slide1 n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Motivation Applications – sophisticated, intelligent, open and dynamic environments PowerPoint Presentation
Download Presentation
Motivation Applications – sophisticated, intelligent, open and dynamic environments

Loading in 2 Seconds...

play fullscreen
1 / 4

Motivation Applications – sophisticated, intelligent, open and dynamic environments - PowerPoint PPT Presentation


  • 54 Views
  • Uploaded on

T. Hill Review of: ROWLBAC – Representing Role Based Access Control in OWL T. Finin, A. Joshi L. Kagal, B. Thuraisingham, J. Niu, R. Sandhu, W. Winsborough 10/13/2008.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Motivation Applications – sophisticated, intelligent, open and dynamic environments' - isaura


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
slide1

T. Hill Review of:ROWLBAC – Representing Role Based Access Control in OWLT. Finin, A. Joshi L. Kagal, B. Thuraisingham, J. Niu, R. Sandhu, W. Winsborough 10/13/2008

Problem: Using the hierarchy diagram below, describe how OWL (Web Ontology Language) can be used to specify the following RBAC security model access control functions; assign the role of Person and two sub-class roles of Citizen and Visitor, assign to Citizen the permitted actions of Vote, Work, Jury, assign to Visitor a prohibited action of Work. Make Alice an active Citizen and Bob an active Visitor. [note - general descriptive language is acceptable, exact RDF/OWL syntax is not necessary].

  • Motivation
    • Applications – sophisticated, intelligent, open and dynamic environments
    • Future – Grid computing, intelligent agents, negotiate exchange of information
    • Security – of future applications, regardless of infrastructure, including the cloud
  • Bring together two parallel themes
    • Access Control Models – RBAC96, NIST Standard, RT, Usage Control
    • Policy Languages – XACML, Ponder, Rei, KAoS
slide2

ROWLBAC – Semantic Web and OWL

  • Semantic Web
    • Berners-Lee vision
      • Knowledge published so humans and computers can understand and reason
    • Technology
      • W3C standards RDF (Resource Description Framework) triple
      • //..html has a creation-date whose value is August 16, 1999
      • Description Logic
slide3

ROWLBAC – Roles as Classes, Permissions, Activation, Enforcing

  • Hierarchy of roles
  • Enforcing RBAC activation rule

{ ?ACTION a ActivateRole;

subject ?SUBJ;

object ?ROLE.

?SUBJ a ?ROLE.

?ROLE activeForm ?AROLE.

?AROLE rdfs:subClassOf ActiveRole.

} =>

{ ?ACTION a PermittedRoleActivation;

subject ?SUBJ; object ?ROLE.

?SUBJ a ?AROLE

}.

  • Associating permissions with roles

PermittedVoteAction a rdfs:Class;

rdfs:subClassOf rbac:PermittedAction;

owl:equivalentClass

[

a owl:Class;

owl:intersectionOf

( Vote

[ a owl:Restriction;

owl:allValuesFrom ex:ActiveCitizen;

owl:onProperty rbac:subject

]

)

]

  • Assigning roles and activation in a session
slide4

Person

Citizen

Permitted: Vote,

Work, Jury

Visitor

Prohibited: Work

Bob active

Alice active

ROWLBAC – A Proposed Solution

Problem: Using the hierarchy diagram below, describe how OWL (Web Ontology Language) can be used to specify the following RBAC security model access control functions; assign the role of Person and two sub-class roles of Citizen and Visitor, assign to Citizen the permitted actions of Vote, Work, Jury, assign to Visitor a prohibited action of Work. Make Alice an active Citizen and Bob an active Visitor. [note - general descriptive language is acceptable, exact RDF/OWL syntax is not necessary].

Proposed solution:

1. Use RDF/OWL to define Citizen as a subclass of Person

and Visitor as a subclass of Person

2. Use RDF/OWL to define Vote as a permitted action of Citizen

and Work as a permitted action of Citizen

and Jury as a permitted action of Citizen

And Work as a prohibited action of Visitor

3. At run time, set Alice as an active Citizen

and Bob as an active Visitor