1 / 20

“R♫P”

“R♫P”. RDF Access control Policies. Motivation. Semantic Web Layer Cake (Berners-Lee 2004)*. *Semantic web layer cake (Berners-Lee,2004) http://www.w3.org/2004/Talks/0412-RDF-functions/slide4-0.html. Motivation. Semantic Web would enable the a global social information sharing space.

alan-sampson
Download Presentation

“R♫P”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. “R♫P” RDF Access control Policies Pavan Reddiavri (Ebiquity Labs)

  2. Motivation • Semantic Web Layer Cake (Berners-Lee 2004)* Pavan Reddiavri (Ebiquity Labs) *Semantic web layer cake (Berners-Lee,2004) http://www.w3.org/2004/Talks/0412-RDF-functions/slide4-0.html

  3. Motivation • Semantic Web would enable the a global social information sharing space. • There is need for a preset agreements between users to create and share this knowledge. • Current implementations have a coarse granularity of control (Photo sharing) inhibiting users. Pavan Reddiavri (Ebiquity Labs)

  4. Access Controls • Identity Based Access Control • Role Based Access Control • Rule/Policies based Access Control Pavan Reddiavri (Ebiquity Labs)

  5. Why Policies ? • Role based system will not provided the granularity • Policies can be described with respect to time (allow on BirthDay) • Difficult to create transient roles In a Role based system • Policy based access controls are also being used other fields (databases, operating systems) Pavan Reddiavri (Ebiquity Labs)

  6. “R♫P” • RAP looks at solving the problem of defining and implementing Access Control for a RDF store • Current RDF either ignore or provide very basic access control • Expressive control (Triple level) Pavan Reddiavri (Ebiquity Labs)

  7. “R♫P” is “The basic RAP framework will allow an agent (person or program) to perform various actions inserting, deleting, searching on a RDF store and the policy is used to decide if the action is permitted or prohibited.” Pavan Reddiavri (Ebiquity Labs)

  8. Acts on RDF -Graph • Add new Node-Link-Node. • Add a new Node, Link to a old Node • Add a new Link between two old Nodes. • Delete/ Update or Search for triples • Infer Triples Pavan Reddiavri (Ebiquity Labs)

  9. RDFS Graph • RDFS graph have a inherent structure • The Action On a RDFS graph can also be confined( Schema or Instance modification) • Create a Class • Create Properties for a class • Create an Instance • Create property instance • Does this Structure help us? Pavan Reddiavri (Ebiquity Labs)

  10. RAP: Actions • See (A,T): Agent A sees triple T if it returned in the response to one of P's queries. • Use (A,T): Agent A uses triple T if it is used in answering one of P'squeries. Pavan Reddiavri (Ebiquity Labs)

  11. RAP: Actions • Insert (A,T): Agent A directly inserts triple T into the graph. • InferInsert (A,T): Agent A InferInsert triple T If Agent A Insert (A,T1) that implies T at a time when T is not in the graph. Pavan Reddiavri (Ebiquity Labs)

  12. RAP: Actions • Remove (A,T): Agent A directly remove triple T into the graph. • InferRemove (A,T): Agent A InferRemove triple T If Agent A Remove (A,T1) that implies T, such T existence in the graph depends on T1. • update(A,T1,T2): Agent A directly replaces triple T1 with T2. Pavan Reddiavri (Ebiquity Labs)

  13. RAP : Example policies • You want to prevent people from modifying schema i.e. defining classes or properties modifying their definitions “prohibited(insert(A,(_,P,_)) :- schemaPredicate(P)” • schemaPredicate(P): true of P is a predicate used to define schemalevel information (e.g., rdfs:subClass, rdfs:domain, etc). Pavan Reddiavri (Ebiquity Labs)

  14. RAP : Example policies • You want to prevent people from modifying schema i.e. defining classes or properties modifying their definitions“prohibited(insert(A,(_,P,_)) :- schemaPredicate(P)” • schemaPredicate(P): true of P is a predicate used to define schemalevel information (e.g., rdfs:subClass, rdfs:domain, etc). Pavan Reddiavri (Ebiquity Labs)

  15. RAP : Example policies • Agents are permitted to create instances of classes they created “permitted(insert(A,(_,rdfs:type,C))) :- createdNode(A,C)” • Agents are permitted to delete any triples that they had inserted “permitted(remove(A,T)) :- createdTriple(A,T)” Pavan Reddiavri (Ebiquity Labs)

  16. Employer Data Store • No one change the schema • “prohibited(insert(A,(_,P,_)) :- schemaPredicate(P)” • User can create Instances of employer • “permitted(insert(A,(_,rdfs:type,RAP:employee))) :- registered(A).” • You assert/see anything about things you created • “permitted(insert(A,(C,_,_)) :- createdNode(A).” • “permitted(see(A,(C,_,_)) :- createdNode(A).” • You cannot see any ones salary • “prohibited(see(A,(_,emp:salary,_)).” • “prohibited(see(A,(_,P,_)) :- rdfs:subProperty(P,emp:salary)).” Pavan Reddiavri (Ebiquity Labs)

  17. RDF Store RAP : Prototype • RAP Policy Engine • REI • Prolog based Engine from scratch • Cwm RDF client Data/Policies Access Protocol RAP Policy Engine • Data/Policies Access Protocol • Extend Http (webdav) • GET with SPARQL in the body to search the store • PUT with RDF data in the body to add data. • RDF store • Redland • Kowari • Jena Models Pavan Reddiavri (Ebiquity Labs)

  18. Other Considerations • Policy representation • Prolog , N3 , Custom…. • Expressiveness of policies • Delegation Handling • Depth of Delegation. Can a club bouncer allow him self into the club? • RDF store still in Naissance • Performance and Scalability Pavan Reddiavri (Ebiquity Labs)

  19. Applications • Enterprise level knowledge bases (RDF store) • Enterprise level blogger controlling creation and access of blogs • Application requiring collaborative creation of a knowledge store • Alan Hollander’s application for in SPIRE Pavan Reddiavri (Ebiquity Labs)

  20. Thank You Pavan Reddiavri (Ebiquity Labs)

More Related