450 likes | 650 Views
Semantic Geospatial Data Exchange & Access Control. Latifur Khan. Ashraful Alam. Ganesh Subbiah. Bhavani Thuraisingham. Outline. Traditional Web Services Semantic Web Services Semantic Web Services for Geospatial Data Semantic Access Control Geospatial Data Integration
E N D
Semantic Geospatial Data Exchange & Access Control Latifur Khan Ashraful Alam Ganesh Subbiah Bhavani Thuraisingham
Outline • Traditional Web Services • Semantic Web Services • Semantic Web Services for Geospatial Data • Semantic Access Control • Geospatial Data Integration • GRDF for Distributed Geospatial Data
Semantic Web Services Vision • 500 million users • more than 3 billion pages WWW URI, HTML, HTTP Static
Semantic Web Services Vision Serious Problems in • information finding, • information extracting, • information representing, • information interpreting and • and information maintaining. WWW URI, HTML, HTTP Semantic Web RDF, RDF(S), OWL Static
Semantic Web Services Vision Bringing the computer back as a device for computation Web Services UDDI, WSDL, SOAP Dynamic WWW URI, HTML, HTTP Semantic Web RDF, RDF(S), OWL Static
Semantic Web Services Vision Bringing the web to its full potential Semantic Web Services Web Services UDDI, WSDL, SOAP Dynamic WWW URI, HTML, HTTP Semantic Web RDF, RDF(S), OWL Static
DAGIS Vision Bringing the web to its full potential for Geospatial Domain Geospatial Semantic Web Services DAGIS Geo-Web Services UDDI, WSDL, SOAP,OGC -WS Dynamic WWW URI, HTML, HTTP Geospatial Semantic Web GRDF Static
Geospatial Interoperability Challenges Syntactic Naming Heterogeneity Distance – Float or Distance Type Structural Naming Heterogeneity Location expressed by two separate coordinates or by a point data type Semantic Heterogeneity Distance computed on the sphere or in a plane Service Discovery and Evaluation Hydrologist in charge of Flood Warnings has 3 Water-level Service Providers. Service Composition Service to Compute the outline of a Toxic cloud after a Chemical Spill.
Motivating Scenario Query: “Find movie theaters within 30 miles of 75080” within, near, overlap – Geospatial Operators Theaters, Restaurants – Businesses (Non-Geospatial data) Miles – Distance Unit 75080 , Richardson – Geo References Cinemark Movies 10 Radisson Hotel Dallas North-Richardson
The human-centric Web What is a Web Service ? The Application-centric Web The automated Web
OWL-S Upper Ontology • Capability specification • General features of the Service • Quality of Service • Classification in Service • taxonomies • Mapping to WSDL • communication protocol (RPC, HTTP, …) • marshalling/serialization • transformation to and from XSD to OWL • Control flow of the service • Black/Grey/Glass Box view • Protocol Specification • Abstract Messages
Query Grammar Define, Geospatial Objects as GB, Geospatial Operator as GO, Polygon Type as PT and Extension as E. Then, • <Query> :: <GB> [<GO>] [<PT>] [<E>] <GB> • <GB> :: Non-geometric Concept • <GO> :: <Operator Terminal> • <PT> :: <Polygon Terminal> • <E> :: Distance • <Operator Terminal> :: Within | Touches On | • Intersect | Between • <Polygon Terminal> :: Straight line | Circle
Theaters Query Profile ZipCode Miles Generation of Semantic enabled profile for Geospatial Query Generated OWL-S Semantic Profile Domain Ontology (Snapshot) http://www.utdallas.edu/~gxs059000/OGCServiceontology.owl http://www.utdallas.edu/~gxs059000/Query.owl
Geospatial Service Selection and Discovery • DAGIS Agent • OWL-S MX Matchmaker • Best Service Match : Functionality,QoS Degrees of Match: EXACT < PLUG-IN < SUBSUMES< SUBSUMED-BY<LOGIC BASED FAIL < NEAREST-NEIGHBOUR < FAIL
Theaters GetTheater Process ZipCode Miles Geospatial Service Invocation -OWL-S grounding -WSDL Grounding -Service Invocation through AXIS GetTheater Atomic Process
Service Provider - 1 1.Register/ Advertise DAGIS Matchmaker … … Service Provider - n 3.Service Discovery, Service Enactment Reasoner/ Matching Engine DAGIS Interface DAGIS Agent 2. Query DAGIS System Architecture • DAGIS Query Interface • OWL-S MatchMaker • OWL-DL Reasoner for Matchmaker • Service Providers
Richardson Zipcode Finder Theater Finder TX Theaters 30 Miles Client DAGIS Agent Match- Maker DAGIS Composer 1. Query Profile 2. Service Discovery 3. ComposeSelection Composer Sequencer • .Return Dynamic • Service URI 4. Construct Sequence DAGIS for Complex Queries Find Movie Theaters within 30 Miles from Richardson, TX
DAGIS Composer Algorithm • Recursive Back Chaining Inference Mechanism (Regression Planning) Richardson Zipcodefinder GetTheater TX Movie Theaters 30 Miles Inputs:= City, State , Distance Output := Movie Theaters NO Service Provider Inputs:= City, State Output := ZipCode ZipCodeFinder Inputs:= ZipCode , Distance Output := MovieTheaters Theater Finder
Online Ontology Repository • http://www.utdallas.edu/~gxs059000/QoSUpper.owl • http://www.utdallas.edu/~gxs059000/QoSMiddle.owl • http://www.utdallas.edu/~gxs059000/GetTheatersAndMovies.owl • http://www.utdallas.edu/~gxs059000/GetTheatersAndMovies1.owl • http://www.utdallas.edu/~gxs059000/GetTheaters.owl • http://www.utdallas.edu/~gxs059000/ZipCodeFinder.owl • http://www.utdallas.edu/~gxs059000/DAGISCompServ1.owl
Geospatial Operators • Between, Near, Within etc. • Precision required for geospatial tasks • How to define the operator semantics? (‘Between’ A and B ‘Between’ B and A) • Context required for better precision (e.g., near 20 miles)
Geospatial Data Integration • Intra-domain Integration Problem • All participating domains are of geographic nature. • Controlled environment, controlled data. • Inter-domain Integration Problem • Integration of geospatial and non-geospatial data • Controlled data, but chaotic environment
Inter-domain Integration Issues • Disparate Sources: • Sensors, Web pages, Satellites, Excel sheets • Disparate Types: • Vector data, Tabular, Temporal data • Disparate Formats: • GML, Shapefile, Gedcom, HTML
Geospatial Data Integration • Emerging trends in geospatial applications • Google Earth, Emergency Response System, Location-based Services • Requires free mixing of geospatial with non-geospatial data • Hard to do with XML-based approaches
Semantic Web (RDF Model) • Logic-aware languages • Ontology sharing and reuse RDF Data Model: Subject Object Predicate
GRDF GRDF (Geospatial Resource Description Framework) • Adds semantics to data • Loosely-structured (easy to freely mix with other non-geospatial data) • Semantically extensible ComputerScience Building (33.98111, -96.4011) (33.989999, -96.4022) hasExtent
GRDF Example (Topology) <owl:Class rdf:ID=“Edge"></owl:Class> <owl:Class rdf:ID=“Node"></owl:Class> <owl:Class rdf:ID=“Face"> • <rdfs:subClassOf> • <owl:Restriction> • <owl:minCardinality rdf:datatype="http://www.w3.org/2001/XMLSchema#int" • >1</owl:minCardinality> • <owl:onProperty> • <owl:DataTypeProperty rdf:ID=“hasEdge"/> • </owl:onProperty> • </owl:Restriction> • … • </owl:Class>
Seamless Data Manipulation DAGIS Provider A Provider B Datastore
Geospatial Data Integration (cont.) Upper-level ontologies Abstract Definitions of Main Geospatial Concepts Mid-level ontology (GRDF) Concrete Definitions of All Relevant Geospatial Concepts Domain ontologies Hydrology ontology Cartography ontology Image ontology
Semantic Access Control (SAC) Traditional Access Control Semantic Web Semantic Access Control
Motivation • Shortcomings of Traditional Access Control • Proprietary systems • Lack of modularity • Changes in access control schemas break the system • Changes in data schemas break the system • Path to resources (e.g., XPATH) is clumsy //school/department/professor/personal/ssn – LONG! • Non-optimal for distributed/federation environment
Modularity Problem People this policy applies to Resources this policy applies to Target Box Actions allowed for this policy
SAC Ontology • Written in OWL (Web Ontology Language) • User-centric • Modular • Easily extensible • Available at : http://utd61105.campus.ad.utdallas.edu/geo/voc/newaccessonto
Geo-WS Security • Data providers (e.g., geospatial clearinghouses, research centers) need access control on serviceable resources. • Access policies have geospatial dimension • Bob has access on Building A • Bob does NOT have access on Building B • Building A and B have overlapping area • Current access control mechanisms are static and non-modular.
Geo-WS Security: Policy Components • Subjects: Software Agents or Human clients • Resources: Assets exposed through WS • Actions: Read, Write, Execute • Conditions: Additional constraints (e.g., geospatial parameters) on policy enforcement Policy Set Subjects Condition Resources Actions
Geo-WS Security: Architecture D A G I S Geospatial Semantic WS Provider Client Enforcement Module Decision Module Authorization Module Semantic-enabled Policy DB Web Service Client Side Web Service Provider Side
Geo-WS Security: Semantics • Policy rules are based on description logic (DL). • DL allows machine-processed deductions on policy base. • Example 1: • DL Rule: ‘Stores’ Inv. Prop. ‘Is Stored In’ • Fact: Airplane_Hanger(X) ‘stores’ Airplane(Y) • Example 2: • DL Rule: ‘Is Located In’ is Symmetric • Fact: Polygon(S) ‘Is Located In’ Polygon(V) Polygon(V) ‘Is Located In’ Polygon(T)
Geo-WS Security: Inferencing Semantic-enabled Policy DB Obvious facts Deduced facts Inferencing Module Geospatial Data Store
SAC in Action • Environment: University Campus • Campus Ontology http://utd61105.campus.ad.utdallas.edu/geo/voc/campusonto • Main Resources • Computer Science Building • Pharmacy Building • Electric Generator in each Building
SAC in Action • User Access: • Bob has ‘execute’ access to all Building Resources • Bob doesn’t have any access to CS Building • Bob has ‘modify’ access to Building resources within a certain geographic extent • Policy File located at http://utd61105.campus.ad.utdallas.edu/geo/voc/policyfile1
Future Directions • QoS based Selection for Complex Queries • Automatic Trust Negotiation for DAGIS • Define a specification for access control semantics • Geospatial dataset development Thank You!