340 likes | 353 Views
This lecture delves into RDF, its specifications, axiomatic semantics, inferencing, RQL, policies, and more, highlighting the importance of RDF in specifying semantics and addressing XML inadequacies. Real-world examples and concepts are elucidated throughout to empower learners in understanding RDF within trustworthy semantic webs. The unit's objective is to provide a comprehensive overview of RDF and its security aspects, equipping participants with essential knowledge in building and managing secure semantic webs.
E N D
Building Trustworthy Semantic Webs Lecture #9: RDF and RDF Security Dr. Bhavani Thuraisingham September 24, 2008
Objective of the Unit • This unit will provide an overview of RDF and then discuss some security issues
Outline of the Unit • Why RDF? • What is RDF? • RDF Specifications • RDF Schema (RFDS) • RDF Axiomatic Semantics and Inferencing • RQL • Policies in RDF • Summary and Directions • Examples throughout the lecture
Why RDF? • XML cannot be used to specify semantics • Example: • Professor is a subclass of Academic Staff • Professor inherits all properties of Academic Staff • RDF was specified so that the inadequacies of XML could be handled • RDF uses XML Syntax • Additional constructs are needed for RDF
RDF • Resource Description Framework is the essence of the semantic web • Adds semantics with the use of ontologies, XML syntax • RDF Concepts • Basic Model • Resources, Properties and Statements • Container Model • Bag, Sequence and Alternative
RDF Basics • Resource: Everything is a resource • Person, Vehicle, etc. • Property: properties describe relationships between resources • E.g., Invented • Statement: (Object, Property, Value) Triple • Berners Lee invented the Semantic Web
RDF Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> </rdf: Description> <rdf: Description rdf: about: “ZZZ” < uni: bookname> semantic web <uni:bookname> < uni: authoredby: Berners Lee <uni:authoredby> </rdf: Description> </rdf: RDF>
Example • The following example illustrates a part of an RDF document describing books: Building_Trustworthy_Semantic_Webs and Managing_and_Mining_Multimedia_Databases. They belong to Class ‘Book’ and have properties: author, publisher, year and ISBN. • <?xml version="1.0"?> • <rdf:RDF • xmlns:book="http://www.example.com/book#" • xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"> • <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs"> • <book:author>Bhavani Thuraisingham</book:author> • <book:publisher>Auerbach Publications</book:publisher> • <book:year>2007</book:year>
Example • <book:ISBN>0849350808</book:ISBN> • </book:Book> • <book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases"> • <book:author>Bhavani Thuraisingham</book:author> • <book:publisher>CRC Press</book:publisher> • <book:year>2001</book:year> • <book:ISBN>0849300371</book:ISBN> • </book:Book> • </rdf:RDF>
RDF Schema • Need RDF Schema to specify statements such as professor is a subclass of academic staff <rdfs: Class rdf: ID = “professor” <rdfs: comment> The class of Professors All professors are Academic Staff Members. <rdfs: comment> <rdfs: subClassof rdf: resource = “academicStaffMember”/> <rdfs: Class>
Example • <The RDF schema for the above RDF document is as follows: • <?xml version="1.0"?> • <rdf:RDF xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#" • xmlns:wsp="http://www.w3.org/2004/08/20-ws-pol-pos/ns#"> • <rdfs:Class rdf:ID="Book"> • <rdfs:comment>Book Class</rdfs:comment> • <rdfs:subClassOf rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Resource"/> • </rdfs:Class>
Example • <rdf:Property rdf:ID="author"> • <rdfs:Comment>Author of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • <rdf:Property rdf:ID="publisher"> • <rdfs:Comment>Publisher of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property>
Example • <rdf:Property rdf:ID="year"> • <rdfs:Comment>Year of first publication of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • <rdf:Property rdf:ID="ISBN"> • <rdfs:Comment>ISBN of the book</rdfs:Comment> • <rdfs:domain rdf:resource="#Book"/> • <rdfs:range rdf:resource="http://www.w3.org/1999/02/22-rdf-syntax-ns#Literal"/> • </rdf:Property> • </rdf:RDF>
RDF Container Model • Bag: Unordered container, may contain multiple occurrences • Rdf: Bag • Seq: Ordered container, may contain multiple occurrences • Rdf: Seq • Alt: a set of alternatives • Rdf: Alt
RDF and Security • RDF specifications have been given for Attributes, Types Nesting, Containers, etc. • How can security policies be included in the specification • Example: consider the statement “Berners Les is the Author of the book Semantic Web” • Do we allow access to the connection between author and book? Do we allow access to the connection but not to the author name and book name?
RDF Policy Specification <rdf: RDF xmlns: rdf = “http://w3c.org/1999/02-22-rdf-syntax-ns#” xmlns: xsd = “http:// - - - xmlns: uni = “http:// - - - - <rdf: Description: rdf: about = “949352” <uni: name = Berners Lee</uni:name> <uni: title> Professor < uni:title> Level = L1 </rdf: Description> <rdf: Description rdf: about: “ZZZ” < uni: bookname> semantic web <uni:bookname> < uni: authoredby: Berners Lee <uni:authoredby> Level = L2 </rdf: Description> </rdf: RDF>
Policy Specification • The examples we have discussed earlier show how certain policies may be specified for RDF documents. A more detailed example is given below. • <?xml version="1.0"?> • <rdf:RDF • xmlns:book="http://www.example.com/book#" • xmlns:owl="http://www.w3.org/2002/07/owl#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" • xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#"> • <book:Book rdf:ID="Building_Trustworthy_Semantic_Webs"> • <book:author>Bhavani Thuraisingham</book:author> • Level = Secret • <book:publisher>Auerbach Publications</book:publisher> • Level = Confidential
Policy Specification • <book:year>2007</book:year> • Level = Unclassified • <book:ISBN>0849350808</book:ISBN> • Level = Confidential • </book:Book> • <book:Book rdf:ID="Managing_and_Mining_Multimedia_Databases"> • Level = Confidential • <book:author>Bhavani Thuraisingham</book:author> • Level = Secret • <book:publisher>CRC Press</book:publisher> • Level = Unclassified
Policy Specification • <book:year>2001</book:year> • Level = Unclassified • <book:ISBN>0849300371</book:ISBN> • Level = Unclassified • </book:Book> • </rdf:RDF>
RDF Schema: Security Policies • How can security policies be specified? <rdfs: Class rdf: ID = “professor” <rdfs: comment> The class of Professors All professors are Academic Staff Members. <rdfs: comment> <rdfs: subClassof rdf: resource = “academicStaffMember”/> Level = L <rdfs: Class>
RDF Axiomatic Semantics • First order logic to specify formulas and inferencing • Built in functions (First) and predicates (Type) • Modus Ponens • From A and If A then B, deduce B • Example: All containers are Resources • Type(?C, Container) Type(?c, Resource) • If we have Type(A, Container) then we can infer (Type A, Resource)
RDF Inferencing • While first order logic provides a proof system, it will be computationally infeasible • As a result horn clause logic was developed for logic programming; this is still computationally expensive • RDF uses If then Rules • IF E contains the triples (?u, rdfs: subClassof, ?v) and (?v, rdfs: subClassof ?w) THEN E also contains the triple (?u, rdfs: subClassOf, ?w) That is, if u is a subclass of v, and v is a subclass of w, then u is a subclass of w
RDF Query • One can query RDF using XML, but this will be very difficult as RDF is much richer than XML • Is there an analogy between say XQuery and a query language for RDF? • RQL – an SQL-like language has been developed for RDF • Select from “RDF document” where some “condition”
Policies in RDF • How can policies be specified? • Should policies be specified as shown in the examples, extensions to RDF syntax? • Should policies be specified as RDF documents? • Is there an analogy to XPath expressions for RDF policies? • <policy-spec cred-expr = “//Professor[department = ‘CS’]” target = “annual_ report.xml” path = “//Patent[@Dept = ‘CS’]//Node()” priv = “VIEW”/>
Example Policies • Temporal Access Control • After 1/1/05, only doctors have access to medical records • Role-based Access Control • Manager has access to salary information • Project leader has access to project budgets, but he does not have access to salary information • What happens is the manager is also the project leader? • Positive and Negative Authorizations • John has write access to EMP • John does not have read access to DEPT • John does not have write access to Salary attribute in EMP • How are conflicts resolved?
Privacy Policies • Privacy constraints processing • Simple Constraint: an attribute of a document is private • Content-based constraint: If document contains information about X, then it is private • Association-based Constraint: Two or more documents taken together is private; individually each document is public • Release constraint: After X is released Y becomes private • Augment a database system with a privacy controller for constraint processing
Policies,in RDF • Now, in previous examples, we have specified policies for RDF documents. Now, can we use RDF to specify policies? That is, how can RDF be used to specify the following policy? • “Only those attending a class from a professor has read access to the lecture notes of the professor” • Below we specify this policy in RDF. • </rdf:RDF> • xmlns:uni=http://www.w3.org/2002/07/universityonto# • xmlns:policy="http://www.example.com/policyonto#" • xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> • <uni:LectureNotes rdf:ID="Data_Quality.doc"> • <uni:Author>Bhavani Thuraisingham</uni:author> • <policy:AccessBy rdf:resource=http://localhost/bhavani/cs609/> • </rdf:RDF>
Policies in RDF • <rdf:RDF • xmlns:uni=http://www.w3.org/2002/07/universityonto# • xmlns:policy="http://www.example.com/policyonto#" • xmlns:rdf=http://www.w3.org/1999/02/22-rdf-syntax-ns#> • <uni:Class rdf:ID="cs609"> • <uni:taughtyBy>Bhavani Thuraisingham</book:author> • </rdf:RDF>
Access Control Strategy • Subjects request access to RDF documents under two modes: Browsing and authoring • With browsing access subject can read/navigate documents • Authoring access is needed to modify, delete, append documents • Access control module checks the policy based and applies policy specs • Views of the document are created based on credentials and policy specs • In case of conflict, least access privilege rule is enforced • Works for Push/Pull modes • Query Modification?
System Architecture for Access Control User Pull/Query Push/result RDF- Access RDF-Admin Admin Tools Credential base Policy base RDF Documents
RDF Databases • Data is presented as RDF documents • Query language: RQL • Query optimization • Managing transactions on RDF documents • Metadata management: RDF Schemas? • Access methods and index strategies • RDF security and integrity management
RDF Databases • select Book, NumInStock • from {Book} book:authoredBy {Author} • . book:Stock {NumInStock} • Where Author Like “Bhavani*” • using namespace • book = http://www.example.com/book# • The requestor does not have access to the number of book copies in the stock. Therefore, new modified Query: • select Book • from {Book} book:authoredBy {Author} • Where Author Like “Bhavani*” • using namespace • book = http://www.example.com/book#
Inference/Privacy Control Interface to the Semantic Web Technology By UTD Inference Engine/ Rules Processor Policies Ontologies Rules RDF Documents Web Pages, Databases RDF Database
Summary and Directions • RDF is beginning to be used • Very little work on RDF security • How can we specify the policies discussed in this unit in RDF? • How can query modification be carried out for RDF documents? • Design access control for RDF databases