Invited Talk at Microsoft eScience Workshop 2011, Stockholm, December 2011
cf. also
http://www.uni-koblenz.de/~cringel/pub/Ringelstein_PhDThesis_2011.pdf
Measures of Central Tendency: Mean, Median and Mode
What may I do with your data? What do I have to do with your data? Policies and Provenance for Data Management
1. Web Science & Technologies
University of Koblenz ▪ Landau, Germany
Provenance in the Semantic Web
http://wegov-project.eu/index.php
Christoph Ringelstein & Steffen Staab
WeST Steffen Staab 1
staab@uni-koblenz.de
2. Web Science & Technologies
University of Koblenz ▪ Landau, Germany
Provenance in the Semantic Web
Querying, Inferencing Policies, Obligations
http://wegov-project.eu/index.php
Christoph Ringelstein & Steffen Staab
WeST Steffen Staab 2
staab@uni-koblenz.de
3. Web Science & Technologies
University of Koblenz ▪ Landau, Germany
What may I do with your data?
What do I have to do with your data?
Policies and Provenance for Data Mgmt
http://wegov-project.eu/index.php
Christoph Ringelstein & Steffen Staab
WeST Steffen Staab 3
staab@uni-koblenz.de
4. Do you remember?
That CIA published a list of his agents on the internet….
That Italian tax office published all tax data about citizens
on its Web page…
Even in a friendly environment
allowing/disallowing data handling is a big issue
WeST Steffen Staab 4
staab@uni-koblenz.de
5. Our Assumptions
Semantic Web:
flexible graph data
• with ontologies as delicious icing - if you want icing
a great infrastructure to share data all over the place
distributed publishing, querying, replication,…
For instance: Facebook allows me to determine what
pictures to share with who, BUT it is very inflexible!
Access rights management is not sufficient,
we need decisions on complex `business rules‘
WeST Steffen Staab 5
staab@uni-koblenz.de
6. Middle Rhine Hospital
discharge transfer transfer
Bob Alice Jane Doe
(physician) (nurse)
WeST Steffen Staab 6
staab@uni-koblenz.de
7. Middle Rhine Hospital
1. I want to describe
Jane Doe
what may be done
with my record
2. I want to define what
must be done with my
record (obligation)
WeST Steffen Staab 7
staab@uni-koblenz.de
8. WHAT MAY BE DONE?
POLICIES FOR PERMIT & DENY
WITH PAPEL
WeST Steffen Staab 8
staab@uni-koblenz.de
9. discharge transfer
?
transfer
Bob Alice Jane Doe
(physician) (nurse)
WeST Steffen Staab 9
staab@uni-koblenz.de
10. (P1): Staff members are permitted to transfer the record to Jane Doe
after her discharge.
discharge transfer
? transfer
Bob Alice Jane Doe
(physician) (nurse)
WeST Steffen Staab 10
staab@uni-koblenz.de
11. (P1): Staff members are permitted to transfer the record to Jane Doe
after her discharge.
Provenance-aware Policies
Provenance Information
Semantics
discharge transfer
? transfer
Bob Alice Jane Doe
(physician) (nurse)
WeST Steffen Staab 11
staab@uni-koblenz.de
12. Provenance
...
step (record_jd, bob, null, discharge, 5, {4})
step (record_jd, bob, alice, transfer, 6, {5,13})
...
discharge transfer
Bob Alice
(physician) (nurse)
WeST Steffen Staab 12
staab@uni-koblenz.de
14. Policies
?
transfer
Alice Jane Doe
(nurse)
WeST Steffen Staab 14
staab@uni-koblenz.de
15. Policies
Contextual
Information
Actor, Time, ..
XACML Provenance
EPAL Information
XrML
History, ..
transfer
Properties
of the Data
Owner, Type, ..
WeST Steffen Staab 15
staab@uni-koblenz.de
16. Policy Rules – Permit and Deny
(P1): Staff members are permitted to transfer the record to Jane Doe after her
discharge.
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER
step (record_jd, _, _, discharge, _, _) AND
instance_of (S, staff_member).
PAPEL Syntax for Policies:
permit (ID) IF Condition .
deny (ID) IF Condition .
WeST Steffen Staab 16
staab@uni-koblenz.de
17. AFTER Operator
(P1): Staff members are permitted to transfer the record to Jane Doe after her
discharge.
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER
step (record_jd, _, _, discharge, _, _) AND
instance_of (S, staff_member).
?
discharge transfer transfer
Bob Alice Jane Doe
(physician) (nurse)
WeST Steffen Staab 17
staab@uni-koblenz.de
18. Evaluation of Conditions
(P1): Staff members are permitted to transfer the record to Jane Doe after her
discharge.
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER
step (record_jd, _, _, discharge, _, _) AND
instance_of (S, staff_member).
...
step (record_jd, bob, null, discharge, 5, {4})
step (record_jd, bob, alice, transfer, 6, {5,13})
...
WeST Steffen Staab 18
staab@uni-koblenz.de
19. Policies
step (record_jd, alice, jane, transfer, 7, {6})
Alice
(nurse)
transfer
Jane Doe
?
WeST Steffen Staab 20
staab@uni-koblenz.de
20. Policies
...
Facts: step (record_jd, bob, null, discharge, 5, {4})
step (record_jd, bob, alice, transfer, 6, {5,13})
History +
Next Step
+
step (record_jd, alice, jane, transfer, 7, {6})
Rules: +
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER
Policy Rule step (record_jd, _, _, discharge, _, _) AND
instance_of (S, staff_member).
Query & Results: isAllowed(7).
Allowed: permitted and not denied
Invalid: not allowed
WeST Steffen Staab 21
staab@uni-koblenz.de
21. Policies
transfer
Alice Jane Doe
(nurse)
WeST Steffen Staab 22
staab@uni-koblenz.de
22. WHAT MUST BE DONE?
OBLIGATIONS WITH CARE
WeST Steffen Staab 23
staab@uni-koblenz.de
23. Policies – Obligation
(P1): Staff members are permitted to transfer the record to Jane Doe
after her discharge.
(P2): Staff members and the archive are permitted to transfer the
record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.
(O2): A nurse has to transfer the record to the archive if she received it
after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
discharge transfer transfer
Jane Doe
Bob Alice
(physician) (nurse)
WeST Steffen Staab 24
staab@uni-koblenz.de
24. Policies – Obligation
(P1): Staff members are permitted to transfer the record to Jane Doe
after her discharge.
(P2): Staff members and the archive are permitted to transfer the
record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.
(O2): A nurse has to transfer the record to the archive if she received it
after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Obligation 1
discharge transfer transfer
Jane Doe
Bob Alice
(physician) (nurse)
archive
WeST Steffen Staab 25
staab@uni-koblenz.de
25. (P1): Staff members are permitted to transfer the record to Jane Doe
after her discharge.
(P2): Staff members and the archive are permitted to transfer the
record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.
(O2): A nurse has to transfer the record to the archive if she received it
after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Obligation 1 Obligation 2
transfer transfer transfer
Alice (nurse) archive Jane Doe
WeST Steffen Staab 26
staab@uni-koblenz.de
26. (P1): Staff members are permitted to transfer the record to Jane Doe
after her discharge.
(P2): Staff members and the archive are permitted to transfer the
record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.
(O2): A nurse has to transfer the record to the archive if she received it
after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Obligation 1 Obligation 2
transfer transfer transfer
Alice (nurse) archive Jane Doe
WeST Steffen Staab 27
staab@uni-koblenz.de
27. (P1): Staff members are permitted to transfer the record to Jane Doe
after her discharge.
(P2): Staff members and the archive are permitted to transfer the
record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.
(O2): A nurse has to transfer the record to the archive if she received it
after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Obligation 1 Obligation 2
transfer transfer transfer
Alice (nurse) archive Bob (physician) Jane Doe
WeST Steffen Staab 28
staab@uni-koblenz.de
32. Which next steps
have a destiny?
?
discharge transfer transfer
Alice (nurse) archive
Jane Doe
WeST Steffen Staab 33
staab@uni-koblenz.de
33. Policies
...
Input: step (record_jd, bob, null, discharge, 5, {4})
step (record_jd, bob, alice, transfer, 6, {5,13})
History +
Next Step + +
Policy Rules step (record_jd, alice, jane, transfer, 7, {6})
+
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER
step (record_jd, _, _, discharge, _, _) AND
instance_of (S, staff_member).
Translation:
Axioms specifying possible steps.
Axioms +
Translation
+
Translation to colored Petri nets.
Decision:
Reachability of a future state where all obligations are met.
WeST Steffen Staab 34
staab@uni-koblenz.de
34. Which next steps
have a destiny?
discharge transfer transfer
Alice (nurse) archive
Jane Doe
WeST Steffen Staab 35
staab@uni-koblenz.de
35. Conclusion
Policies with Obligations:
`Business rules‘ may decide about what may/may not and
must be done to your data
Provenance Graph is core to store what has and will be
done to data
Formal underpinning of our approach makes it
semantically sound and complete
WeST Steffen Staab 36
staab@uni-koblenz.de
36. Web Science & Technologies
University of Koblenz ▪ Landau, Germany
Thank You!
http://wegov-project.eu/index.php
Key Publications
Ringelstein, Christoph; Staab, Steffen (2010):
PAPEL: A Language and Model for Provenance-Aware Policy Definition and Execution.
In: BPM 2010 - International Conference on Business Process Management.
Ringelstein, Christoph (2011): Data Provenance and Destiny in Distributed Environments.
PhD-Thesis. Univ Koblenz, 2011.
They also link to a few more….
WeST Steffen Staab 37
staab@uni-koblenz.de