Date post: | 27-Jun-2015 |
Category: |
Technology |
Upload: | amit-jain |
View: | 412 times |
Download: | 2 times |
Security on the Web: A Semantic-Aware Authorization Framework
for Secure Data Sharing
PhD Dissertation Defense July 7, 2008
Amit Jain
Research Advisor: Dr. Csilla Farkas
Center for Information Assurance Engineering Department of Computer Science & Engineering
University of South Carolina
2
Presentation Agenda ¯ Introduction:
ª Web From Past to Present ª Future Trends
¯ Background ª Research Challenges
² Security Reliance on XML Syntax ² XML to RDF ontology mappings ² RDF Ontology Security
¯ Proposed Solution ª Contribution: Semantic Aware Secure Data Sharing Framework ª RDF Authorization Model ª Semantic Mappings between XML and domain Ontologies ª Authorization Policies derivation for XML data
¯ Prototype ¯ Conclusion & Future Work ¯ References
3
Introduction ¯ Introduction:
ª Web From Past to Present ª Future Trends
¯ Background ª Research Challenges
² Security Reliance on XML Syntax ² XML to RDF ontology mappings ² RDF Ontology Security
¯ Proposed Solution ª Contribution: Semantic Aware Secure Data Sharing Framework ª RDF Authorization Model ª Semantic Mappings between XML and domain Ontologies ª Authorization Policies derivation for XML data
¯ Prototype ¯ Conclusion & Future Work ¯ References
4
State of Security
¯ Security is usually an afterthought in application development ª Recent data breaches and ID theft ª Unauthorized access to secure information
¯ Development of an authorization model requires ª Knowledge of the data model ª Existing access control models ª The inadequacies of the existing works ª Software Application development trend
understanding
5
Security Terms: ¯ Authentication
ª "where does this (part of a) message come from?" ¯ Authorization (access control)
ª "may this message be disclosed to the requesting party?"
¯ Confidentiality ª "who can read this (part of a) message?"
¯ Integrity ª "has this (part of a) message been tampered with?"
¯ Audit ª "what happened?"
¯ Administration ª "how do I manage this?"
6
Software Application Evolution
¯ Past Web ª Static HTML Web Pages – rendering focus ª Data consumed by Humans
¯ Move towards Web Applications ª Web Apps are the trend [1] ª Wide audience and reach ª Thin clients, only browser required
¯ Successful trend making applications ª Google search engine ª Mash Ups ª Social Networking Applications (MySpace, Facebook) ª Multimedia sharing Applications (YouTube, Slideshare)
7
Web Applications
¯ Some Web Architectures ª Web Services ª Web 2.0 ª Semantic Web
8
Future Web Applications Characteristics
¯ From Static to Data Centric & Automated ¯ Data & Information Sharing
ª Enterprise applications sharing data on the web ª Data exchanged by service oriented applications ª Reconciliation/ Interoperation of distributed data
¯ Web with a meaning ª Data & Information annotated with Semantics ª Machine-understandable information ª Intelligent Software & Agents ª Automated usage
9
Open Data Standards ¯ Some data sharing initiatives underway
ª Data portability - taking person’s data and friends from one site to another. (DataPortability.org)
ª OpenID- portable identity; single sign-on ª OpenSocial - Google initiative for social
networks, enabling developers to create widgets with one set of code; MySpace, Facebook
ª APML - growing ‘Attention’ standard; Person’s Attention Data is all the information online about what one reads, writes, shares and consumes
10
Web Services Architecture ¯ Loosely coupled ¯ Application performs a function and exposed to network
ª Flight Departure Service ª Geo-Location Service ª Flight Departure Monitoring Service ª Data Transformation-Interchange Service
¯ Web Services advertise & communicate using standard protocols ª WSDL (Web Service Description Language) ª SOAP (Simple Object Access Protocol)
¯ Applications assembled from services dynamically ¯ Uses XML for data format ¯ Exchange data and results ¯ Platform Independent & Language Neutral
11
Web Services
Registry
Backend Database
Web Service 1 Web Service 2
12
A Web Service Request – XML Format
<?xml version=”1.0”?> <SOAP-ENV:Envelope xmlns:SOAP-ENV=”http://schemas.xmlsoap.org/
soap/envelope/”> <SOAP-ENV:Body> <s:GetWeatherForecasxmlns:s=“http://www.WeatherService.com/”> <!--Parameters passed with the method call Like ZIP CODE--> </s:GetWeatherForecast> </SOAP-ENV:Body> </SOAP-ENV:Envelope>
13
Semantic Web
¯ Machines talking to machines ¯ Making the Web more 'intelligent’ ¯ Bottom Up = annotate, metadata, RDF! ¯ Top Down = Simple
Image credit: dullhunk
Top-down: • Leverage existing web information • Apply specific, vertical semantic knowledge • Deliver the results as a consumer-centric web app
14
Semantic Apps What is a Semantic App? - Not necessarily W3C Semantic Web - An app that determines the meaning of text and other data, and then creates connections for users - Data portability and connectibility are keys (ref: Nova Spivack) Example: Calais Reuters, the international business and financial news giant, launched an API called Open Calais in Feb 08. The API does a semantic markup on unstructured HTML documents - recognizing people, places, companies, and events. Ref: Reuters Wants The World To Be Tagged; Alex Iskold, ReadWriteWeb, Feb 08
15
More Semantic Apps
Other Products to watch: ¯ Twine ¯ Freeset ¯ Powerset ¯ Talis ¯ TrueKnowledge ¯ AdaptiveBlue ¯ TripIt ¯ Spock ¯ Quintura ¯ Hakia Ref: 10 Semantic Apps to Watch; Richard MacManus, ReadWriteWeb, Nov 07
16
Semantic Web - Ontologies
¯ Ontologies ª Represent Semantics of data in a domain ª Enables Knowledge Management ª Consist of resources, their attributes and
relationships ª Languages:
² Resource Description Framework (RDF) ² Web Ontology Language (OWL)
17
Information Management & Security Issues
¯ Information Integration ª How to reconcile data from disparate sources?
¯ Mediation Layer ª How to provide a global view of local data
sources? ª Performance, Restructuring, Mapping Issues?
¯ Security Issues ª Securely share data among applications/agents? ª Accountability? ª Trust among interacting agents?
18
Research Problem: Data & Information Security
¯ Introduction: ª Web From Past to Present ª Future Trends
¯ Background ª Research Challenges
² Security Reliance on XML Syntax ² XML to RDF ontology mappings ² RDF Ontology Security
¯ Proposed Solution ª Contribution: Semantic Aware Secure Data Sharing Framework ª RDF Authorization Model ª Semantic Mappings between XML and domain Ontologies ª Authorization Policies derivation for XML data
¯ Prototype ¯ Conclusion & Future Work ¯ References
Framework
Propagation Policy & Conflict
Resolution
XML Authorization Component
Secure XML View
Generation
XML Access Control
RDF Security Cover
RDF Authorization Component
RDF Data
RDF security Policies
XML Data
Semantic Mappings:
XML -> RDF
XML – RDF Mappings
20
SOA/Corporate Data Restructuring
¯ XML data restructuring / remapping ª Requirement in several cases like BI, Dynamic Web
Service Composition ª AquaLogic based on Xquery ª May be done on the fly for data interchange with partners
unseen before ¯ Corporate Merging
ª Data from different heterogeneous schemas ª How to decide security permissions for them ?
¯ XML data creation from legacy systems ª Nodes with non-meaningful labels may be given
inconsistent security
21
Web Service Data Sharing Scenario
Insurance Company
Hospital
XML RDB
XML XML
Insurance Company DB
Health Provider
23
Data Sharing Scenario contd.
Data
-
<WS1, Patient/MedicalData/Prescription, TS> <WS2, Patient/Data/HealthRecords/Diagnosis, S >
Patient
Medical Data
Prescription BirthDate
Personal Data
SSN
Illness Health Records
Diagnosis
BirthDate
Information
SSN Drug
Patient
Policy 1 Policy 2
XML 1 XML 2
<WS1, Patient/MedicalData/Illness, TS > <WS2, Patient/Data/HealthRecords/Drug, S >
24
Existing XML Security Methods
¯ Web Data Security & Assurance ¯ Several Security Standards Available
ª XML Signature ª XML Encryption ª XML Access Control Models
² Bertino et al, Kudo et al, Damiani et al, etc. ¯ Web Services Security
ª WS-Security ª SAML ª WS-*
25
Research Problem 1:
¯ How can XML data be restructured in a way that the security policies are unaffected and no data leak occurs.
¯ Intuitive Solution: Use the meaning/semantics of the data while restructuring
¯ Is it possible to find a standardized way to express the intended semantics of XML to be used for inter-operation and security?
26
RDF : Information Overload Management solution
¯ Use RDF to represent semantics embedded in XML documents.
¯ RDF (Resource Description Framework): seen as the solution for Information Overload
¯ Provides Universal Sharing (using URI) ¯ Syntax independent ¯ Provides Semantics ¯ Can be used to say anything about anything ¯ Critical tool in Linking data (Not just the documents)
between the applications on the data web
27
Commercial RDF Applications ¯ NASA uses it extensively for document management ¯ Companies are moving towards a RDF backed data creation
and social networking apps ¯ Millions of data triples asserted to bootstrap the knowledge
sources (DbPedia, Twine, Freebase) ª Freebase stores millions of information entities in RDF
format [2] ª TWINE: RDF based social networking application [3]
¯ Several Government Agencies are using RDF ¯ Social Networking Graphs
ª Each person is a data generation warehouse
28
Securing RDF
¯ Commercial RDF applications underscore the security need
¯ Agencies sharing their meta information RDF models: Need to securely share partial data
¯ Providing users with a fine grained access control to their own data: Still missing from all the applications
29
RDF characteristics
¯ Properties provide link between the connected entities
¯ Subclasses, Sub properties need to be considered ¯ Type to Class relationships ¯ Same resource may have different security
requirements in different roles ¯ Entailments need to be considered
30
Database Integration
¯ Usually deals with the view of legacy databases integrated into a view
¯ Focuses on the tuples at the instance level ¯ RDF deals with the conceptual schema
ª Classes and their properties ª Instances
¯ RDF can be use as a conceptual layer on top of database integrated views
Business Entity
Commercial
Corporate
Start Up
ExternalFunded Facilities Fully Funded
Labs
Fusion Capabilities
Military Research Wing
Research Company
XYZ Uranium
Chemicals
Consumes
Consumes
contains
subc
lass
subc
lass
rdf:type rdf:type
S
SS
S
P
PP
P
SRDF Instance
RDF Schema
RDF Resource Associations
Toxic are
PP
Business Entity
Commercial
Corporate
Start Up
ExternalFunded Facilities Fully Funded
Labs
Fusion Capabilities
Military Research Wing
Research Company
XYZ Uranium
Chemicals
Consumes
Consumes
contains
subc
lass
subc
lass
rdf:type rdf:type
S
S
SS
S
S
S
S
P
P
P
P
P
P
P
P
P SRDF Instance
RDF Schema
RDF Entailments
33
Research Problem 2
¯ How can RDF data be assigned authorizations that considers its semantic and entailment requirements
¯ How can I express security requirements for RDF ontology data such that the model is ª Syntax independent ª Considers RDF semantics ª Incorporates entailment?
34
Existing Literature ¯ RDF security
ª Qin and Atluri [4]: A concept-level access control for web data, where access control is defined on ontological concepts and instances of these concepts inherit the access control of the concepts they belong to.
ª Finin et al. [5]: A policy based access control model for RDF data in an RDF store. Provides control over the different action modes supported by the RDF store like inserting a set of triples, deleting a triple, and querying a triple.
ª Dietzold and Auer [6]: An access control model for RDF Triple Wikis. Their model allows the specification of custom rules that can be used for securing access to the store.
ª Kaushik et al. [7]: A logic based policy language for securing full or partial ontologies.
35
Research Problem 3: Semantics Definition and Security Derivation
¯ Based on Previous Research Problems ª How to use RDF to provide authorization
permissions for XML
¯ Intuitive Solution: Derive mappings between the XML and RDF data and use the mappings to enforce security policies from RDF domain ontologies to secure XML data in a syntax independent way?
36
Existing Literature
¯ Semantic Data Integration ª Xiao & Cruz [8]:
² An ontology-based approach for integration of heterogeneous XML sources.
² Converts XML data sources into a RDF ontology. Local ontologies are merged to create a global ontology.
ª Several Engineering based works ² Gloze [9] ² WEESA [10] ² Try to induct semantics in XML based on discovery.
37
Characteristics & Shortcomings of Current Security Methods
¯ XML is the de facto standard ª No semantics embedded in XML ª XML Security Methods Syntax Oriented ª No Data or application semantics ª Syntax tampering allows unauthorized access
¯ No Association Protection ª Data appearing together might need to be classified
¯ No Entailment Consideration ª Data entailments may allow incorrect security labeling
¯ No Protection Mechanism for Syntax Independent Ontologies
38
Proposed Research: Semantic Aware Secure Data Sharing Framework
¯ Introduction: ª Web From Past to Present ª Future Trends
¯ Background ª Research Challenges
² Security Reliance on XML Syntax ² XML to RDF ontology mappings ² RDF Ontology Security
¯ Proposed Solution ª Contribution: Semantic Aware Secure Data Sharing Framework ª RDF Authorization Model ª Semantic Mappings between XML and domain Ontologies ª Authorization Policies derivation for XML data
¯ Prototype ¯ Conclusion & Future Work ¯ References
39
Research Goal: Semantic Aware
XML Access Control Model ¯ Develop a Comprehensive Security Framework
ª Works in open and distributed environment settings ª Use of data & application semantics for data sharing ª Flexible Security Policies (Fine Granularity) ª Provides Security on Metadata (Semantics) ª Semantically enhancement of XML web data ª Provides access control independent of the XML data
syntax ª Has Properties like completeness and consistency
40
RDF Security Policy
¯ Typical Security Policy Components: ª (Subject, Object, Privilege/Security label) ª <s,o,±pri/sl>
¯ RDF security object / pattern [x, y, z] ¯ Security classification ([x, y, z], TS) ¯ Security Objects Subsumption ¯ Association protection ¯ Fine grained – Individual elements/two elements ¯ Policies in RDF format
41
Pattern Mapping
¯ Pattern mapping from an RDF triple to a group of triples ª Generates Security Cover ª Conflict Resolution ª Consistent security labeling
42
Security Cover
¯ Materialized view of the secure RDF/S database ¯ Consists of pairs (t,sl)
ª Minimal ª Complete
43
RDF Security Architecture
Inference Rules Inference Conflict Resolution
Entailed Security Cover
RDF/S Data Simple Conflict
Resolution
RDF/S Native Database
Security Cover
Rules Security Policies
Policies Database
Querying & Security Monitor
Analysis
History
Query
Denial
Answer
Forwarded Query
Returned Query Results
Inference Engine (JENA)
44
Mapping a Default Policy
¯ Default policy ² ([x, y, z], TS)
(Student, rdfs:subClassOf, Person)
(University, rdfs:subClassOf, GovAgency) (studiesAt, rdfs:domain, Student) (studiesAt, rdfs:range,University)
(John, studiesAt, USC)
45
Simple Conflict Resolution
¯ Subsuming patterns have less restrictive security classifications
¯ Based on the “more restrictive takes precedence” resolution
46
Conflict resolution: Pattern Mapping
¯ Conflict Resolution ª ([Student, studiesAt, University], P) ª ([John, studiesAt, USC], S)
( [John, studiesAt, USC],
P S
S)
RDF Reification
USC John
madeBy
rdf:subject
rdf:type stmt1
rdf:Statement
rdf:object rdf:predicate
07/07/2008 High Mark
confidence madeOnDate
studiesAt S SS
S
S
S
SP
P
48
RDF/S entailment
¯ RDF/S triples entailment ª Inference rules application on data to infer new
triples ª Generated triples are assigned security labels ª Inference Conflict Resolution
49
Inference Conflict Resolution
¯ The generated triple may already exist ª A higher security
¯ The policy may require existing triple be classified at a higher level
50
Semantic Mappings: From XML to RDF Ontologies
¯ Establish mappings between XML & RDF ¯ Semantic Enhancement of XML using the
mappings ¯ Good database design entails an ER schema as
the starting point ¯ Uses ER as the intermediate semantic
representation model ¯ Define mappings between an XML data and ER
conceptual Model
XML1
Conceptual Schema 1
Relational Database Schema 1
XML2 XML3
Conceptual Schema 2
Relational Database Schema 2
XML4 XML5
Conceptual Schema m
Relational Database Schema m
XMLn
α1 α3 α5
αn α2 α4
52
Equivalence Classes
¯ Foreign keys in a relation point to the Primary Key entity
¯ They should be mapped only once ¯ Equivalence classes consist of the primary key,
foreign keys pairs, relation schema and relational attributes
53
Mapping Properties
¯ Structure Preserving Tags (SPT) ¯ Element ordering and cardinality constraints ¯ Mapping Function: Many to One ¯ The mappings are
ª Complete: contains one pair (vi,CEi) for every node vi of the XML schema tree X
ª Consistent: does not have two pairs (vi,CEi) and (vj ,CEj) such that vi = vj and CEi != CEj , i.e., there is a single XML node corresponding to an equivalence class.
XML1
Conceptual Schema 1
Relational Database Schema 1
XML2 XML3
Conceptual Schema 2
Relational Database Schema 2
XML4 XML5
Conceptual Schema m
Relational Database Schema m
XMLn
α1 α3 α5
αn α2 α4
Federated Schema/ Meta-Ontology
β1 β2
βn
55
Mappings ¯ Let X be the XML schema tree and O be the RDF ontology. The XML to
RDF mappings are defined in the following way: • An XML leaf node vi is mapped to a RDF property p Є P, : p → (c1,
c2) such that the datatype of the leaf node element { Ri.ai } corresponds to the object datatype RDF Class c2 Є C,
• A non-leaf node vi with sub element nodes is mapped to a RDF class c Є C.
• A non-leaf node vi with sub element nodes is mapped to a RDF property p Є P such that µ(vj) = cj , µ(vk) = ck and (p) = (cj , ck). Here vj and vk are the ancestor and descendant of node vi, respectively.
• A pair of XML nodes (vi, vj) is mapped to an RDF triple [s, p, o] where ed(vi, vj) is an unlabeled edge in XML tree and (p) = rdf:type, rdfs:subClassOf, or rdfs:subPropertyOf.
56
Mapping Properties ¯ Structure Preserving Classes ¯ XML-RDF mappings are
ª Complete: contains one pair (vi, ci) or (vi, pi) for every XML node vi of the XML schema tree, i.e., each node is associated with an RDF class or property.
ª Consistent: does not have two pairs (vi, ri) and (vj , rj) where ri is either an RDF property pi or class ci such that (vi = vj) and (ri != rj), i.e., for an equivalence class there is a single corresponding RDF class or property.
57
Example : XML Ontology Mappings
µ1
Person Address
Date of Birth
Patient
Hospital Business
Company
Unique Identifier
Works_for
has
isa
has
has
isa isa
has Name has
Health Records
contains
has
Diseases
-
Patient
Medical Data
DOB
Illness
Data
BirthDate
Information
SSN Drug
Patient
Prescription
Prescription
has
Disease
Personal Data
PID
Records
XML 1 XML 2
RDF ONTOLOGY µ2
58
XML Authorizations : Policy derivation for XML Data
¯ Apply XML to RDF mappings on RDF Authorizations to derive simple XML access control policies
¯ Generated XML access control permissions have properties: ª consistency, and ª completeness
59
XML authorizations contd.
¯ XML policies are generated in the form of a pair with XPATH and a security label.
¯ XML access control models can use it as an input for more fine grained policies
¯ Use of meta policies like conflict resolution and propagation policies
Mapping Example continued
Patient
Medical Data
Prescription Illness Drug Diagnosis
Health Records
XML 1 XML 2
Data
Person
Medical Records
Diseases
has
has Patient
Medicines Taken
contains
TS TS TS TS
61
Prototype
¯ Java 1.6 for platform ¯ Jena 2.5
ª Java RDF API for reading, writing, and manipulating RDF data
¯ NG4J ª Named Graph for Jena ª Jena extension for providing a provenance to
RDF triples ª Security Labels are stored as the context
62
RAF contd.
¯ Apache Derby for storing RDF data ª Java based Relational database ª Schema managed through Jena
¯ Jena Rule Reasoner ª Inferencing model for entailment generation ª Applies the RDF/S entailment rule ª Can be used for applying business rules
¯ ISAVIZ ª Graph Library for RDF/S display as a graph
63
RAF Admin ¯ Load RDF files, RDFS files and policy files
ª Multiple schema, instance and policies ¯ Execute
ª Pattern mapping ª Security cover generation
¯ Run the entailment and apply security labels ¯ Display graphical display of the ontologies ¯ Launch SPARQL query interface
64
RAF Prototype
65
RAF contd.
¯ SPARQL Query Interface ª SPARQL RDF query protocol for querying RDF
data ² Type query or choose from pre-built queries
ª Users given MAC security clearances ª Username, password authentication ª Results displayed based on user security
clearance ¯ System messages display to warn of conflicts
66
SPARQL Querying : Public
67
Querying: Secret Clearance
68
Querying : TopSecret clearance.
69
Dissertation Contributions ¯ Architecture for Semantic Aware Access Control Model for
XML data ¯ Formal properties of the Semantic Aware Access Control
Model ¯ Authorization Framework for securing RDF Data
ª RDF security policy to RDF/S data mapping algorithm ª RDF Entailment procedure & algorithm to check for illegal
inferences ª Formal Properties of RDF Authorization model
¯ Semantically Enhancement of XML data ª XML to RDF ontology mapping definitions ª XML to RDF correspondences properties
¯ XML Authorization Derivation ª Algorithm for propagating XML authorizations
70
Conclusion
¯ Web is tending towards real time automated data collaboration
¯ Secure data sharing is a challenge ¯ Inclusion of Semantics can help ¯ Provide security for the XML data semantics
represented by Ontologies ¯ Map the XML data to the domain Ontologies ¯ Use the mappings and ontology security policies to
create authorization permissions for XML data
71
Future Direction
¯ Extend the model to handle Updates ¯ Use of business rules for entailment ¯ Extend the prototype to generate the XML
authorization derivations ¯ Performance and results with large data-sets ¯ Use Policy Languages like Rei, Protune for a totally
distributed ontology based authorization system ¯ Comparison of Security Policies in XML format
72
Future Direction
¯ Authorization model for OWL ª Semantics of OWL properties
¯ Extend the mapping from XML to other structure or semi structured data
¯ Extend the direct mapping to more realistic scenario: ª property links, subclass and subproperty links
between the mapped entities
Mappings in a Global Scenario
WS1 Data
WS3 Data
Global Mapping sever
Ont2 Ont1 υ1 υ2
WSm Data
Ontn υm
WS2 Data
υ2
Domain Ontologies
Exchanged Web Data
Security
74
My Publications ¯ “
From XML to RDF: Syntax, Semantics, Security and Integrity” (with C. Farkas, V. Gowadia, and D. Roy), In Proceedings of IFIP TC-11 WG 11.1 & WG 11.5 Joint Working Conference on Security Management, Integrity in Info Systems, Fairfax, Virginia, 2005
¯ “Semantic-Aware Data Protection in Web Services” (with C. Farkas, D. Wijesekera, A. Singhal and B. Thuraisingham), In Proceedings of IEEE Workshop on Web Service Security, Oakland, California, 2006.
¯ “Secure Resource Description Framework: an Access Control Model” (with C. Farkas), In Proceedings of SACMAT06, ACM Symposium on Access Control Models And Technologies), Lake-Tahoe, California, 2006.
¯ "RDF Authorization Framework: Secure Data Sharing for Web Services", (with C. Farkas), Under Journal Revision.
¯ “Secure Semantic Based Data Sharing in XML Web Services”, (with C. Farkas, D. Wijesekera, A. Singhal and B. Thuraisingham) Under Journal Review
75
References 1. “Some Trends in Web Application Development”, Jazayeri, Mehdi. In
Proceedings of : Future of Software Engineering, 2007. FOSE '07, USA, 2. “Freebase data dumps”, Metaweb Technologies. http://
download.freebase.com/datadumps/, 2008 3. “TWINE: The Smartest Way To Organize, Share and Discover Information
About Your Interests”, Radar Networks, 2008. http://www.twine.com/. 4. “Concept-level access control for the Semantic Web”. Li Qin and V. Atluri.
In XMLSEC ’03: Proceedings of the 2003 ACM workshop on XML security, New York, NY, USA, 2003. ACM Press.
5. “Policy-Based Access Control for an RDF Store”. P Reddivari, T. Finin, and A. Joshi. In Proceedings of the IJCAI-07 Workshop on Semantic Web for Collaborative Knowledge Acquisition, January 2007.
6. “Access control on RDF triple stores from a semantic Wiki perspective”. S. Dietzold and S. Auer. volume 183 of CEUR Workshop Proceedings ISSN 1613-0073, June 2006.
7. “Policy-based dissemination of partial web-ontologies”. S. Kaushik, D. Wijesekera, and P. Ammann. In SWS ’05: Proceedings of the 2005 workshop on SWS, New York, NY, USA, 2005. ACM Press.
76
References 8. “Integrating and Exchanging XML Data Using Ontologies”. H. Xiao, I.
Cruz., J. Data Semantics VI 2006, 67-89. 9. “Gloze: XML to RDF and back again”, Steve Battle, First Jena User
Conference, 2006. 10. “WEESA: Web engineering for semantic web applications”, Gerald
Reif, Harald Gall, and Mehdi Jazayeri, In Proceedings of the 14th International Conference on World Wide Web, pages 722–729, New York, NY, USA, 2005. ACM Press.
77
Questions
78
Appendix
Definitions
79
RDF - Patterns ¯ An RDF pattern pt, is a triple represented as pt = [r,
p, v], where each component of the pattern is either ª A data constant such that r є R, p є PR, and v є
R U L, or ª The symbol ”-” representing the empty element
of the triple, or ª A variable represented as a symbol starting
with ?, corresponding to any value for the triple element
80
RDF Security Policy
¯ The security policy SP is a set of pairs SP = {sp1, . . . , spn} U {spdef} such that every spi has the form (pti, sli) and λ(pti) = sli where pti is an RDF pattern, sli is a security label in SL and λ is the security labeling function. spdef = (ptdef , sldef ) represents the default policy where ptdef = [?x1, ?x2, ?x3] is a pattern with all variables and sldef is the default security label such that sldef !≥ sli & sldef !≤ sli for any sli in SL.
81
RDF Pattern Mapping ¯ Let pt = [r, p, v] and pt′ = [r′, p′, v′] be two RDF patterns and
R be the set of Resources. Let ST and DT be the RDF Schema and Instance respectively. For all pattern elements e and e′ where e is either r,p, or v and e′ is either r’,p’, or v’ respectively, the pattern mapping ν: pt → pt′ is defined as: ª ν maps a variable e to a resource e′ Є R. ª ν preserves all constants (i.e., (c) = c), where c is a
constant ª ν maps an empty element “-” to
² an empty element “-”. ² a variable e′ ² a constant e′ in ST U DT
ª ν maps a constant e in DT (data instance) to a constant e’ such that e = e′, i.e., it is an identity mapping
82
Security Cover
¯ Security Cover: Security Cover is a finite set SC = {s1, s2, . . . , sn} where si = (ti, sli), ti is an RDF/S triple and sli є SL is a security label. Given a set SC of security objects of this form, an SC is ª Minimal, that is no two objects (t,sl) and (t’, sl’)
exist such that t = t’ ª Complete, i.e., there is no pair (t,sl) where sl is
empty
83
Security Policy Properties
¯ The Security Policy is complete, that is, every triple in the security cover gets a security label, i.e., ∀ti Є DT U ST , there is a (ti, sli) є SC, where SC is the security cover.
¯ The Security Policy is consistent,
84
Conflict Policy Mapping
¯ Let pt1, . . . , ptk be the RDF patterns and sl1, . . . , slk be their security labels, respectively. Let ν1, . . . , vk be the mappings from pt1, . . . , ptk to an RDF triple t. The security label sl of a triple t is defined as least upper bound,i.e., sl = LUB[sl1, . . . , slk] and the corresponding security object is (t, sl).
85
XML-ER : Equivalence Class
¯ Given a relational database schema RS, an equivalence class CE is defined as follows: A member el of CE is ª a set of a single relation name {Ri} such that Ri
is a relation name in RS or ª a set of attribute names {R1.a1, . . . ,Rn.an} such
that for all Ri.ai, (i = 1, . . . , n), Ri is a relation name in RS, aj Є sort(Ri), and there is a foreign key constraint between any two or more attributes in CE.
86
Mapping Rule Set
¯ Let X = (V,E, θ,L) be an XML schema tree, O = (C, P,δ ,≤) be an RDF ontology schema and µ : X → O be a mapping function. A mapping rule set Mxo containing XML to RDF components’ correspondences is defined as Mxo = {(x1, r1) . . . (xk, rk)} such that xi is either an XML node vi Є V or a pair of nodes (vi, vj) and ri is either an RDF class ci Є C, an RDF property pi Є P or an RDF triple ti = [si, pi, oi].
87
SOAP Request GET /stock HTTP/1.1 Host: www.kbcafe.com <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2001/12/soap-envelope" xmlns:m="http://www.kbcafe.com/stock"> <soap:Header> <m:DeveloperKey>1234</DeveloperKey> </soap:Header> <soap:Body> <m:GetStockPrice> <m:StockName>HUMC</m:StockName>
<m:QuoteTime>EST</m:QuoteTime> <m:Exchange>NYSE,NASDAQ</m:Exchange>
</m:GetStockPrice> </soap:Body> </soap:Envelope>
88
SOAP Response HTTP/1.1 200 OK <?xml version="1.0"?> <soap:Envelope xmlns:soap="http://www.w3.org/2001/12/soap-envelope" xmlns:m="http://www.kbcafe.com/stock"> <soap:Body> <m:GetStockPriceResponse> <m:Price>
<m:Value>27.66</m:Value> <m:QuoteTime>12:46PM</m:QuoteTime> <m:Exchange>NYSE</m:Exchange> </m:Price>
</m:GetStockPriceResponse> </soap:Body> </soap:Envelope>
89
REST Request
GET /stock?StockName=HUMC HTTP/1.1 Host: www.kbcafe.com
90
REST Response
HTTP/1.1 200 OK <?xml version="1.0"?> <m:Price xmlns:m="http://www.kbcafe.com/stock">
<m:Value>27.66</m:Value> <m:QuoteTime>12:46PM</m:QuoteTime> <m:Exchange>NYSE</m:Exchange>
</m:Price>
91
XML Semantic Normal Form (SNF)
¯ XML Semantic Normal Form represents the meaning of XML data in a document
¯ Applications can convert exchanged XML documents into their standard semantic form and compare them
¯ Since structurally different but semantically similar documents would have an equivalent SNF, their authorization policies would be similar
¯ Properties of the XML Semantic Normal Form ¯ Algorithm to convert an XML document in its
Semantic Normal Form