SlideShare ist ein Scribd-Unternehmen logo

Access Control for Linked Data: Past, Present and Future

Als PPTX, PDF herunterladen
Sabrina Kirrane
Sabrina Kirrane

In recent years we have seen significant advances in the technology used to both publish and consume, structured data using the existing web infrastructure, commonly referred to as the Linked Data Web. However, in order to support the next generation of e-business applications on top of Linked Data suitable forms of access control need to be put in place. In this talk we will examine the various access control models, standards and policy languages, and the different access control enforcement strategies for the Resource Description Framework (the data model underpinning the Linked Data Web). We propose a set of access control requirements that can be used to categorise existing access control strategies and identify a number of challenges that still need to be overcome.

Technologie
1 von 42
Access Control for Linked Data: Past, Present and Future Sabrina Kirrane Insight Centre for Data Analytics, NUIG Department of Maths and Computing, GMIT
Structure of the Talk
<title> Hello World </title> She’ll know what to do with <title> Ah yes, I display this at the top. From document markup (HTML) …
To data markup (XML)… <time=“10:36”/> She’ll know what <time> means This is what my user asked for. Thanks!
To arbitrary information exchange ??? <sabrina lecturesAt GMIT/> This is the data I have. What’s a sabrina?
<Sabrina lecturesAt GMIT/> To Semantics…
Publishing and Consuming Linked Data RDB2RDF RDB2RDF RDB2RDF Interface
1.1 Why do we need Access Control?
Access Control and RDF – The Past
Access Control and RDF – The Past Models
Mandatory Access Control Models TOP SECRET SECRET CONFIDENTIAL PUBLIC Access Labels Subjects Resources Yagüe et al, Applying the semantic web to access control, 2003 Kodali et al, An authorization model for multimedia digital libraries, 2004
Discretionary Access Control DELETE UPDATE CREATE READ Delegate Permissions Subjects Resources Gabillon and Letouzey, A view based access control model for sparql, 2010 Models
Role Based Access Control DELETE UPDATE CREATE READ Sales Marketing Roles Permissions Employee Subjects Resources Finin et al, Rowlbac: Representing role based access control in owl, 2008 Models
Attribute Based Access Control Age > 21 Affiliation = Insight DELETE UPDATE CREATE READ Attributes Permissions Subjects Resources Priebe et al, A pattern system for access control, 2004 Models
Context Based Access Control Device = mobile Near = Insight Attributes DELETE UPDATE CREATE READ Permissions Subjects Resources Luca Costabello et al, Linked data access goes mobile: Context-aware authorization for graph stores, 2012 Models
Access Control and RDF – The Past Models
eXtensible Access Control Markup Language Policy Administration Point (PAP)) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Information Point (PIP) Ferrini and Bertino, Supporting rbac with xacml+owl, 2009 https://www.oasis- open.org/committees/tc_home.php?wg_ abbrev=xacml
Web Access Control Serena Villata et al, An access control model for linked data, 2011 Sacco and Passant, A privacy preference ontology (ppo) for linked data, 2011 1. Give read access to the WebID profile document /2013/card to everyone. 2. Gives read access to the /2013/protected resource, to the members of a group that went to a particular conference. http://www.w3.org/wiki/WebAccessControl http://www.w3.org/2005/Incubator/webid/spec/ WebID Profile
Platform for Privacy Preferences Garcia and Toledo, A web service privacy framework based on a policy approach enhanced with ontologies, 2008 http://www.w3.org/TR/P3P/
Access Control and RDF – The Past Models
Ontology Based Enforcement - KAoS actors (human and agents) actions e.g. accessing, communication and monitoring authorisations and obligations positive and negative entities associated with actions Bradshaw et al, KAoS: Toward an Industrial-strength Open Agent Architecture, 1997
Policy Administration Tool Guards Enforcers Domain Managers Ontology Based Enforcement - KAoS Policy Admin Tool User friendly interface for those that are not familiar with DAML and OWL Domain Managers Manage membership and distribute policies to Guards Guards Enforce platform independent policies Enforcers Enforce platform dependent policies (Interface for developers) Bradshaw et al, KAoS: Toward an Industrial-strength Open Agent Architecture, 1997
Policy Administration Tool Guards Enforcers Domain Managers Ontology Based Enforcement - KAoS Policies can easily be merged / adopted by others Deductive Reasoning infer new policies based on relationship between access control entities Abductive reasoning determine the access rights required to meet a given policy Bradshaw et al, KAoS: Toward an Industrial-strength Open Agent Architecture, 1997
Rule Based Enforcement - Rei users and agents speech acts delegation, revocation, request, cancel, promise and command deontic logic permissions, prohibitions, obligations and dispensations services and resources Kagal and Finin, A policy language for a pervasive computing environment, 2003
Rule Based Enforcement - Rei Client Mode Server Mode The server: 1. retrieves the relevant policies 2. requests the credentials necessary to access the resource from the client 3. verifies the client credentials against the policies 1. The server returns a link to a policy which the client must satisfy 2. The client generates a proof that the requester can satisfy the policy 3. The client forwards the proof to the server. Kagal and Finin, A policy language for a pervasive computing environment, 2003
Rule Based Enforcement - Protune users and agents Decision predicates outcome of the policy Provisional predicates conditions- credentials and declarations Abbreviation predicates Abstractions used for simplification services and resources Bonatti et al, Protune: A rule-based provisional trust negotiation framework
Rule Based Enforcement - Protune inference engine execution handler negotiation handler Framework Bonatti et al, Protune: A rule-based provisional trust negotiation framework Negotiation handler sending conditions and processing responses Execution handler interact with external systems and data sources Inference Engine enforcing policies (deduction) and retrieving evidences (abduction)
Rule Based Enforcement - Protune • How-to queries (provide a description of the policy) • What-if queries (give foresight into potential policy outcomes) • Why queries (give explanations for positive negotiations outcomes) • Why-not queries (give explanations for negative outcomes) Explanations inference engine execution handler negotiation handler Framework Bonatti et al, Protune: A rule-based provisional trust negotiation framework
Combining Description Logic And Rules Like KAoS ontologies to model both domain information and policies - conflict resolution and harmonisation at design time Like Rei rules used to support dynamic constraints and run time variables - access control based on dynamic context pertaining o the requester or the environment Like Protune policy disclosure and policy negotiation Toninelli et al, Rule-based and ontology-based policies Kolovski et al, Analyzing web access control policies Use defeasible description logic Strict Rules that cannot be overwritten Defeasible rules that may be overwritten by a higher priority rule to understand the effect and the consequence of sets of XACML access control policies Toninelli et al, Rule-based and ontology-based policies: Toward a hybrid approach, 2005 Kolovski et al, Analyzing web access control policies, 2007
Access Control and RDF – The Past Models
Specification – Patterns, Views & Ontologies entx:EmployeeData { entx:JB rdf:type foaf:Person . entx:JB foaf:givenName "Joe". … } ?X rdf:type foaf:Person ?G Construct & Describe Queries Reddivari et al, Policy- based access control for an rdf store., 2005 Gabillon and Letouzey, A view based access control model for sparql, 2010 Sacco and Passant, A privacy preference ontology (ppo) for linked data, 2011
Reasoning – Based on ontology concepts entx:EmployeeData { entx:JB rdf:type entx:Employee . entx:JB foaf:givenName "Joe". entx:JB foaf:lastName "Bloggs". entx:JB entx:salary “40000". entx:MR rdf:type entx:Employee . entx:MR foaf:givenName “May“ . entx:MR foaf:lastName “Ryan". entx:MR entx:salary “80000". entx:Employee rdfs:subClassOf foaf:Person. } ?X rdf:type foaf:Person . Class -> SubClass Property -> SubProperty Class->Instances Qin et al, Concept-level access control for the semantic web, 2003 Javanmardi et al, Sbac: A semantic based access control model, 2006
Partial Query Results Query Rewriting Data Filtering Dietzold and Auer, Access control on rdf triple stores from a semantic wiki perspective, 2006. Abel et al, Enabling advanced and context dependent access control in rdf stores, 2007
Access Control and Linked Data – The Present
August 2014 Access Control and Linked Data Models
Access Control and Linked Data Data Context Policy Luca Costabello et al, Access control for http operations on linked data, 2013
Access Control and Linked Data Data FOAF Profile Policy Sacco and Passant, A privacy preference manager for the social semantic web, 2011
RDB2RDF RDB2RDF Kirrane et al, Linked Data with Access Control, 2015 Linked Data Authorisation Architecture
Linked Data Authorisation Architecture RDB2RDF RDB2RDF Kirrane et al, Linked Data with Access Control, 2015.
Access Control and Linked Data – The Future
Yagüe et al. Access control and the layers of the Semantic Web Damiani et al. Weitzner et al. Paradigms where privacy is a key requirement De Coi et al. Bonatti and Olmedilla Interplay between trust, access control and policy languages Ryutov et et Access should be based on the Graph structure Access Control for Linked Data – The Future
Access Control for Linked Data – The Future Specification Granularity Underlying Formalism Reasoning Condition Expressiveness Attributes, Context & Evidences Heterogeneity & Interoperability Implementation Delegation Consistency & Safety Usability Understandability Administration Effectiveness Distributed Flexibility & Extensibility Enforcement Negotiation Explanations Conflict Resolution

Empfohlen

Sabrina Kirrane INSIGHT Viva Presentation
Sabrina Kirrane INSIGHT Viva Presentation Sabrina Kirrane INSIGHT Viva Presentation
Sabrina Kirrane INSIGHT Viva Presentation Sabrina Kirrane
 
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Sabrina Kirrane
 
Lucene solrrev documentlevelsecurity_rajanimaski_final
Lucene solrrev documentlevelsecurity_rajanimaski_finalLucene solrrev documentlevelsecurity_rajanimaski_final
Lucene solrrev documentlevelsecurity_rajanimaski_finalRajani Maski
 
A Decision Model for Choosing Patterns in Blockchain-based Applications
A Decision Model for Choosing Patterns in Blockchain-based ApplicationsA Decision Model for Choosing Patterns in Blockchain-based Applications
A Decision Model for Choosing Patterns in Blockchain-based ApplicationsDilum Bandara
 
Architecture authorization-constrained
Architecture authorization-constrainedArchitecture authorization-constrained
Architecture authorization-constrainedAhmed Sabeeh
 
Review Paper On Multi-Keyword Ranked Search in Encrypted Cloud Storage
Review Paper On Multi-Keyword Ranked Search in Encrypted Cloud StorageReview Paper On Multi-Keyword Ranked Search in Encrypted Cloud Storage
Review Paper On Multi-Keyword Ranked Search in Encrypted Cloud StorageIRJET Journal
 
Acupulco cda access (2)
Acupulco cda access (2)Acupulco cda access (2)
Acupulco cda access (2)eyetech
 
Lighting a Beacon: training for (future) implementers
Lighting a Beacon: training for (future) implementersLighting a Beacon: training for (future) implementers
Lighting a Beacon: training for (future) implementersCINECAProject
 

Empfohlen

Sabrina Kirrane INSIGHT Viva Presentation
Sabrina Kirrane INSIGHT Viva Presentation Sabrina Kirrane INSIGHT Viva Presentation
Sabrina Kirrane INSIGHT Viva Presentation Sabrina Kirrane
 
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...
Scalable policy-aware Linked Data architecture for prIvacy, transparency and ...Sabrina Kirrane
 
Lucene solrrev documentlevelsecurity_rajanimaski_final
Lucene solrrev documentlevelsecurity_rajanimaski_finalLucene solrrev documentlevelsecurity_rajanimaski_final
Lucene solrrev documentlevelsecurity_rajanimaski_finalRajani Maski
 
A Decision Model for Choosing Patterns in Blockchain-based Applications
A Decision Model for Choosing Patterns in Blockchain-based ApplicationsA Decision Model for Choosing Patterns in Blockchain-based Applications
A Decision Model for Choosing Patterns in Blockchain-based ApplicationsDilum Bandara
 
Architecture authorization-constrained
Architecture authorization-constrainedArchitecture authorization-constrained
Architecture authorization-constrainedAhmed Sabeeh
 
Review Paper On Multi-Keyword Ranked Search in Encrypted Cloud Storage
Review Paper On Multi-Keyword Ranked Search in Encrypted Cloud StorageReview Paper On Multi-Keyword Ranked Search in Encrypted Cloud Storage
Review Paper On Multi-Keyword Ranked Search in Encrypted Cloud StorageIRJET Journal
 
Acupulco cda access (2)
Acupulco cda access (2)Acupulco cda access (2)
Acupulco cda access (2)eyetech
 
Lighting a Beacon: training for (future) implementers
Lighting a Beacon: training for (future) implementersLighting a Beacon: training for (future) implementers
Lighting a Beacon: training for (future) implementersCINECAProject
 
Svcc services presentation (Silicon Valley code camp 2011)
Svcc services presentation (Silicon Valley code camp 2011)Svcc services presentation (Silicon Valley code camp 2011)
Svcc services presentation (Silicon Valley code camp 2011)Jen Wong
 
Privacy and Auditing in Clouds
Privacy and Auditing in CloudsPrivacy and Auditing in Clouds
Privacy and Auditing in CloudsTyrone Grandison
 
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-Encryption
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-EncryptionIRJET- Data Centric Access Control Solution with Role baesd Proxy Re-Encryption
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-EncryptionIRJET Journal
 
PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.Lihi Idan
 
Scalable Data Management: Automation and the Modern Research Data Portal
Scalable Data Management: Automation and the Modern Research Data PortalScalable Data Management: Automation and the Modern Research Data Portal
Scalable Data Management: Automation and the Modern Research Data PortalGlobus
 
Policy based access control
Policy based access controlPolicy based access control
Policy based access controlElimity
 
An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...Marina Riga
 
Signed metadata : method and application
Signed metadata : method and applicationSigned metadata : method and application
Signed metadata : method and applicationJulie Allinson
 
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)Globus
 
A03302001006
A03302001006A03302001006
A03302001006theijes
 
MongoDB World 2018: Evolving your Data Access with MongoDB Stitch
MongoDB World 2018: Evolving your Data Access with MongoDB StitchMongoDB World 2018: Evolving your Data Access with MongoDB Stitch
MongoDB World 2018: Evolving your Data Access with MongoDB StitchMongoDB
 
Some Studies on Protection for the Hidden Attribute Based Signatures without ...
Some Studies on Protection for the Hidden Attribute Based Signatures without ...Some Studies on Protection for the Hidden Attribute Based Signatures without ...
Some Studies on Protection for the Hidden Attribute Based Signatures without ...ijtsrd
 
Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Editor IJARCET
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
Fedora
FedoraFedora
FedoraChammika Gunathilake
 
Oruta privacy preserving public auditing for shared data in the cloud
Oruta privacy preserving public auditing for shared data in the cloudOruta privacy preserving public auditing for shared data in the cloud
Oruta privacy preserving public auditing for shared data in the cloudNexgen Technology
 
Putting Kit back in SDK
Putting Kit back in SDKPutting Kit back in SDK
Putting Kit back in SDKdarrelmiller71
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...IJERA Editor
 
Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Papitha Velumani
 
Web Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and SimplicityWeb Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and Simplicityhannonhill
 
Transparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadTransparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadSabrina Kirrane
 
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Sabrina Kirrane
 

Weitere ähnliche Inhalte

Was ist angesagt?

Svcc services presentation (Silicon Valley code camp 2011)
Svcc services presentation (Silicon Valley code camp 2011)Svcc services presentation (Silicon Valley code camp 2011)
Svcc services presentation (Silicon Valley code camp 2011)Jen Wong
 
Privacy and Auditing in Clouds
Privacy and Auditing in CloudsPrivacy and Auditing in Clouds
Privacy and Auditing in CloudsTyrone Grandison
 
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-Encryption
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-EncryptionIRJET- Data Centric Access Control Solution with Role baesd Proxy Re-Encryption
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-EncryptionIRJET Journal
 
PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.Lihi Idan
 
Scalable Data Management: Automation and the Modern Research Data Portal
Scalable Data Management: Automation and the Modern Research Data PortalScalable Data Management: Automation and the Modern Research Data Portal
Scalable Data Management: Automation and the Modern Research Data PortalGlobus
 
Policy based access control
Policy based access controlPolicy based access control
Policy based access controlElimity
 
An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...Marina Riga
 
Signed metadata : method and application
Signed metadata : method and applicationSigned metadata : method and application
Signed metadata : method and applicationJulie Allinson
 
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)Globus
 
A03302001006
A03302001006A03302001006
A03302001006theijes
 
MongoDB World 2018: Evolving your Data Access with MongoDB Stitch
MongoDB World 2018: Evolving your Data Access with MongoDB StitchMongoDB World 2018: Evolving your Data Access with MongoDB Stitch
MongoDB World 2018: Evolving your Data Access with MongoDB StitchMongoDB
 
Some Studies on Protection for the Hidden Attribute Based Signatures without ...
Some Studies on Protection for the Hidden Attribute Based Signatures without ...Some Studies on Protection for the Hidden Attribute Based Signatures without ...
Some Studies on Protection for the Hidden Attribute Based Signatures without ...ijtsrd
 
Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Editor IJARCET
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountabilityNandini Chandran
 
Oruta privacy preserving public auditing for shared data in the cloud
Oruta privacy preserving public auditing for shared data in the cloudOruta privacy preserving public auditing for shared data in the cloud
Oruta privacy preserving public auditing for shared data in the cloudNexgen Technology
 
Putting Kit back in SDK
Putting Kit back in SDKPutting Kit back in SDK
Putting Kit back in SDKdarrelmiller71
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...IJERA Editor
 
Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Papitha Velumani
 
Web Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and SimplicityWeb Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and Simplicityhannonhill
 

Was ist angesagt? (20)

Svcc services presentation (Silicon Valley code camp 2011)
Svcc services presentation (Silicon Valley code camp 2011)Svcc services presentation (Silicon Valley code camp 2011)
Svcc services presentation (Silicon Valley code camp 2011)
 
Privacy and Auditing in Clouds
Privacy and Auditing in CloudsPrivacy and Auditing in Clouds
Privacy and Auditing in Clouds
 
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-Encryption
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-EncryptionIRJET- Data Centric Access Control Solution with Role baesd Proxy Re-Encryption
IRJET- Data Centric Access Control Solution with Role baesd Proxy Re-Encryption
 
PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.PRShare: a framework for privacy-preserving, interorganizational data sharing.
PRShare: a framework for privacy-preserving, interorganizational data sharing.
 
Scalable Data Management: Automation and the Modern Research Data Portal
Scalable Data Management: Automation and the Modern Research Data PortalScalable Data Management: Automation and the Modern Research Data Portal
Scalable Data Management: Automation and the Modern Research Data Portal
 
Policy based access control
Policy based access controlPolicy based access control
Policy based access control
 
An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...An Ontology-based Decision Support Framework for Personalized Quality of Life...
An Ontology-based Decision Support Framework for Personalized Quality of Life...
 
Signed metadata : method and application
Signed metadata : method and applicationSigned metadata : method and application
Signed metadata : method and application
 
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)
Facilitating Collaboration with Globus (GlobusWorld Tour - STFC)
 
A03302001006
A03302001006A03302001006
A03302001006
 
MongoDB World 2018: Evolving your Data Access with MongoDB Stitch
MongoDB World 2018: Evolving your Data Access with MongoDB StitchMongoDB World 2018: Evolving your Data Access with MongoDB Stitch
MongoDB World 2018: Evolving your Data Access with MongoDB Stitch
 
Some Studies on Protection for the Hidden Attribute Based Signatures without ...
Some Studies on Protection for the Hidden Attribute Based Signatures without ...Some Studies on Protection for the Hidden Attribute Based Signatures without ...
Some Studies on Protection for the Hidden Attribute Based Signatures without ...
 
Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946Ijarcet vol-2-issue-3-942-946
Ijarcet vol-2-issue-3-942-946
 
Ensuring distributed accountability
Ensuring distributed accountabilityEnsuring distributed accountability
Ensuring distributed accountability
 
Fedora
FedoraFedora
Fedora
 
Oruta privacy preserving public auditing for shared data in the cloud
Oruta privacy preserving public auditing for shared data in the cloudOruta privacy preserving public auditing for shared data in the cloud
Oruta privacy preserving public auditing for shared data in the cloud
 
Putting Kit back in SDK
Putting Kit back in SDKPutting Kit back in SDK
Putting Kit back in SDK
 
The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...The Recent Trend: Vigorous unidentified validation access control system with...
The Recent Trend: Vigorous unidentified validation access control system with...
 
Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...Shared authority based privacy preserving authentication protocol in cloud co...
Shared authority based privacy preserving authentication protocol in cloud co...
 
Web Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and SimplicityWeb Services: Encapsulation, Reusability, and Simplicity
Web Services: Encapsulation, Reusability, and Simplicity
 

Andere mochten auch

Transparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadTransparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadSabrina Kirrane
 
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Sabrina Kirrane
 
Privacy & innovation digital enterprise
Privacy & innovation digital enterprisePrivacy & innovation digital enterprise
Privacy & innovation digital enterpriseSabrina Kirrane
 
Self-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDFSelf-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDFSabrina Kirrane
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection RegulationSabrina Kirrane
 
Data License Clearance Center
Data License Clearance Center Data License Clearance Center
Data License Clearance Center Sabrina Kirrane
 

Andere mochten auch (6)

Transparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road AheadTransparent Personal Data Processing: The Road Ahead
Transparent Personal Data Processing: The Road Ahead
 
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
Society, Privacy and the Semantic Web - Policy and Technology PrivOn 2017
 
Privacy & innovation digital enterprise
Privacy & innovation digital enterprisePrivacy & innovation digital enterprise
Privacy & innovation digital enterprise
 
Self-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDFSelf-Enforcing Access Control for Encrypted RDF
Self-Enforcing Access Control for Encrypted RDF
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection Regulation
 
Data License Clearance Center
Data License Clearance Center Data License Clearance Center
Data License Clearance Center
 

Ähnlich wie Access Control for Linked Data: Past, Present and Future

The Nature of Information
The Nature of InformationThe Nature of Information
The Nature of InformationAdrian Paschke
 
A Framework for Self-descriptive RESTful Services
A Framework for Self-descriptive RESTful ServicesA Framework for Self-descriptive RESTful Services
A Framework for Self-descriptive RESTful Servicesruyalarcon
 
A Platform for Object-Action Semantic Web Interaction
A Platform for Object-Action Semantic Web InteractionA Platform for Object-Action Semantic Web Interaction
A Platform for Object-Action Semantic Web InteractionRoberto García
 
t2_4-architecting-data-for-integration-and-longevity
t2_4-architecting-data-for-integration-and-longevityt2_4-architecting-data-for-integration-and-longevity
t2_4-architecting-data-for-integration-and-longevityJonathan Hamilton Solórzano
 
Lecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptxLecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptxsalutiontechnology
 
A Look into the Apache OODT Ecosystem
A Look into the Apache OODT EcosystemA Look into the Apache OODT Ecosystem
A Look into the Apache OODT EcosystemChris Mattmann
 
Semantics in Financial Services -David Newman
Semantics in Financial Services -David NewmanSemantics in Financial Services -David Newman
Semantics in Financial Services -David NewmanPeter Berger
 
Modified query roles based access
Modified query roles based access Modified query roles based access
Modified query roles based accessAlexander Decker
 
ACM NOTERE 2008 - Kalman Graffi - From Cells to Organisms - Long-Term Guarant...
ACM NOTERE 2008 - Kalman Graffi - From Cells to Organisms - Long-Term Guarant...ACM NOTERE 2008 - Kalman Graffi - From Cells to Organisms - Long-Term Guarant...
ACM NOTERE 2008 - Kalman Graffi - From Cells to Organisms - Long-Term Guarant...Kalman Graffi
 
Semantic Web: Technolgies and Applications for Real-World
Semantic Web: Technolgies and Applications for Real-WorldSemantic Web: Technolgies and Applications for Real-World
Semantic Web: Technolgies and Applications for Real-WorldAmit Sheth
 
The Nex Generation of SOA
The Nex Generation of SOAThe Nex Generation of SOA
The Nex Generation of SOAMichael Ruiz
 
GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012Bizagi Inc
 
How to Find a Needle in the Haystack
How to Find a Needle in the HaystackHow to Find a Needle in the Haystack
How to Find a Needle in the HaystackAdrian Stevenson
 
ING- CoreIntel- Collect and Process Network Logs Across Data Centers in Real ...
ING- CoreIntel- Collect and Process Network Logs Across Data Centers in Real ...ING- CoreIntel- Collect and Process Network Logs Across Data Centers in Real ...
ING- CoreIntel- Collect and Process Network Logs Across Data Centers in Real ...DataWorks Summit/Hadoop Summit
 
Unleashing the power of apache atlas with apache - virtual dataconnector
Unleashing the power of apache atlas with apache - virtual dataconnectorUnleashing the power of apache atlas with apache - virtual dataconnector
Unleashing the power of apache atlas with apache - virtual dataconnectorNigel Jones
 
070416 Egu Vienna Husar
070416 Egu Vienna Husar070416 Egu Vienna Husar
070416 Egu Vienna HusarRudolf Husar
 
Sem tech2013 tutorial
Sem tech2013 tutorialSem tech2013 tutorial
Sem tech2013 tutorialThengo Kim
 

Ähnlich wie Access Control for Linked Data: Past, Present and Future (20)

The Nature of Information
The Nature of InformationThe Nature of Information
The Nature of Information
 
A Framework for Self-descriptive RESTful Services
A Framework for Self-descriptive RESTful ServicesA Framework for Self-descriptive RESTful Services
A Framework for Self-descriptive RESTful Services
 
Lecture 1.pptx
Lecture 1.pptxLecture 1.pptx
Lecture 1.pptx
 
Resource Description: : The cornerstone of federation
Resource Description: : The cornerstone of federationResource Description: : The cornerstone of federation
Resource Description: : The cornerstone of federation
 
A Platform for Object-Action Semantic Web Interaction
A Platform for Object-Action Semantic Web InteractionA Platform for Object-Action Semantic Web Interaction
A Platform for Object-Action Semantic Web Interaction
 
t2_4-architecting-data-for-integration-and-longevity
t2_4-architecting-data-for-integration-and-longevityt2_4-architecting-data-for-integration-and-longevity
t2_4-architecting-data-for-integration-and-longevity
 
Lecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptxLecture 1 database system notes full.pptx
Lecture 1 database system notes full.pptx
 
A Look into the Apache OODT Ecosystem
A Look into the Apache OODT EcosystemA Look into the Apache OODT Ecosystem
A Look into the Apache OODT Ecosystem
 
Semantics in Financial Services -David Newman
Semantics in Financial Services -David NewmanSemantics in Financial Services -David Newman
Semantics in Financial Services -David Newman
 
LeVan, "Search Web Services"
LeVan, "Search Web Services"LeVan, "Search Web Services"
LeVan, "Search Web Services"
 
Modified query roles based access
Modified query roles based access Modified query roles based access
Modified query roles based access
 
ACM NOTERE 2008 - Kalman Graffi - From Cells to Organisms - Long-Term Guarant...
ACM NOTERE 2008 - Kalman Graffi - From Cells to Organisms - Long-Term Guarant...ACM NOTERE 2008 - Kalman Graffi - From Cells to Organisms - Long-Term Guarant...
ACM NOTERE 2008 - Kalman Graffi - From Cells to Organisms - Long-Term Guarant...
 
Semantic Web: Technolgies and Applications for Real-World
Semantic Web: Technolgies and Applications for Real-WorldSemantic Web: Technolgies and Applications for Real-World
Semantic Web: Technolgies and Applications for Real-World
 
The Nex Generation of SOA
The Nex Generation of SOAThe Nex Generation of SOA
The Nex Generation of SOA
 
GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012GRA, NIEM and XACML Security Profiles July 2012
GRA, NIEM and XACML Security Profiles July 2012
 
How to Find a Needle in the Haystack
How to Find a Needle in the HaystackHow to Find a Needle in the Haystack
How to Find a Needle in the Haystack
 
ING- CoreIntel- Collect and Process Network Logs Across Data Centers in Real ...
ING- CoreIntel- Collect and Process Network Logs Across Data Centers in Real ...ING- CoreIntel- Collect and Process Network Logs Across Data Centers in Real ...
ING- CoreIntel- Collect and Process Network Logs Across Data Centers in Real ...
 
Unleashing the power of apache atlas with apache - virtual dataconnector
Unleashing the power of apache atlas with apache - virtual dataconnectorUnleashing the power of apache atlas with apache - virtual dataconnector
Unleashing the power of apache atlas with apache - virtual dataconnector
 
070416 Egu Vienna Husar
070416 Egu Vienna Husar070416 Egu Vienna Husar
070416 Egu Vienna Husar
 
Sem tech2013 tutorial
Sem tech2013 tutorialSem tech2013 tutorial
Sem tech2013 tutorial
 

Mehr von Sabrina Kirrane

Different perspectives on data science
Different perspectives on data scienceDifferent perspectives on data science
Different perspectives on data scienceSabrina Kirrane
 
Intelligent agents the vision revisited
Intelligent agents the vision revisitedIntelligent agents the vision revisited
Intelligent agents the vision revisitedSabrina Kirrane
 
SPECIAL ESWC project networking
SPECIAL ESWC project networkingSPECIAL ESWC project networking
SPECIAL ESWC project networkingSabrina Kirrane
 
DALICC ESWC Project Networking 2018
DALICC ESWC Project Networking 2018DALICC ESWC Project Networking 2018
DALICC ESWC Project Networking 2018Sabrina Kirrane
 
Digital Rights Management
Digital Rights ManagementDigital Rights Management
Digital Rights ManagementSabrina Kirrane
 
W3C Data Privacy Vocabularies and Controls Community Group
W3C Data Privacy Vocabularies and Controls Community GroupW3C Data Privacy Vocabularies and Controls Community Group
W3C Data Privacy Vocabularies and Controls Community GroupSabrina Kirrane
 
Propelling the Potential of Linked Data in Enterprises
Propelling the Potential of Linked Data in EnterprisesPropelling the Potential of Linked Data in Enterprises
Propelling the Potential of Linked Data in EnterprisesSabrina Kirrane
 
Cryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologyCryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologySabrina Kirrane
 

Mehr von Sabrina Kirrane (8)

Different perspectives on data science
Different perspectives on data scienceDifferent perspectives on data science
Different perspectives on data science
 
Intelligent agents the vision revisited
Intelligent agents the vision revisitedIntelligent agents the vision revisited
Intelligent agents the vision revisited
 
SPECIAL ESWC project networking
SPECIAL ESWC project networkingSPECIAL ESWC project networking
SPECIAL ESWC project networking
 
DALICC ESWC Project Networking 2018
DALICC ESWC Project Networking 2018DALICC ESWC Project Networking 2018
DALICC ESWC Project Networking 2018
 
Digital Rights Management
Digital Rights ManagementDigital Rights Management
Digital Rights Management
 
W3C Data Privacy Vocabularies and Controls Community Group
W3C Data Privacy Vocabularies and Controls Community GroupW3C Data Privacy Vocabularies and Controls Community Group
W3C Data Privacy Vocabularies and Controls Community Group
 
Propelling the Potential of Linked Data in Enterprises
Propelling the Potential of Linked Data in EnterprisesPropelling the Potential of Linked Data in Enterprises
Propelling the Potential of Linked Data in Enterprises
 
Cryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technologyCryptocurrencies and Blockchain technology
Cryptocurrencies and Blockchain technology
 

Kürzlich hochgeladen

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?Antenna Manufacturer Coco
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 

Kürzlich hochgeladen (20)

Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 

Access Control for Linked Data: Past, Present and Future

  • 1. Access Control for Linked Data: Past, Present and Future Sabrina Kirrane Insight Centre for Data Analytics, NUIG Department of Maths and Computing, GMIT
  • 3. <title> Hello World </title> She’ll know what to do with <title> Ah yes, I display this at the top. From document markup (HTML) …
  • 4. To data markup (XML)… <time=“10:36”/> She’ll know what <time> means This is what my user asked for. Thanks!
  • 5. To arbitrary information exchange ??? <sabrina lecturesAt GMIT/> This is the data I have. What’s a sabrina?
  • 7. Publishing and Consuming Linked Data RDB2RDF RDB2RDF RDB2RDF Interface
  • 8. 1.1 Why do we need Access Control?
  • 9. Access Control and RDF – The Past
  • 10. Access Control and RDF – The Past Models
  • 11. Mandatory Access Control Models TOP SECRET SECRET CONFIDENTIAL PUBLIC Access Labels Subjects Resources Yagüe et al, Applying the semantic web to access control, 2003 Kodali et al, An authorization model for multimedia digital libraries, 2004
  • 12. Discretionary Access Control DELETE UPDATE CREATE READ Delegate Permissions Subjects Resources Gabillon and Letouzey, A view based access control model for sparql, 2010 Models
  • 13. Role Based Access Control DELETE UPDATE CREATE READ Sales Marketing Roles Permissions Employee Subjects Resources Finin et al, Rowlbac: Representing role based access control in owl, 2008 Models
  • 14. Attribute Based Access Control Age > 21 Affiliation = Insight DELETE UPDATE CREATE READ Attributes Permissions Subjects Resources Priebe et al, A pattern system for access control, 2004 Models
  • 15. Context Based Access Control Device = mobile Near = Insight Attributes DELETE UPDATE CREATE READ Permissions Subjects Resources Luca Costabello et al, Linked data access goes mobile: Context-aware authorization for graph stores, 2012 Models
  • 16. Access Control and RDF – The Past Models
  • 17. eXtensible Access Control Markup Language Policy Administration Point (PAP)) Policy Enforcement Point (PEP) Policy Decision Point (PDP) Policy Information Point (PIP) Ferrini and Bertino, Supporting rbac with xacml+owl, 2009 https://www.oasis- open.org/committees/tc_home.php?wg_ abbrev=xacml
  • 18. Web Access Control Serena Villata et al, An access control model for linked data, 2011 Sacco and Passant, A privacy preference ontology (ppo) for linked data, 2011 1. Give read access to the WebID profile document /2013/card to everyone. 2. Gives read access to the /2013/protected resource, to the members of a group that went to a particular conference. http://www.w3.org/wiki/WebAccessControl http://www.w3.org/2005/Incubator/webid/spec/ WebID Profile
  • 19. Platform for Privacy Preferences Garcia and Toledo, A web service privacy framework based on a policy approach enhanced with ontologies, 2008 http://www.w3.org/TR/P3P/
  • 20. Access Control and RDF – The Past Models
  • 21. Ontology Based Enforcement - KAoS actors (human and agents) actions e.g. accessing, communication and monitoring authorisations and obligations positive and negative entities associated with actions Bradshaw et al, KAoS: Toward an Industrial-strength Open Agent Architecture, 1997
  • 22. Policy Administration Tool Guards Enforcers Domain Managers Ontology Based Enforcement - KAoS Policy Admin Tool User friendly interface for those that are not familiar with DAML and OWL Domain Managers Manage membership and distribute policies to Guards Guards Enforce platform independent policies Enforcers Enforce platform dependent policies (Interface for developers) Bradshaw et al, KAoS: Toward an Industrial-strength Open Agent Architecture, 1997
  • 23. Policy Administration Tool Guards Enforcers Domain Managers Ontology Based Enforcement - KAoS Policies can easily be merged / adopted by others Deductive Reasoning infer new policies based on relationship between access control entities Abductive reasoning determine the access rights required to meet a given policy Bradshaw et al, KAoS: Toward an Industrial-strength Open Agent Architecture, 1997
  • 24. Rule Based Enforcement - Rei users and agents speech acts delegation, revocation, request, cancel, promise and command deontic logic permissions, prohibitions, obligations and dispensations services and resources Kagal and Finin, A policy language for a pervasive computing environment, 2003
  • 25. Rule Based Enforcement - Rei Client Mode Server Mode The server: 1. retrieves the relevant policies 2. requests the credentials necessary to access the resource from the client 3. verifies the client credentials against the policies 1. The server returns a link to a policy which the client must satisfy 2. The client generates a proof that the requester can satisfy the policy 3. The client forwards the proof to the server. Kagal and Finin, A policy language for a pervasive computing environment, 2003
  • 26. Rule Based Enforcement - Protune users and agents Decision predicates outcome of the policy Provisional predicates conditions- credentials and declarations Abbreviation predicates Abstractions used for simplification services and resources Bonatti et al, Protune: A rule-based provisional trust negotiation framework
  • 27. Rule Based Enforcement - Protune inference engine execution handler negotiation handler Framework Bonatti et al, Protune: A rule-based provisional trust negotiation framework Negotiation handler sending conditions and processing responses Execution handler interact with external systems and data sources Inference Engine enforcing policies (deduction) and retrieving evidences (abduction)
  • 28. Rule Based Enforcement - Protune • How-to queries (provide a description of the policy) • What-if queries (give foresight into potential policy outcomes) • Why queries (give explanations for positive negotiations outcomes) • Why-not queries (give explanations for negative outcomes) Explanations inference engine execution handler negotiation handler Framework Bonatti et al, Protune: A rule-based provisional trust negotiation framework
  • 29. Combining Description Logic And Rules Like KAoS ontologies to model both domain information and policies - conflict resolution and harmonisation at design time Like Rei rules used to support dynamic constraints and run time variables - access control based on dynamic context pertaining o the requester or the environment Like Protune policy disclosure and policy negotiation Toninelli et al, Rule-based and ontology-based policies Kolovski et al, Analyzing web access control policies Use defeasible description logic Strict Rules that cannot be overwritten Defeasible rules that may be overwritten by a higher priority rule to understand the effect and the consequence of sets of XACML access control policies Toninelli et al, Rule-based and ontology-based policies: Toward a hybrid approach, 2005 Kolovski et al, Analyzing web access control policies, 2007
  • 30. Access Control and RDF – The Past Models
  • 31. Specification – Patterns, Views & Ontologies entx:EmployeeData { entx:JB rdf:type foaf:Person . entx:JB foaf:givenName "Joe". … } ?X rdf:type foaf:Person ?G Construct & Describe Queries Reddivari et al, Policy- based access control for an rdf store., 2005 Gabillon and Letouzey, A view based access control model for sparql, 2010 Sacco and Passant, A privacy preference ontology (ppo) for linked data, 2011
  • 32. Reasoning – Based on ontology concepts entx:EmployeeData { entx:JB rdf:type entx:Employee . entx:JB foaf:givenName "Joe". entx:JB foaf:lastName "Bloggs". entx:JB entx:salary “40000". entx:MR rdf:type entx:Employee . entx:MR foaf:givenName “May“ . entx:MR foaf:lastName “Ryan". entx:MR entx:salary “80000". entx:Employee rdfs:subClassOf foaf:Person. } ?X rdf:type foaf:Person . Class -> SubClass Property -> SubProperty Class->Instances Qin et al, Concept-level access control for the semantic web, 2003 Javanmardi et al, Sbac: A semantic based access control model, 2006
  • 33. Partial Query Results Query Rewriting Data Filtering Dietzold and Auer, Access control on rdf triple stores from a semantic wiki perspective, 2006. Abel et al, Enabling advanced and context dependent access control in rdf stores, 2007
  • 34. Access Control and Linked Data – The Present
  • 35. August 2014 Access Control and Linked Data Models
  • 36. Access Control and Linked Data Data Context Policy Luca Costabello et al, Access control for http operations on linked data, 2013
  • 37. Access Control and Linked Data Data FOAF Profile Policy Sacco and Passant, A privacy preference manager for the social semantic web, 2011
  • 38. RDB2RDF RDB2RDF Kirrane et al, Linked Data with Access Control, 2015 Linked Data Authorisation Architecture
  • 39. Linked Data Authorisation Architecture RDB2RDF RDB2RDF Kirrane et al, Linked Data with Access Control, 2015.
  • 40. Access Control and Linked Data – The Future
  • 41. Yagüe et al. Access control and the layers of the Semantic Web Damiani et al. Weitzner et al. Paradigms where privacy is a key requirement De Coi et al. Bonatti and Olmedilla Interplay between trust, access control and policy languages Ryutov et et Access should be based on the Graph structure Access Control for Linked Data – The Future
  • 42. Access Control for Linked Data – The Future Specification Granularity Underlying Formalism Reasoning Condition Expressiveness Attributes, Context & Evidences Heterogeneity & Interoperability Implementation Delegation Consistency & Safety Usability Understandability Administration Effectiveness Distributed Flexibility & Extensibility Enforcement Negotiation Explanations Conflict Resolution

Hinweis der Redaktion

  1. Seevl music discovery and personalisation BBC integration of large amounts of content online, as text, audio and video. Search engines. Talis Aspire resource management solutions and services for universities, learners and educators.  Marbles browser Sindice Search Engine , Sigma browser Swoogle search engine
  2. The user places their WebID profile document URI in the Subject Alternative Names field of their certificate. Once the certificate has been generated the user adds the public key details to their WebID profile document.