Enforcing Privacy by Means of an Ontology Driven XACML Framework

Abou-Tair, Dhiah el Diehn I.; Berlik, Stefan; Kelter, Udo

doi:10.1109/isias.2007.4299787

Cited by 2 publications

(1 citation statement)

References 0 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Several groups have previously discussed ways to integrate semantic technologies with privacy to create policies that provide coarse-grained filtering of data [30,31], in contrast to fine-grained filtering discussed in this work. Ahmed et al [31] describe the use of three ontologies representing users, privacy, and Web services to refuse access to entire documents.…”

Section: Related Workmentioning

confidence: 99%

Fine‐grained filtering to provide access control for data providing services within collaborative environments

Brown

Hayes

Allison

et al. 2013

Concurrency and Computation

View full text Add to dashboard Cite

A data providing service (DPS) in service-oriented architecture is tasked only with the retrieval of data that are annotated over a domain ontology. One particular motivating application of DPSs is their use within collaborative environments. An important characteristic for the enterprises of such a collaborative environment is the ability to employ data sharing with one another. A major concern in this situation is the protection of each enterprise's privacy while still permitting data sharing. One potential solution is to provide filtered data through access control. This work describes how to implement access control through fine-grained filtering of DPS response messages; it is accomplished using a filtering ontology and relations between the domain ontology of DPS and the proposed filtering ontology. Therefore, enterprises can write enterprise-specific access control policies referencing a common filtering ontology defined within a collaborative environment, enabling access control-based data sharing within the environment. This work additionally illustrates the implementation of our general solution to data providing web services, interpreted by an eXtensible Access Control Markup Language-based access control framework. The implementation is further evaluated in a case study of real world data, provided by a health research institute in London, Canada.K. BROWN ET AL. product. Should data sharing be required within this domain, the data services must also provide some security measures, such as access control policies (ACPs). These policies should reference the shared concepts to maintain the privacy of each enterprise. This is not an easy task as each enterprise may have existing ACPs. The need for specialized data services is emphasized by Carey [5]. Carey outlines a very simplified architecture showing how data services are used by business processes in order to facilitate access to data objects while also suggesting that new methodologies and tools need to be developed for data service modeling as data services are likely to remain important to applications.The data service contract in non-semantic SOA only describes a service syntactically and thus requires human input to semantically interpret the contract. As a result of this, semantic extensions to SOA have been proposed that annotate conventional services to promote interoperability [6][7][8][9]. Services that specialize in retrieving data and are annotated with semantics are termed data providing services (DPSs). A DPS extends a conventional SOA service by providing a DPS profile that semantically annotates the service's contract using a parameterized view over a domain ontology. A domain ontology is a shared, formal description of data that is supported by computational logic for inference; resource description framework schema (RDFS) [10] and Web Ontology Language (OWL) [11] are two potential representations for ontologies on the Web. By semantically annotating a DPS, it is able to be semantically discovered, mediated, and composed.Current me...

show abstract

Section: Related Workmentioning

confidence: 99%