Ontology-Based Policy Specification and Management

  • Wolfgang Nejdl
  • Daniel Olmedilla
  • Marianne Winslett
  • Charles C. Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3532)


The World Wide Web makes it easy to share information and resources, but offers few ways to limit the manner in which these resources are shared. The specification and automated enforcement of security-related policies offer promise as a way of providing controlled sharing, but few tools are available to assist in policy specification and management, especially in an open system such as the Web, where resource providers and users are often strangers to one another and exact and correct specification of policies will be crucial. In this paper, we propose the use of ontologies to simplify the tasks of policy specification and administration, discuss how to represent policy inheritance and composition based on credential ontologies, formalize these representations and the according constraints in Frame-Logic, and present POLICYTAB, a prototype implementation of our proposed scheme as a Protégé plug-in to support policy specification.


Digital Library Policy Language Security Policy Access Control Policy Mandatory Policy 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
  2. 2.
    The Protégé Ontology Editor and Knowledge Acquisition System,
  3. 3.
    Web Services Trust Language (WS-Trust) Specification,
  4. 4.
  5. 5.
    Assertions and protocol for the oasis security assertion markup language (saml); committee specification 01 (2002)Google Scholar
  6. 6.
    Adam, N.R., Atluri, V., Bertino, E., Ferrari, E.: A content-based authorization model for digital libraries. IEEE Transactions on Knowledge and Data Engineering 14(2), 296–315 (2002)CrossRefGoogle Scholar
  7. 7.
    Ankolekar, A.: Daml-s: Semantic markup for web servicesGoogle Scholar
  8. 8.
    Bertino, E., Jojodia, S., Samarati, P.: Supporting multiple access control policies in database systems. In: IEEE Symposium on Security and Privacy, Oakland, CA, pp. 94–109. IEEE Computer Society Press, Los Alamitos (1996)Google Scholar
  9. 9.
    Bonatti, P., Samarati, P.: Regulating Service Access and Information Release on the Web. In: Conference on Computer and Communications Security, Athens (November 2000)Google Scholar
  10. 10.
    Cassandra policy for national ehr in england,
  11. 11.
    Denker, G., Kagal, L., Finin, T., Paolucci, M., Sycara, K.: Security for daml web services: Annotation and matchmaking. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 335–350. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Eßmayr, W., Kastner, F., Pernul, G., Preishuber, S., Tjoa, A.: Authorization and access control in iro-dbGoogle Scholar
  13. 13.
    Erdmann, M., Studer, R.: How to structure and access xml documents with ontologies. Data and Knowledge Engineering, 36(3) (2001)Google Scholar
  14. 14.
    Fikes, R., McGuinness, D., Rice, J., Frank, G., Sun, Y., Qing, Z.: Distributed repositories of highly expressive reusable knowledge (1999)Google Scholar
  15. 15.
    Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K., Winslett, M.: No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In: Bussler, C.J., Davies, J., Fensel, D., Studer, R. (eds.) ESWS 2004. LNCS, vol. 3053, pp. 342–356. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  16. 16.
    Kagal, L., Finin, T., Joshi, A.: A policy based approach to security for the semantic web. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 402–418. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Kifer, M., Lausen, G., Wu, J.: Logical foundations of object-oriented and frame-based languages. J. ACM 42(4), 741–843 (1995)zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Nejdl, W., Olmedilla, D., Winslett, M.: PeerTrust: automated trust negotiation for peers on the semantic web. In: Jonker, W., Petković, M. (eds.) SDM 2004. LNCS, vol. 3178, pp. 118–132. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  19. 19.
    Persiano, P., Visconti, I.: User privacy issues regarding certificates and the tls protocol. In: Conference on Computer and Communications Security, Athens (November 2000)Google Scholar
  20. 20.
    Ribeiro, C., Guedes, P.: Spl: An access control language for security policies with complex constraints (1999)Google Scholar
  21. 21.
    Shum, S.B., Motta, E., Domingue, J.: Scholonto: an ontology-based digital library server for research documents and discourse. Int. J. on Digital Libraries 3(3), 237–248 (2000)CrossRefGoogle Scholar
  22. 22.
    Tonti, G., Bradshaw, J.M., Jeffers, R., Montanari, R., Suri, N., Uszok, A.: Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei and Ponder. In: Fensel, D., Sycara, K., Mylopoulos, J. (eds.) ISWC 2003. LNCS, vol. 2870, pp. 419–437. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2005

Authors and Affiliations

  • Wolfgang Nejdl
    • 1
  • Daniel Olmedilla
    • 1
  • Marianne Winslett
    • 2
  • Charles C. Zhang
    • 2
  1. 1.L3S Research Center and University of HannoverGermany
  2. 2.Dept. of Computer ScienceUniversity of Illinois at Urbana-ChampaignUSA

Personalised recommendations