- 1. Ontology-based Access Control Policy Interoperability
Quentin Reul, Gang Zhao, and Robert Meersman
2. Overview
3. TAS 3Architecture 4. Ontology-based Interoperability
Traditional Sys A Sys C Sys B Sys D Sys E Sys A Sys C Sys B Sys D
Sys E 5. Access Control Policy Interoperability (I)
- Semantic Interoperability between a Service Provider (SP) and a
Service Requester (SR).
-
- Same vocabulary for attributes, but different vocabulary for
their values
-
- Different vocabularies for attributes and their values
6. Access Control Policy Interoperability (II) System B Sys A
PEP PDP request (A,T,{N,V}) Interpreter 7. What is anontology ?
- An ontology is aserver-stored shared agreement on the semantics
ofdata, processes and rulesin a given domain.
-
- Interoperability betweenautonomously developed information
systems ;
-
- Data exchange across heterogeneous data sources;
-
- Communication between humans and machines.
8. Triangle of Meaning Thing Symbol Person evokes stands for
relates to 9. DOGMA
-
- A lexon base holds lexons
-
- A commitment layermediates between the lexon base and its
applications
- Grounded inthe linguistic representation of knowledge
10. Lexons to RDF Person Name Identifier has of has of 11.
Security Policy Ontology (I)
- Declarative rather than procedural
- Extended to express specific types of security policies (e.g.
access control policies).
12. Security Policy Ontology (II) 13. Condition 14. Action 15.
Target 16. Access Control Policy 17. ABAC Policy 18. Conclusion
- Developed an ontology of Security Policies
- Showed how this ontology could be used to enable
interoperability
19. DOGMA Reference
- Spyns, P., Tang, Y., Meersman, R.:An Ontology Engineering
Methodology forDOGMA . InJournal of Applied Ontology ,3:13-39,
2008
- Spyns, P., Meersman, R., Jarrar, M.:Data modelling versus
ontology engineering .SIGMOD Record Special Issue on Semantic Web,
Database Management and Information Systems31(4):12-17, 2002
- de Moor, A., De Leenheer, P., Meersman, R.:DOGMA-MESS: A
meaning evolution support system for interorganizational ontology
engineering . In:Proc. of the 14th International Conference on
Conceptual Structures, (ICCS 2006) , Aalborg, Denmark.