DataSpace MIT Decentralized Information Group

1. DataSpaceMIT Decentralized Information Group Tim Berners-Lee Danny Weitzner Lalana Kagal Gerry Sussman Hal Abelson Visitors: Joe Pato (HP) Latanya Sweeney (CMU) Collaborators: Joan Feigenbaum (Yale) Jim Hendler & Deb McGuinness (RPI) Wendy Hall & Nigel Shadbolt (Southampton)

3. Policy Awareness on the World-Wide Web • Problem: • Maintaining data use policies (privacy, security, ownership, compliance) becomes infeasible as data bases become increasingly interconnected via the Web • Idea • Tag information on the web with metadata that expresses policy • Use Semantic Web infrastructure so that metadata schemes are open an extensible • Develop rules and reasoning mechanisms that check for adherence with policy • Evaluate policies with reference to user preferences, user data, Web data, operating context • Benefits • Enables flexible, decentralized approach to policy management • Permits local control (vs. global authorities) • Can deal with contexts where access control is insufficient.

4. Information Accountability: When information has been used, it should to possible to determine what happened, and to pinpoint use that is inappropriate

5. Augmenting information architecture to support accountability • Information is annotated with provenance that identifies its source. • Data transfers and uses are logged so that chains of transfers have audit trails • Databases and data providers supply machine-readable policies that govern permissible uses of the data. • Automated reasoning engines use policies to determine whether data use is appropriate. • Reasoning preserves context information and justifications supported by truth-maintenance systems. • As data items are combined, the usage rules governing the combinations are automatically deduced by means of a data-purpose algebra • Users of manipulate information via policy-aware interfaces that can enforce policies and/or signal non-compliant uses.

6. UseCase: Sharing of Data in Fusion Centers • Sender: Mia Analysa of Commonwealth Fusion Center • Data: Request for Information regarding Robert Guy • Receiver: Fedd Agenti of DHS • Is this allowed under policies of involved parties ?

7. Policy reasoning result in Justification UI

8. Exploring Policy Reasoning Results

10. AIR: A Policy Language for Usage Rules :Rule1 a air:Belief-rule; air:variable :U2; air:variable :P2; air:variable :AP; air:label "FirstAIRRule"; air:pattern { :U2 a air:UseEvent; :refers-to [ a mit:ProxCardEvent ]; :purpose P2; :UseEvent :allowed-purposes :AP. :P2 is-member-of :AP }; air:assert { :U2 :validPurpose :P2 }.

11. DSpace @ MIT enforces privacy policy at http://libraries.mit.edu/dspace-mit/build/policies/privacy.html @prefix : <http://www.dspace.org/rules#> . @prefix action: <http://www.cs.umbc.edu/~lkagal1/rei/ontologies/ReiAction.owl#> . @prefix constraint: <http://www.cs.umbc.edu/~lkagal1/rei/ontologies/ReiConstraint.owl#> . ... :CU0002UserPrivacy a policy:Policy; policy:context :MITLibrariesPrivacyPolicy; policy:grants :UserProvdePersonalInfo; policy:grants :UsePersonalInfo; policy:grants :DoNotDisclosePersonalInfo; policy:grants :DoRemovePersonalInfo . :UserProvidePersonalInfo a deontic:Obligation; deontic:actor :varPerson; deontic:action :ProvidePersonalInfo; deontic:context :EventParticipationAndAlertSubscription; policy:desc "DSpace requires users to provide personal information if they: 1. are involved in the submission of DSpace content and metadata 2. subscribe to the DSpace alerting service" . :ProvidePersonalInfo a action:Action; a history:ModifyMetadata; action:actor :varPerson; action:target :varPersonInfo; policy:desc "Provide Personal Information is the act of supplying the metadata recorded as an EPerson's object in DSpace.". A snippet of DSpace policy, expressed in REI