730 likes | 901 Views
Policy Representation & Reasoning. Juri L. De Coi, Philipp Kärger, Daniel Olmedilla, Sergej Zerr L3s Research Center / Leibniz Hannover University L3S Research Seminar Hannover, 18 th April, 2008. Best Student Award at VIT: Sukriti Ramesh CONGRATULATIONS!!. Because of
E N D
Policy Representation & Reasoning Juri L. De Coi, Philipp Kärger, Daniel Olmedilla, Sergej Zerr L3s Research Center / Leibniz Hannover University L3S Research Seminar Hannover, 18th April, 2008
Best Student Award at VIT: Sukriti RameshCONGRATULATIONS!! Because of Academic performance (last 4 years) Personality & communication skills Social work Project work (including L3S) Even though it was with Odysseas But especially because of her answer to what does Mahatma's Gandhi phrase "See no evil, hear no evil, speak no evil" mean for you? Ask her for details ! L3S Research Seminar 2
Increasing Seminar Attendance Seminar Appeal Wolfgang and Wolf-Tilo agree with the formula They wanted to take an action, as the winners in the L3S Workshop did so they decided to Sponsor ice cream today ! Voluntarily !!!!! L3S Research Seminar 3
Outline Introduction to Policy Representation & Reasoning • Motivation, requirements, state of the art L3S Policy framework • Protune in a Nutshell: framework and language Protune in Action: Policies on the Web • Static content protection and dynamic generation Reactive Policies, Current and Further Policy Work • Event reactivity, research ideas L3S Research Seminar
Introduction:Policy Representation & Reasoning Daniel Olmedilla
Policy Representation & ReasoningProblem Institutions, companies and people need to control the way they • Make business • Take decisions • Offer their assets • Etc … Computers help us on our daily work performing tasks • that we cannot perform (or we do it worse) • hard to control manually, time-consuming, expensive, error-prone • automatically on our behalf But generally, we need to control how decisions and actions are taken L3S Research Seminar
Policy Representation & ReasoningWhat is a Policy? Wikipedia: deliberate plan of action to guide decisions and achieve rational outcome(s) Not necessarily related to IT In an IT setting: Set of considerations designed to guide decisions of courses of actions Broad definition: Set of statements defining the behaviour of an entity in a given situation L3S Research Seminar 7
Policy Representation & ReasoningPolicies are everywhere (I) Rules of ethics for robots A robot may not injure a human being or, through inaction, allow a human being to come to harm. A robot must obey orders given to it by human beings, except where such orders would conflict with the First Law. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law. [Isaac Asimov. Runaround. 1942 ] L3S Research Seminar 8
Policy Representation & ReasoningPolicies are everywhere (II) Declarative L3S Research Seminar 9
Policy Representation & ReasoningPolicies are everywhere (III) L3S Research Seminar
Policy Representation & ReasoningPolicies are everywhere (IV) B2B contracts e.g. quantity flexible contracts, late delivery penalties, etc. Negotiation e.g. rules associated with auction mechanisms Security e.g. access control policies Privacy Information Collection Policies (aka “ P3P Privacy Policies”) Obfuscation Policies Workflow management What to do under different sets of conditions Context aware computing What service to invoke to access a particular contextual attribute Context-sensitive preferences [ by Norman Sadeh, Semantic Web Policy Workshop panel,ISWC 2005 ] L3S Research Seminar 11
Policy Representation & ReasoningThe goal Build applications/agents where • Behaviour is flexible • Can be changed/updated dynamically • without re-coding, re-compiling, re-installing, etc… • In a costless manner • Can be managed by administrators/users without needing to be computer experts • Can be understood by normal users L3S Research Seminar
Policy Representation & ReasoningBenefits • Explicit license for autonomous behaviour • Reusability • Efficiency • Extensibility • Context-sensitivity • Verifiability • Support for simple as well as sophisticated agents • Protection from poorly-designed, buggy or malicious agents • Reasoning about agent behaviour • Compact representation, possibly declarative • Etc. L3S Research Seminar
Policy Representation & ReasoningRequirements / Challenges • Many policies, one framework • Conflict Resolution • Integration with external sources • Policies as active objects • Executing actions • Negotiations • User awareness and control • Cooperative enforcement L3S Research Seminar
Policy Representation & ReasoningMany policies, one framework (I) The term policy covers: • Security/Privacy policies, Trust management • Business rules • Quality of Service directives • Service-level agreements • Communication and conversation policies • and more... In many cases they are interleaved • If customers are younger than 26 give a 20% discount on international tickets • Up to 15% of network bandwidth can reserved if payment is done with an accepted credit card • Customers can rent a car if they are 18 or older, and exhibit a driving license and a valid credit card L3S Research Seminar
Policy Representation & ReasoningMany policies, one framework (II) It is appealing to integrate all policies in one framework • One common infrastructure • for interoperability and decision making • Where policies can be harmonized & coordinated L3S Research Seminar
Policy Representation & ReasoningConflict Resolution (I) Ivan Alice Positive authorization You can access file123.txt Obligation You must inform your boss Negative authorization You can not access file123.txt Dispensation You don’t need to inform your boss L3S Research Seminar 17
Policy Representation & ReasoningConflict Resolution (II) Security typically assumes “everything is denied by default” no need for disallow policies • The cost of disclosing a sensitive resource is higher than not disclosing a public one But, if there exists the need, then it is required to provide techniques for • Conflict detection • Conflict harmonization L3S Research Seminar
Policy Representation & ReasoningIntegration with external systems Policies are not islands Decisions need data, information, and knowledge Each organization has its own Already available through legacy software and data A realistic solution must interoperate with them Third parties Credit card sites for validity checking External databases Variety of web resources L3S Research Seminar 19
Step 1: Alice requests a service from Bob Step 2: Bob discloses his policy protecting the service Step 4: Bob discloses his BBB credential Step 5: Alice discloses her VISA card credential Step 6: Bob grants access to the service Service Policy Representation & ReasoningNegotiations (I) Alice Bob Step 3: Alice discloses her policy protecting the VISA L3S Research Seminar
Policy Representation & ReasoningNegotiations (II) Used for • Access control • Service-level agreements • Dynamic contracts • E.g., in web service composition • Autonomic computing • Pervasive environments • E.g., sensor networks • Etc. L3S Research Seminar
Policy Representation & ReasoningUser awareness and control Explain policies and system decisions Make rules & reasoning intelligible to the common user Encourage people to personalize their policies Make it easy for users to write their own rules L3S Research Seminar 22
Policy Representation & ReasoningCooperative Policy Enforcement Crucial for the success of a service • Never say (only) “no”! • Encourage first-time users • Who don't know how to use your service • Explain policy decisions • Especially failures • Advanced queries: Why not • Advanced queries: How-to, What-if You can’t open this door, but you can ask Alice for permission L3S Research Seminar
Policy Representation & ReasoningMain State of the Art Approaches Ponder OO language, well established, focus on network management XACML Standard by OASIS, it being taken up by companies KAOS Based on DL reasoning REI Combination of DL representation and LP semantics PeerTrust Based on guarded distributed logic programs And many others L3S Research Seminar 24
Protune policy framework: (not too) technical details Juri Luca De Coi
Protune Policy FrameworkOutline • Getting started • Protune Features • Usability issues L3S Research Seminar
Protune Policy FrameworkOverview Alice Bob Policy ………. Request Intelligent policy engine Decision L3S Research Seminar
Protune Policy Framework Just to get the flavor... IF conditions are fullfilled THEN allow action • disclose(‘/EWSCpaper2008.pdf’) sendL3SEmployeeId. • disclose(X) status(X, published). status(‘/EWSCpaper2007.pdf’, published). status(‘/EWSCpaper2008.pdf’, notPublished). EWSCpaper2008.pdf can be disclosed to the other peer if it has sent an L3S employee id. A resource can be disclosed if its status is „published“ L3S Research Seminar
Protune Policy Framework Standard example • disclose(X) status(X, notPublished), sendL3SEmployeeId. status(‘/EWSCpaper2007.pdf’, published). status(‘/EWSCpaper2008.pdf’, notPublished). Actions may be needed in order to make decisions L3S Research Seminar
Protune Policy Framework Metapolicy “type” • disclose(X) status(X, notPublished), sendL3SEmployeeId. status(‘/EWSCpaper2007.pdf’, published). status(‘/EWSCpaper2008.pdf’, notPublished). sendL3SEmployeeId->type:action. status(X, Y)->type:logical. Usual predicate Action L3S Research Seminar
Protune Policy Framework Metapolicy “actor” Who executes the action? • disclose(X) status(X, notPublished), sendL3SEmployeeId. status(‘/EWSCpaper2007.pdf’, published). status(‘/EWSCpaper2008.pdf’, notPublished). sendL3SEmployeeId->type:action. sendL3SEmployeeId->actor:peer. status(X, Y)->type:logical. The requester? The local system? A third party? L3S Research Seminar
Protune Policy Framework Available actions • Access to relational databases • Access to RDF repositories • Credential exchange • Searching of regular expressions within a file • Interface to an LDAP server • Time and location management L3S Research Seminar
Protune Policy Framework Explanations L3S Research Seminar
Protune Policy Framework Usability issues • download(User, Resource) authenticated(User), have(User, Subscription), availableFor(Subscription, Resource). authenticated(‘Bob’). have(‘Bob’, lncsSubscription). availableFor(lncsSubscription, ESWCpaper2007.pdf). authenticated(User)->type:logical. availableFor(Subscription, Resource)->type:logical. have(User, Subscription)->type:logical. • Every user who is authenticated and who has a subscription that is available for a resource can download the resource. L3S Research Seminar
Protune Policy Framework Using natural language: Problem How to deal with ambiguities? L3S Research Seminar
Protune Policy Framework Using natural language: Ambiguities (I) Bob looks at the girl on the hill with a telescope L3S Research Seminar
Protune Policy Framework Using natural language: Ambiguities (II) 2 girls lift 2 tables L3S Research Seminar
Protune Policy Framework Solution: Use a controlled natural language What does “controlled” mean? • Rules are used in order to automatically disambiguate ambiguous sentences • Bob looks at the girl on the hillwith a telescope • Only a subset of valid English sentences are valid sentences • Example disambiguation rule: • Propositional phrases refer to the predicate of the sentence L3S Research Seminar
Protune Policy Framework Disambiguation: using ACE (I) Bob looks at the girl on the hill with a telescope Bob looks with a telescope at the girl who is on the hill. Bob looks at the girl on the hill with a telescope. Bob looks at the girl who is on the hill with a telescope. L3S Research Seminar
Protune Policy Framework Disambiguation: using ACE (II) 2 girls lift 2 tables 2 girls lift 2 tables. Each of 2 girls lifts one table. Each of 2 girls lifts 2 tables. L3S Research Seminar
Protune Policy Framework The ACE Protune translation (I) Every user who is authenticated and who has a subscription that is available for a resource can download the resource. drs([], [ drs([A, B, C, D, E, F, G, H], [ object(A, user, countable, na, eq, 1)-1, property(B, authenticated, pos)-1, predicate(C, be, A, B)-1, object(D, subscription, countable, na, eq, 1)-1, object(E, resource, countable, na, eq, 1)-1, property(F, available, pos)-1, predicate(G, be, D, F)-1, modifier_pp(G, for, E)-1, predicate(H, have, A, D)-1 ]) => drs([], [ <> drs([I], [ predicate(I, download, A, E)-1 ]) ]) ]). download(User, Resource) authenticated(User), ‘available#for’(Subscription, Resource), have(User, Subscription). L3S Research Seminar
Protune Policy Framework The ACE Protune translation (II) Every user who provides a declaration whose username is the user's name and whose password is the user's password is authenticated. authenticated(User) User.name:Username, User.password:Password, provide(User, Declaration), Declaration.password:Password, Declaration.username:Username. L3S Research Seminar
Protune Policy Framework The ACE Protune translation (III) • Every user who sends a credential • that is valid and • whose type is "creditCard" and • whose owner is authenticated and • on which a price is charged • pays the price with "creditCard". 'pay#with'(User, Price, creditCard) valid(Credential), Credential.type:creditCard, authenticated(Owner), 'charged#on'(Price, Credential), send(User, Credential), Credential.owner:Owner. L3S Research Seminar
Policy Based Protection and Personalized Generationof Web Content Sergej Zerr
Protune in Action: Policies on the WebTrust within an Open Environment A x B x x Bookstore Web server LMS L3S Research Seminar
Protune in Action: Policies on the WebUsing Trust Negotiation Web Package x Applet Servlet Container (e.g Tomcat) var protectedResources= new Array( ‘http://test.de/test.jsp‘ ); <poljsp:policycondition policyname= "exchangedCredential(member)“> <poljsp:iftrue>Success!!</poljsp:iftrue> </poljsp:policycondition> PolicyFilter.Jar L3S Research Seminar
1. Reactive Policies2. More policy research topics Philipp Kärger