/07/owl#> .
@prefix policytest: <http://www.mindswap.org/~kolovski/policytest.owl#> .
policytest:TestPolicy a owl:Class;
owl:intersectionOf (
owl:unionOf (
policytest:SecurityTokenTypeUsernameToken
policytest:SecurityTokenTypeX509
policytest:SecurityTokenTypeKerberos )
owl:complementOf
owl:unionOf (
owl:intersectionOf (
policytest:SecurityTokenTypeUsernameToken
policytest:SecurityTokenTypeX509 )
owl:intersectionOf (
policytest:SecurityTokenTypeUsernameToken
policytest:SecurityTokenTypeKerberos )
owl:intersectionOf (
policytest:SecurityTokenTypeX509
policytest:SecurityTokenTypeKerberos ) ) ) .
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Use OWL tools
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Digression
MINDSWAP ontology tools
mindswap
maryland information and network dynamics lab semantic web agents project
SWOOP: OWL ontology tool
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Ontology Debugging Service
• Example taken from Sweet-JPL OWL Ontology,
where 13 out of ~3000 axioms make one class
unsatisfiable
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Under the hood
• The Semantic Web vision requires "plumbing" that lives
on the Web, but provides support for
– Ontologies linked together
– Reasoning that can scale
• Limited expressivity (OWL)
• Mixed Logics and Rules (RIF)
• Open World reasoning (CW is key to many algorithms performance)
– "Hidden" logic - users want results, not symbols
– Modularity and collaboration
• Teams of people creating teams of ontology
– And much more
• Triple store scaling, HTTP embedding (state free),URIs…
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Pellet: a reasoner for the SemWeb
RDF/XML Parser SPARQL Parser
Interface
Jena
Jena
Application
Species Validation & ABox Query
Ontology Repair Engine
Interface
OWL API
TBox ABox OWL API
Application
TBox Tu
Absorption KnowledgeBase Interface
Tableau
Interface
Reasoner (Reasoner SPI)
DIG
DIG
Tg
Application
XSD
Internalization Reasoner
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Pellet: OWL reasoner
• Description Logic reasoner based on tableaux algorithms
– Specifically designed for OWL
– Primarily for OWL-DL ontologies
• Heuristics to repair OWL Full ontologies
• Research extensions to OWL FULL
• First reasoner to support all of OWL-DL
– Implements SHOIQ algorithm by Horrocks and Sattler
• Provides all the standard reasoning services
– KB consistency, concept satisfiability, classification, realization
– Plus…
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Special Features
• Query Answering
– Conjunctive ABox queries expressed in RDQL or SPARQL
• Datatype Reasoning
– Check if the intersection of XML Schema datatypes is satisfiable
– Support reasoning with user-defined derived datatypes
• e.g. numeric or time intervals
• Multi-Ontology Reasoning using E-Connections
– Defining and instantiating combinations of OWL-DL ontologies
– An alternative to owl:imports
• Ontology Debugging
– Explaining the cause of unsatisfiable concepts
– Relations between unsatisfiable concepts
• Non-monotonic Reasoning with K-operator
– Closed-world queries using ALCK
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Pellet (more)
• Coerces “DL-izable” OWL Full ontologies into OWL DL
– OWL Full and OWL DL can be unified
• Inverse functional properties on datatype properties
• Punning: Metaclasses allowed
• Type assignment for untyped classes
• Combines inverse and nominal correctly (decidably)
• Extended datatype support (more built in and user
defined datatypes)
• Incremental reasoning through update of the KB:
– Optimized classification and realization (50% to order of
magnitude improvements)
– Working on updating the completion graph to speed initial
consistency check
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Performance
• Dynamic completion strategy selection based on
the ontology expressivity
– Nominals (oneOf, hasValue), Inverse Properties
(inverseOf), Individuals
• Includes standard optimization techniques
– Normalization, simplification, absorption, semantic
branching, dependency directed backjumping,
caching, model merging, binary instance retrieval
• Several novel optimizations (see KR ’06 paper)
– Nominal absorption, learning-based disjunct
selection, partial backjumping, nominal-based model
merging, lazy forest generation, forest caching
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Applications using Pellet
• Ontology editing and management
– Available as a Swoop plug-in
– DIG interface to support Protégé
• Web Service composition
– Matchmaking for Web Services
– Reasoning about preconditions and effects
• Fujitsu Task Computing Environment
– Interacting with devices and Web Services
• Reasoning about policies
– Policy consistency, policy containment, etc.
– Process WS-Policy descriptions
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Policy Aware Web
KFRW 06 (NSF ITR; Hendler, Berners-Lee, Weitzner; 2005)
mindswap
maryland information and network dynamics lab semantic web agents project
PAW demo…
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Use case:
A Web browser requests the home
page for a girl scout troop and is Web Server
given it by a Web server.
Content
Demo
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
However, requests for images result
in HTTP Error 401,
“Unauthorized” Web Server
401
Content
401
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
The 401 “Unauthorized” response
has been modified to provide a
URL to a policy:
HTTP/1.1 401 Not authorized
Date: Sat, 03 Dec 2005 15:32:18 GMT
Server: TwistedWeb/2.0.1
Policy: http://groups.csail.mit.edu/dig/2005/09/rein/examples/troop42-policy.n3
Content-type: text/html; charset=UTF-8
Connection: close
10:32:20 ERROR 401: Not authorized.
Demo
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Policies use linked rules
• Example policies { REQ a rein:Request.
REQ rein:resource PHOTO.
?F a TroopStuff; log:includes
– Photos taken at meetings of { PHOTO a t:Photo; t:location LOC.
the troop can be shared with LOC a t:Meeting }.
any current member of the REQ rein:requester WHO.
WHO session:secret ?S.
troop. ?S crypto:md5 TXT.
– Photos taken at a jamboree ?F a TroopStuff; log:includes
can be shared with anyone in { [] t:member [ is foaf:maker of PG ].
LOC t:attendee [ is foaf:maker of PG ] }.
the troop or with anyone who PG log:semantics [ log:includes
{ PG foaf:maker [ session:hexdigest TXT ] }
attended the jamboree. ].
– Photos of any girl in the troop } => { WHO http:can-get PHOTO }.
can be shared with the world
if that girl's parent has given
permission
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Rein "ontology"
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Rein example
{ <http://dig.csail.mit.edu/2005/09/rein/examples/troop42.rdf>
log:semantics ?F } => { ?F a TroopStuff }.
# Photos take at meetings of the troop can be shared with any
# current member of the troop
{ REQ a rein:Request.
REQ rein:resource PHOTO.
?F a TroopStuff; log:includes
# (ii) anyone who attended the jamboree
{ PHOTO a t:Photo; t:location LOC.
{ REQ a rein:Request.
LOC a t:Meeting }. REQ rein:resource PHOTO.
?F a TroopStuff; log:includes
REQ rein:requester WHO.
{ PHOTO a t:Photo; t:location LOC.
WHO session:secret ?S.
LOC a t:Jamboree }.
?S crypto:md5 TXT.
REQ rein:requester WHO.
?F a TroopStuff; log:includes
WHO session:secret ?S.
{ [] t:member [ is foaf:maker of PG ].
?S crypto:md5 TXT.
LOC t:attendee [ is foaf:maker of PG ] }.
PG log:semantics [ log:includes
?F a TroopStuff; log:includes
{ PG foaf:maker [ session:hexdigest TXT ] } { LOC t:attendee [ is foaf:maker of PG ]. }.
].
PG log:semantics [ log:includes
{ PG foaf:maker [ session:hexdigest TXT ] }
} => { WHO http:can-get PHOTO }.
].
} => { WHO http:can-get PHOTO }.
# Photos taken at a jamboree can be shared with anyone in the
# troop or with anyone who attended the jamboree.
# (i) anyone who is in the troop
{ REQ a rein:Request.
REQ rein:resource PHOTO.
The RDF/XML syntax is even worse:
?F a TroopStuff; log:includes
{ PHOTO a t:Photo; t:location LOC.
Authorability/Editability are important
LOC a t:Jamboree }.
issues
REQ rein:requester WHO.
WHO session:secret ?S. Specialized use (cf. Creative Commons)
?S crypto:md5 TXT.
?F a TroopStuff; log:includes
a partial out.
{ [] t:member [ is foaf:maker of PG ]. }.
PG log:semantics [ log:includes
{ PG foaf:maker [ session:hexdigest TXT ] }
].
} => { WHO
KFRW 06 http:can-get PHOTO }.
mindswap
maryland information and network dynamics lab semantic web agents project
Use of the PAW proof-generation
proxy results in a proof which
satisfies the policy: Web Server
Proof
Third-party services may be
consulted to help construct
the proof.
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
The proxy:
1. Uses Rein, a policy engine, to specify rules which match
a given policy.
2. The Rein rules are run in Cwm, a forward-chaining
reasoner for the Semantic Web. This generates a proof.
3. Proof is HTTP-PUT on the server, and a HTTP-GET on
same document is then invoked (requires HTTP 1.1)
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
The Web server checks the proof
and serves the content if it is valid. Web Server
Content
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
The server:
1. Uses Cwm to validate the proof.
2. Takes action based on validation (serves content or
denies).
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Current demo work:
1. Make use of multiple distributed authentication systems
(instead of holding secrets in the proxy).
2. Associate content with RDF metadata and base policy
decisions on the RDF
3. Address issues of eventual integration of the proxy with
a Web browser (e.g. cookie storage).
4. Extend system to "distributed" scenarios (different
authorities hold parts of policy, may have own rules on
access)
5. Attack user interface issues
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Open, Distributed Policy Challenges
• Identity vs. privacy
– How do you identify yourself w/o violating the very privacy
concerns we hope to address?
• Current identity schemes are centralized and universal
• Can we do a distributed ID model (maybe email based)?
• Inconsistency
– In logic "P ^ -P => Q"
• On Web it better not!
(Supports(Hillary) ^ -Supports(Hillary)) => you owe me $1000
• Can we use a "non-standard" logic solution?
• Provenance and downstream tracking
– As information flows through the system, later access may
depend on earlier decisions
• Policies often dependent on use context
• Policies may change depending on how information was acquired
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Provenance Tracking on the
Semantic Web
• Provenance of Data
– Who or what services created/input the data
– Files on which the data depends
– Date and time of creation
– Steps taken to compute / produce the data
• "recursively" ground to the above
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Producing Provenance Data
• On the Semantic Web
– Provenance can be stored and tracked
– Services represented by Service Descriptions
– All files created and and referenced by URIs
– Web service executes and also outputs and OWL model of the
service execution, including all provenance data
– Service outputs a file with provenance for each output file
• Semantic Web triple stores maintain mapping to this file from triples
or subgraphs
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
"Magic" is in URIs
Every piece of data gets its own "web page"
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Ontology for provenance
The "Web page" itself is machine-readable (OWL)
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Validation - IPAW provenance Challenge
• E.g. A user has run the workflow
twice, in the second instance
replacing each procedures
(convert) in the final stage with
two procedures: pgmtoppm, then
pnmtojpeg. Find the differences
between the two workflow runs.
Answered
every query
successfully
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Dana's Challenge
• All data directly output from a Predator UAV is classified.
• Classified data combined with unclassified data is
considered classified.
• Classified data can only be viewed by persons with top
secret clearance, with the following exceptions:
… In warfare conditions, unclassified persons may view perishable
data that is classified if the persons life is threatened due to lack
of that data and if the person's superior has top secret clearance
and has approved such viewing.
Can we apply PAW to Army policies w/in B3AN?
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Conclusions
• Information lives in specific contexts
– The Semantic Web helps us place information into these (multiple)
contexts.
• Control of information requires control of contexts
– Explication of policies
• Linked in a Web-like way
– Integrated directly into the Web
• With extensions for rules and proofs
– Is really hard
• Issues of identity, inconsistency, provenance, change over time
– But holds great potential
• Flexible and adaptive
• "Policy-Aware" Web project (joint between UMCP and MIT)
– First step towards "Semantic Accountability" applications
http://www.policyawareweb.org/
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
mindswap
maryland information and network dynamics lab semantic web agents project
Another Cool thing…
• What is a rule of logic?
– In traditional philosophy it relates to "Truth"
• What is truth on the Web?
– Ex: How many cows are in Texas?
– On the Web, we could use an idea of agreed
upon rules, grounded at URI
• Social definition of truth via shared contexts
– Ex: Because Mom said so…
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Truth on Web Pages [based on Heflin etal, 1998]
• Inference rules could be used to determine the credibility of claims
– I might believe the claims made by a reliable Newspaper
• Trustable(x) :- x; reliableNewspaper.
– And I could establish the Washington Post as reliable...
• i.e. I assert:
http://www.washingtonpost.com owl:class reliableNewspaper.
– or if I infer it
• ReliableNewspaper(X) :->
X owl:class ReliableNewspaper;http://MediaWatchList.
• (?) reliableNewspaper(X) :-
X owl:class ReliableNewspaper; src ^ trusted(src).
• The rules are "grounded" in a testable way
– cf. If I can HTTP-get the fact, then it is asserted
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Rule Sets could be shared
• You can ground your sources
– X :- X; src ^ src owl:class TrustedSource; http://…/myMomSet.rdf
• Or infer trusted sources based on other rule sets
– X :- X; src ^ src owl:class TrustedSource; http://ex.com/RushLimbaughSet.rdf
– X :- X; src ^ src owl:class TrustedSource; http://ex.com/UnabomberRules.rdf
^ --( X;http://www.rushLimbaugh.com/truths.rdf )
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Annotated Logic
(in 25 words or less)
• Traditional Logic
P & -P => Q (P and -P are inconsistent)
• Annotated Logic
– P;X & -P;Y are not inconsistent
– P;X & -P;X => Q;X but not Q;Y
– P;X & -(P;X) is inconsistent and must be
avoided (but this is easily checked if inference
of RHS is restricted)
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
On the Web
<foaf:Person>
<foaf:name>Jim Hendler</foaf:name>
<foaf:title>Dr</foaf:title>
<foaf:firstName>Jim</foaf:firstName>
<foaf:surname>Hendler</foaf:surname>
<foaf:mbox_sha1sum>
<foaf:name>Jim Hendler</foaf:name> ;
be972c7a602683f7cf3c7a1fd0949c565debe4d3
</foaf:mbox_sha1sum> == http://www.cs.umd.edu/~hendler/2003/foaf.rdf
<foaf:homepage rdf:resource="http://www.cs.umd.edu/~hendler"/>
<foaf:depiction rdf:resource="http://www.semanticgrid.org/q-
iantbljim.jpg"/>
<foaf:workplaceHomepage rdf:resource="http://owl.mindswap.org"/>
</foaf:Person>
http://www.cs.umd.edu/~hendler/2003/foaf.rdf
• Annotations represent document contexts
X;Y and -(X;Y) cannot co-occur
(unless Web is broken)
(modulo temporal change, but that's another talk)
KFRW 06
mindswap
maryland information and network dynamics lab semantic web agents project
Leveraging Work in:
Policy Aware Web (W/Berners-Lee) Link-mining in PiT data (w/Getoor)
Ontology debugging Incremental OWL reasoning
KFRW 06
