1 / 4

Motivation Applications – sophisticated, intelligent, open and dynamic environments

T. Hill Review of: ROWLBAC – Representing Role Based Access Control in OWL T. Finin, A. Joshi L. Kagal, B. Thuraisingham, J. Niu, R. Sandhu, W. Winsborough 10/13/2008.

berny
Download Presentation

Motivation Applications – sophisticated, intelligent, open and dynamic environments

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. T. Hill Review of:ROWLBAC – Representing Role Based Access Control in OWLT. Finin, A. Joshi L. Kagal, B. Thuraisingham, J. Niu, R. Sandhu, W. Winsborough 10/13/2008 Problem: Using the hierarchy diagram below, describe how OWL (Web Ontology Language) can be used to specify the following RBAC security model access control functions; assign the role of Person and two sub-class roles of Citizen and Visitor, assign to Citizen the permitted actions of Vote, Work, Jury, assign to Visitor a prohibited action of Work. Make Alice an active Citizen and Bob an active Visitor. [note - general descriptive language is acceptable, exact RDF/OWL syntax is not necessary]. • Motivation • Applications – sophisticated, intelligent, open and dynamic environments • Future – Grid computing, intelligent agents, negotiate exchange of information • Security – of future applications, regardless of infrastructure, including the cloud • Bring together two parallel themes • Access Control Models – RBAC96, NIST Standard, RT, Usage Control • Policy Languages – XACML, Ponder, Rei, KAoS

  2. ROWLBAC – Semantic Web and OWL • Semantic Web • Berners-Lee vision • Knowledge published so humans and computers can understand and reason • Technology • W3C standards RDF (Resource Description Framework) triple • //..html has a creation-date whose value is August 16, 1999 • Description Logic

  3. ROWLBAC – Roles as Classes, Permissions, Activation, Enforcing • Hierarchy of roles • Enforcing RBAC activation rule { ?ACTION a ActivateRole; subject ?SUBJ; object ?ROLE. ?SUBJ a ?ROLE. ?ROLE activeForm ?AROLE. ?AROLE rdfs:subClassOf ActiveRole. } => { ?ACTION a PermittedRoleActivation; subject ?SUBJ; object ?ROLE. ?SUBJ a ?AROLE }. • Associating permissions with roles PermittedVoteAction a rdfs:Class; rdfs:subClassOf rbac:PermittedAction; owl:equivalentClass [ a owl:Class; owl:intersectionOf ( Vote [ a owl:Restriction; owl:allValuesFrom ex:ActiveCitizen; owl:onProperty rbac:subject ] ) ] • Assigning roles and activation in a session

  4. Person Citizen Permitted: Vote, Work, Jury Visitor Prohibited: Work Bob active Alice active ROWLBAC – A Proposed Solution Problem: Using the hierarchy diagram below, describe how OWL (Web Ontology Language) can be used to specify the following RBAC security model access control functions; assign the role of Person and two sub-class roles of Citizen and Visitor, assign to Citizen the permitted actions of Vote, Work, Jury, assign to Visitor a prohibited action of Work. Make Alice an active Citizen and Bob an active Visitor. [note - general descriptive language is acceptable, exact RDF/OWL syntax is not necessary]. Proposed solution: 1. Use RDF/OWL to define Citizen as a subclass of Person and Visitor as a subclass of Person 2. Use RDF/OWL to define Vote as a permitted action of Citizen and Work as a permitted action of Citizen and Jury as a permitted action of Citizen And Work as a prohibited action of Visitor 3. At run time, set Alice as an active Citizen and Bob as an active Visitor

More Related