Скачать презентацию Policy Representation Reasoning Juri L De Coi Скачать презентацию Policy Representation Reasoning Juri L De Coi

2adbc66fa527d3eb5b4e67f6aa497b91.ppt

  • Количество слайдов: 69

Policy Representation & Reasoning Juri L. De Coi, Philipp Kärger, Daniel Olmedilla, Sergej Zerr Policy Representation & Reasoning Juri L. De Coi, Philipp Kärger, Daniel Olmedilla, Sergej Zerr L 3 s Research Center / Leibniz Hannover University L 3 S Research Seminar Hannover, 18 th April, 2008

Outline Introduction to Policy Representation & Reasoning n Motivation, requirements, state of the art Outline Introduction to Policy Representation & Reasoning n Motivation, requirements, state of the art L 3 S Policy framework n Protune in a Nutshell: framework and language Protune in Action: Policies on the Web n Static content protection and dynamic generation Reactive Policies, Current and Further Policy Work n Event reactivity, research ideas De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 2

Introduction: Policy Representation & Reasoning Daniel Olmedilla Introduction: Policy Representation & Reasoning Daniel Olmedilla

Policy Representation & Reasoning Problem Institutions, companies and people need to control the way Policy Representation & Reasoning Problem Institutions, companies and people need to control the way they n n Make business Take decisions Offer their assets Etc … Computers help us on our daily work performing tasks n that we cannot perform (or we do it worse) § hard to control manually, time-consuming, expensive, errorprone n automatically on our behalf But generally, we need to control how decisions and actions are taken De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 4

Policy Representation & Reasoning What is a Policy? Wikipedia: n deliberate plan of action Policy Representation & Reasoning What is a Policy? Wikipedia: n deliberate plan of action to guide decisions and achieve rational outcome(s) § Not necessarily related to IT In an IT setting: n Set of considerations designed to guide decisions of courses of actions Broad definition: n Set of statements defining the behaviour of an entity in a given situation De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 5

Policy Representation & Reasoning Policies are everywhere (I) Rules of ethics for robots 1. Policy Representation & Reasoning Policies are everywhere (I) Rules of ethics for robots 1. A robot may not injure a human being or, through inaction, allow a human being to come to harm. 2. A robot must obey orders given to it by human beings, except where such orders would conflict with the First Law. 3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law. [Isaac Asimov. Runaround. 1942 ] De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 6

Policy Representation & Reasoning Policies are everywhere (II) Declarative De Coi, Kärger, Olmedilla, Zerr Policy Representation & Reasoning Policies are everywhere (II) Declarative De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 7

Policy Representation & Reasoning Policies are everywhere (III) De Coi, Kärger, Olmedilla, Zerr L Policy Representation & Reasoning Policies are everywhere (III) De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 8

Policy Representation & Reasoning Policies are everywhere (IV) n B 2 B contracts § Policy Representation & Reasoning Policies are everywhere (IV) n B 2 B contracts § e. g. quantity flexible contracts, late delivery penalties, etc. n Negotiation § e. g. rules associated with auction mechanisms n Security § e. g. access control policies n Privacy § Information Collection Policies (aka “ P 3 P Privacy Policies”) § Obfuscation Policies n Workflow management § What to do under different sets of conditions n Context aware computing § What service to invoke to access a particular contextual attribute § Context-sensitive preferences [ by Norman Sadeh, Semantic Web Policy Workshop panel, ISWC 2005 ] De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 9

Policy Representation & Reasoning The goal Build applications/agents where n Behaviour is flexible § Policy Representation & Reasoning The goal Build applications/agents where n Behaviour is flexible § Can be changed/updated dynamically § without re-coding, re-compiling, re-installing, etc… § In a costless manner n Can be managed by administrators/users without needing to be computer experts n Can be understood by normal users De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 10

Policy Representation & Reasoning Benefits n n n Explicit license for autonomous behaviour Reusability Policy Representation & Reasoning Benefits n n n Explicit license for autonomous behaviour Reusability Efficiency Extensibility Context-sensitivity Verifiability Support for simple as well as sophisticated agents Protection from poorly-designed, buggy or malicious agents Reasoning about agent behaviour Compact representation, possibly declarative Etc. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 11

Policy Representation & Reasoning Requirements / Challenges n Many policies, one framework n Conflict Policy Representation & Reasoning Requirements / Challenges n Many policies, one framework n Conflict Resolution n Integration with external sources n Policies as active objects § Executing actions n Negotiations n User awareness and control n Cooperative enforcement De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 12

Policy Representation & Reasoning Many policies, one framework (I) The term policy covers: n Policy Representation & Reasoning Many policies, one framework (I) The term policy covers: n Security/Privacy policies, Trust management n Business rules n Quality of Service directives n Service-level agreements n Communication and conversation policies § and more. . . In many cases they are interleaved n If customers are younger than 26 give a 20% discount on international tickets n Up to 15% of network bandwidth can reserved if payment is done with an accepted credit card n Customers can rent a car if they are 18 or older, and exhibit a driving license and a valid credit card De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 13

Policy Representation & Reasoning Many policies, one framework (II) It is appealing to integrate Policy Representation & Reasoning Many policies, one framework (II) It is appealing to integrate all policies in one framework n One common infrastructure § for interoperability and decision making n Where policies can be harmonized & coordinated De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 14

Policy Representation & Reasoning Conflict Resolution (I) Positive authorization You can access file 123. Policy Representation & Reasoning Conflict Resolution (I) Positive authorization You can access file 123. txt Obligation You must inform your boss Alice Negative authorization You can not access file 123. txt Dispensation You don’t need to inform your boss De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar Ivan April 18 th, 2008 15

Policy Representation & Reasoning Conflict Resolution (II) Security typically assumes “everything is denied by Policy Representation & Reasoning Conflict Resolution (II) Security typically assumes “everything is denied by default” no need for disallow policies n The cost of disclosing a sensitive resource is higher than not disclosing a public one But, if there exists the need, then it is required to provide techniques for n Conflict detection n Conflict harmonization De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 16

Policy Representation & Reasoning Integration with external systems Policies are not islands Decisions need Policy Representation & Reasoning Integration with external systems Policies are not islands Decisions need data, information, and knowledge n Each organization has its own § Already available through legacy software and data § A realistic solution must interoperate with them n Third parties § Credit card sites for validity checking § External databases n Variety of web resources De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 17

Policy Representation & Reasoning Negotiations (I) Alice Bob Step 1: Alice requests a service Policy Representation & Reasoning Negotiations (I) Alice Bob Step 1: Alice requests a service from Bob Step 2: Bob discloses his policy protecting the service Step 3: Alice discloses her policy protecting the VISA Step 4: Bob discloses his BBB credential Step 5: Alice discloses her VISA card credential Service De Coi, Kärger, Olmedilla, Zerr Step 6: Bob grants access to the service L 3 S Research Seminar April 18 th, 2008 18

Policy Representation & Reasoning Negotiations (II) Used for n Access control n Service-level agreements Policy Representation & Reasoning Negotiations (II) Used for n Access control n Service-level agreements n Dynamic contracts § E. g. , in web service composition n Autonomic computing n Pervasive environments § E. g. , sensor networks n Etc. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 19

Policy Representation & Reasoning User awareness and control n Explain policies and system decisions Policy Representation & Reasoning User awareness and control n Explain policies and system decisions § Make rules & reasoning intelligible to the common user n Encourage people to personalize their policies § Make it easy for users to write their own rules De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 20

Policy Representation & Reasoning Cooperative Policy Enforcement Crucial for the success of a service Policy Representation & Reasoning Cooperative Policy Enforcement Crucial for the success of a service § Never say (only) “no”! § Encourage first-time users You can’t open this door, but you can ask Alice for permission § Who don't know how to use your service n Explain policy decisions § Especially failures § Advanced queries: Why not § Advanced queries: How-to, What-if De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 21

Policy Representation & Reasoning Main State of the Art Approaches Ponder n OO language, Policy Representation & Reasoning Main State of the Art Approaches Ponder n OO language, well established, focus on network management XACML n Standard by OASIS, it being taken up by companies KAOS n Based on DL reasoning REI n Combination of DL representation and LP semantics Peer. Trust n Based on guarded distributed logic programs And many others De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 22

Protune policy framework: (not too) technical details Juri Luca De Coi Protune policy framework: (not too) technical details Juri Luca De Coi

Protune Policy Framework Outline n Getting started n Protune Features n Usability issues De Protune Policy Framework Outline n Getting started n Protune Features n Usability issues De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 24

Getting started Getting started

Protune Policy Framework Overview Alice Bob Policy ………. Intelligent policy engine De Coi, Kärger, Protune Policy Framework Overview Alice Bob Policy ………. Intelligent policy engine De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar Request Decision April 18 th, 2008 26

Protune Policy Framework Just to get the flavor. . . IF conditions are fullfilled Protune Policy Framework Just to get the flavor. . . IF conditions are fullfilled THEN allow action n disclose(‘/EWSCpaper 2008. pdf’) send. L 3 SEmployee. Id. A resource can be disclosed if its status is „published“ n disclose(X) status(X, published). EWSCpaper 2008. pdf can be disclosed to the other peer if it has sent an L 3 S employee id. status(‘/EWSCpaper 2007. pdf’, published). status(‘/EWSCpaper 2008. pdf’, not. Published). De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 27

Protune Features Protune Features

Protune Policy Framework Standard example n disclose(X) status(X, not. Published), send. L 3 SEmployee. Protune Policy Framework Standard example n disclose(X) status(X, not. Published), send. L 3 SEmployee. Id. Actions may be needed in order to make decisions status(‘/EWSCpaper 2007. pdf’, published). status(‘/EWSCpaper 2008. pdf’, not. Published). De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 29

Protune Policy Framework Metapolicy “type” n disclose(X) status(X, not. Published), send. L 3 SEmployee. Protune Policy Framework Metapolicy “type” n disclose(X) status(X, not. Published), send. L 3 SEmployee. Id. Usual predicate Action status(‘/EWSCpaper 2007. pdf’, published). status(‘/EWSCpaper 2008. pdf’, not. Published). send. L 3 SEmployee. Id->type: action. status(X, Y)->type: logical. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 30

Protune Policy Framework Metapolicy “actor” n disclose(X) status(X, not. Published), send. L 3 SEmployee. Protune Policy Framework Metapolicy “actor” n disclose(X) status(X, not. Published), send. L 3 SEmployee. Id. Who executes the action? The requester? The local system? status(‘/EWSCpaper 2007. pdf’, published). A third party? status(‘/EWSCpaper 2008. pdf’, not. Published). send. L 3 SEmployee. Id->type: action. send. L 3 SEmployee. Id->actor: peer. status(X, Y)->type: logical. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 31

Protune Policy Framework Available actions n Access to relational databases n Access to RDF Protune Policy Framework Available actions n Access to relational databases n Access to RDF repositories n Credential exchange n Searching of regular expressions within a file n Interface to an LDAP server n Time and location management De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 32

Protune Policy Framework Explanations De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar Protune Policy Framework Explanations De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 33

Usability issues Usability issues

Protune Policy Framework Usability issues n download(User, Resource) authenticated(User), have(User, Subscription), available. For(Subscription, Resource). Protune Policy Framework Usability issues n download(User, Resource) authenticated(User), have(User, Subscription), available. For(Subscription, Resource). authenticated(‘Bob’). have(‘Bob’, lncs. Subscription). available. For(lncs. Subscription, ESWCpaper 2007. pdf). authenticated(User)->type: logical. Every user who is available. For(Subscription, Resource)->type: logical. authenticated and who have(User, Subscription)->type: logical. has a subscription that is available for a resource can download the resource. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 35

Protune Policy Framework Using natural language: Problem How to deal with ambiguities? De Coi, Protune Policy Framework Using natural language: Problem How to deal with ambiguities? De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 36

Protune Policy Framework Using natural language: Ambiguities (I) Bob looks at the girl on Protune Policy Framework Using natural language: Ambiguities (I) Bob looks at the girl on the hill with a telescope De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 37

Protune Policy Framework Using natural language: Ambiguities (II) 2 girls lift 2 tables De Protune Policy Framework Using natural language: Ambiguities (II) 2 girls lift 2 tables De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 38

Protune Policy Framework Solution: Use a controlled natural language What does “controlled” mean? n Protune Policy Framework Solution: Use a controlled natural language What does “controlled” mean? n Rules are used in order to automatically disambiguate ambiguous sentences § Bob looks at the girl on the hill with a telescope Example disambiguation rule: Propositional phrases refer to the predicate of the sentence n Only a subset of valid English sentences are valid sentences De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 39

Protune Policy Framework Disambiguation: using ACE (I) Bob looks at the girl on the Protune Policy Framework Disambiguation: using ACE (I) Bob looks at the girl on the hill with a telescope Bob looks with a telescope at the girl who is on the hill. De Coi, Kärger, Olmedilla, Zerr Bob looks at the girl on the hill with a telescope. L 3 S Research Seminar Bob looks at the girl who is on the hill with a telescope. April 18 th, 2008 40

Protune Policy Framework Disambiguation: using ACE (II) 2 girls lift 2 tables. De Coi, Protune Policy Framework Disambiguation: using ACE (II) 2 girls lift 2 tables. De Coi, Kärger, Olmedilla, Zerr Each of 2 girls lifts one table. L 3 S Research Seminar Each of 2 girls lifts 2 tables. April 18 th, 2008 41

Protune Policy Framework The ACE Protune translation (I) Every user who is authenticated and Protune Policy Framework The ACE Protune translation (I) Every user who is authenticated and who has a subscription that is available for a resource can download the resource. drs([], [ drs([A, B, C, D, E, F, G, H], [ object(A, user, countable, na, eq, 1)-1, property(B, authenticated, pos)-1, predicate(C, be, A, B)-1, object(D, subscription, countable, na, eq, 1)-1, object(E, resource, countable, na, eq, 1)-1, property(F, available, pos)-1, predicate(G, be, D, F)-1, modifier_pp(G, for, E)-1, predicate(H, have, A, D)-1 ]) => drs([], [ <> drs([I], [ predicate(I, download, A, E)-1 ]) ]) ]). De Coi, Kärger, Olmedilla, Zerr download(User, Resource) authenticated(User), ‘available#for’(Subscription, Resource), have(User, Subscription). L 3 S Research Seminar April 18 th, 2008 42

Protune Policy Framework The ACE Protune translation (II) Every user who provides a declaration Protune Policy Framework The ACE Protune translation (II) Every user who provides a declaration whose username is the user's name and whose password is the user's password is authenticated(User) User. name: Username, User. password: Password, provide(User, Declaration), Declaration. password: Password, Declaration. username: Username. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 43

Protune Policy Framework The ACE Protune translation (III) Every user who sends a credential Protune Policy Framework The ACE Protune translation (III) Every user who sends a credential • that is valid and • whose type is "credit. Card" and • whose owner is authenticated and • on which a price is charged pays the price with "credit. Card". 'pay#with'(User, Price, credit. Card) valid(Credential), Credential. type: credit. Card, authenticated(Owner), 'charged#on'(Price, Credential), send(User, Credential), Credential. owner: Owner. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 44

Policy Based Protection and Personalized Generation of Web Content Sergej Zerr Policy Based Protection and Personalized Generation of Web Content Sergej Zerr

Protune in Action: Policies on the Web Trust within an Open Environment A x Protune in Action: Policies on the Web Trust within an Open Environment A x x Bookstore Web server De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar LMS April 18 th, 2008 46

Protune in Action: Policies on the Web Using Trust Negotiation Web Package x Applet Protune in Action: Policies on the Web Using Trust Negotiation Web Package x Applet Servlet Container (e. g Tomcat) var protected. Resources= new Array( ‘http: //test. de/test. jsp‘ );

1. Reactive Policies 2. More policy research topics Philipp Kärger 1. Reactive Policies 2. More policy research topics Philipp Kärger

Reactive Policies Always accept files sent L 3 S members can My research While Reactive Policies Always accept files sent L 3 S members can My research While doing valuablestudents … by L 3 S members but only call me during can call me only on Wednesday morning. After the semester, deny their calls. business hours. only if it’s not an exe file. Show my date of birth only to family members. Notify me if one of my contacts has birthday and goes online. De Coi, Kärger, Olmedilla, Zerr Automatically accept “share contact dates” for L 3 S members and for the contacts of my family. If someone phones me while I am on a call, deny the call L 3 S Research Seminar and open a chat instead. 2008 April 18 th, 49

Reactive Policies Current Policies they define under which conditions things are true, e. g. Reactive Policies Current Policies they define under which conditions things are true, e. g. , § who exactly gets access § why we grant access § what is needed to get access De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 50

Reactive Policies What is a reactive policy? But what is missing in current policy Reactive Policies What is a reactive policy? But what is missing in current policy frameworks? When is the policy evaluated? Triggering Events What exactly happens if a policy is evaluated to true or false? Actions (as reactions to events) IF EVENT “call comes in” HAPPENS AND “I am on another call” HOLDS PERFORM ACTION “deny call and open chat” Reactivity! De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar If someone phones me while I am on a call, deny the call and open a chat instead. April 18 th, 2008 51

Reactive Policies Reactivity in Databases: “Active Database Systems”, Book, 1995 many more Reactivity on Reactive Policies Reactivity in Databases: “Active Database Systems”, Book, 1995 many more Reactivity on the web: “An Event Condition Action Language for XML”, WWW 2002 EDBT 2006 Workshop “Reactivity on the Web” REWERSE Work Package “Evolution and Reactivity” some more De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 52

Reactive Policies Approach Claim: We need policies that allow for reactivity. Solution: Reactive Policies Reactive Policies Approach Claim: We need policies that allow for reactivity. Solution: Reactive Policies also called Event Condition Action Policies De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 53

Reactive Policies Event Condition Action Policies - always three components: - Event: when is Reactive Policies Event Condition Action Policies - always three components: - Event: when is the rule evaluated - Condition: what has to be satisfied - Action: what is the reaction to the event ON a call comes in IF I am on another call DO deny call and open chat De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar If someone phones me while I am on a call, deny the call and open a chat instead. April 18 th, 2008 54

Reactive Policies Solution How do we get all this to work? r³ and Protune Reactive Policies Solution How do we get all this to work? r³ and Protune Combining a Reactive Framework and a Policy Framework De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 55

Reactive Policies r 3 – Resourceful Reactive Rules (developed at the AI Center, Universida Reactive Policies r 3 – Resourceful Reactive Rules (developed at the AI Center, Universida de Nova de Lisboa (Portugal)) (Semantic) Web Rule Engine for Reactive Rules evaluates rules of the form: my. Event. Language: Skype. Call. Comes. In(User) my. Condition. Language: is. Not. Trusted(User) my. Action. Language: deny. Call(User) plugging in arbitrary languages makes it really flexible De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 56

Reactive Policies Combining r 3 and Protune any event language (e. g. , XChange, Reactive Policies Combining r 3 and Protune any event language (e. g. , XChange, Prova) Protune goals my. Event. Language: Skype. Call. Comes. In(User) PROTUNE: is. Not. Trusted(User) PROTUNE: deny. Call(User) Protune external actions De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 57

Reactive Policies Benefits Protune • allows for negotiations, information exchange • provides explanations • Reactive Policies Benefits Protune • allows for negotiations, information exchange • provides explanations • allows for (external) actions enhance reactivity with policies r³ making policies reactive De Coi, Kärger, Olmedilla, Zerr • allows for arbitrary event languages • evalutates Event Condition Action rules • handles the binding across events, conditions, actions L 3 S Research Seminar April 18 th, 2008 58

Reactive Policies Summary • Reactive Policies – policy-enabled Reactivity • policies need some kind Reactive Policies Summary • Reactive Policies – policy-enabled Reactivity • policies need some kind of reactivity n no current policy framework allows for reactivity n no current reactive rule framework allows for policies • ECA policies n provide access control n provide semantics for events and actions • combining r³ and Protune merges both worlds n advanced access control with policies n engine for reactive rules extends De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 59

More research ideas … • Daniel, Juri, Philipp, Sergej, and some more More research ideas … • Daniel, Juri, Philipp, Sergej, and some more

More research ideas Outline 1. Changing policies while negotiating. 2. Using preferences to guide More research ideas Outline 1. Changing policies while negotiating. 2. Using preferences to guide decisions in negotiations. 3. Access control to RDF repositories. 4. Access control for desktop sharing. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 61

More research ideas 1. Changing policies while negotiating Problem: What if I change my More research ideas 1. Changing policies while negotiating Problem: What if I change my policies while my agent is negotiating? Policy: Only university members can call me. I want to ca ll you via Skype. rove ve to p u ha L 3 S. Ok, yo rk for u wo that yo … De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar New Policy: Only L 3 S members can call me. April 18 th, 2008 62

More research ideas 2. Preferences guiding negotiations Problem: What if there are two possibilities More research ideas 2. Preferences guiding negotiations Problem: What if there are two possibilities to succeed in a negotiation? I prefer to disclose my Student ID instead of disclosing my passport. Philipp Kärger, Daniel Olmedilla, Wolf-Tilo Balke “Using Preferences for Credential Disclosure in Policy-Driven Trust Negotiations. ” De Coi, Kärger, Olmedilla, Zerr Just submitted. L 3 S Research Seminar April 18 th, 2008 63

More research ideas 3. Access control to RDF repositories • RDF data is accessible More research ideas 3. Access control to RDF repositories • RDF data is accessible only under certain conditions. • Problem: how to enforce this for querying? Return all triples FROM the ones I am interested in WHERE my conditions are true. RDF store (sensitive data) expansion Fabian Abel, Juri Luca De Coi, Nicola Henze, Arne W. Koesling, Daniel Krause, Daniel Olmedilla “Enabling Advanced and Context-Dependent Access Control in RDF Stores. ” De Coi, Kärger, Olmedilla, Zerr ISWC 2007 Return all triples FROM the ones I am interested in WHERE my conditions are true AND the policy’s conditions are true. Policies: conditions that have to be fulfilled to access information. L 3 S Research Seminar April 18 th, 2008 64

More research ideas 4. Access control for desktop sharing (I) Metadata: author: … title: More research ideas 4. Access control for desktop sharing (I) Metadata: author: … title: … date: … inverted index: “I want access to your private document. ” Juri L. De Coi, Ekaterini Ioannou, Arne Koesling, and Daniel Olmedilla. “Is there a document containing ‘FBI’ in the title? ” “Access control for sharing semantic data across desktops. ” Workshop on Privacy Enforcement and Accountability with De Coi, (PEAS), 2007. Semantics Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 65

More research ideas 4. Access control for desktop sharing (II) Pre-evaluate for each file, More research ideas 4. Access control for desktop sharing (II) Pre-evaluate for each file, each metadata, and each user. Policies: Who is allowed to see what metadata of what file under which conditions. De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 66

End of the Seminar Let us give you a policy ON seminar just finished End of the Seminar Let us give you a policy ON seminar just finished IF you liked it OR you had fun OR you learned something OR you liked the ice cream DO big applause De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 67

Thanks! Questions? decoi@L 3 S. de – http: //www. L 3 S. de/web/DECOI kaerger@L Thanks! Questions? [email protected] 3 S. de – http: //www. L 3 S. de/web/DECOI [email protected] 3 S. de – http: //www. L 3 S. de/~kaerger [email protected] 3 S. de – http: //www. olmedilla. info/ [email protected] 3 S. de – http: //www. L 3 S. de/web/ZERR De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 68

References • Antoniou et al. , Rule-based policy specification. Secure Data Management in Decentralized References • Antoniou et al. , Rule-based policy specification. Secure Data Management in Decentralized Systems. Springer, 2007. http: //www. l 3 s. de/~olmedilla/pub/2007_book. DDMS_rule_policies. pdf • Bonatti, Olmedilla. Rule-based policy representation and reasoning for the semantic web. In Reasoning Web, Third International Summer School 2007. Springer. http: //www. l 3 s. de/~olmedilla/pub/2007_Reasoning. Web-policies. pdf • Antoniou et al. (Eds. ): Reasoning Web 2007. Springer LNCS 4636, pp. 1– 153 • Bradshaw et al. , Making Agents Acceptable to people, Intelligent technologies for information analysis: Advances in agents, data mining and statistical learning. Springer http: //www. ihmc. us/research/projects/KAo. S/biit-jeff. pdf De Coi, Kärger, Olmedilla, Zerr L 3 S Research Seminar April 18 th, 2008 69