Abstract
The rule-based RBAC (RB-RBAC) model has been proposed to dynamically assign users to roles based on a set of rules. We identify two problems of this model: simplified rule language with limited expressiveness and the lack of rule reasoning capabilities. In this paper we propose an expressive and extensible provisioning framework that overcomes these drawbacks. Our framework supports complex user-role assignment rules and provides rule reasoning capabilities using OWL DL and F-Logic. Furthermore, we show how our approach supports (i) weak and strong negation to enhance expressiveness and strictness, (ii) defining static SoD constraints, and (iii) detecting conflicts. Finally, the paper describes a mechanism to deduce well-formed SPML requests from rules to provision policy systems with entitlements.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Jena - a semantic web framework for java. Internet, http://jena.sourceforge.net
Al-Kahtani, M., Sandhu, R.: A model for attribute-based user-role assignment. In: Proc. 18th ACSAC (2002)
Al-Kahtani, M.A., Sandhu, R.: Induced role hierarchies with attribute-based rbac. In: Proc. 8th SACMAT (2003)
Al-Kahtani, M.A., Sandhu, R.S.: Rule-based rbac with negative authorization, pp. 405–415. IEEE Computer Society, Los Alamitos (2004)
Angele, J., Kifer, M., Lausen, G.: Ontologies in F-logic. In: Handbook on Ontologies, pp. 45–70 (2009)
Berners-Lee, T., Connolly, D., Kagal, L., Scharf, Y., Hendler, J.A.: N3Logic: A logical framework for the World Wide Web. TPLP 8, 249–269 (2008)
Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: Proc. of SACMAT 2001, pp. 41–52. ACM, New York (2001)
Carroll, J.J., Roo, J.: OWL Web Ontology Language Test Cases. W3C recommendation W3C (2004), http://www.w3.org/tr/owl-test
Clark, K.L.: Negation as failure. In: Logic and Data Bases (1978)
Cruz, I.F., Gjomemo, R., Lin, B., Orsini, M.: A constraint and attribute based security framework for dynamic role assignment in collaborative environments. In: Proc. of the 4th CollaborateCom 2008 (2008)
de Bruijn, J., Heymans, S.: On the Relationship between Description Logic-based and F-Logic-based Ontologies, vol. 82. IOS Press, Amsterdam (2008)
Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)
Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W., Thuraisingham, B.: ROWLBAC: representing role based access control in OWL. In: Proc. of the 13th ACM SACMAT (2008)
Giunchiglia, F., Zhang, R., Crispo, B.: Relbac: Relation based access control. In: 4th Int. Conf. on SKG 2008, pp. 3–11 (2008)
Giunchiglia, F., Crispo, B., Zhang, R.: Design and run time reasoning with relbac. Technical report, DISI (2008)
Grosof, B.N., Horrocks, I., Volz, R., Decker, S.: Description logic programs: combining logic programs with description logic. In: Proc. of the 12th international conference on WWW (2003)
Horrocks, I., Patel-Schneider, P.F.: A proposal for an owl rules language. In: Proc. of the 13th Int. WWW (2004)
Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A Semantic Web Rule Language Combining OWL and RuleML. W3C Member Submission W3C (2004), http://www.w3.org/Submission/SWRL/
Horrocks, I., Patel-Schneider, P.F., van Harmelen, F.: From SHIQ and RDF to OWL: the making of a Web Ontology Language. J. Web Sem. 1(1), 7–26 (2003)
Kattenstroth, H., May, W., Schenk, F.: Combining OWL with F-Logic Rules and Defaults. In: Proc. of 2nd Int. WS on ALPSWS (2007)
Kern, A., Walhorn, C.: Rule support for rolebased access control. In: Proceedings of the tenth ACM symposium on Access control models and technologies (2005)
Kifer, M., Lausen, G., Wu, J.: Logical foundations of object-oriented and frame-based languages. J. ACM 42, 741–843 (1995)
Nejdl, W., Olmedilla, D., Winslett, M., Zhang, C.C.: Ontology-based policy specification and management. In: Gómez-Pérez, A., Euzenat, J. (eds.) ESWC 2005. LNCS, vol. 3532, pp. 290–302. Springer, Heidelberg (2005)
Ni, Q., Lobo, J., Calo, S., Rohtangi, P., Bertino, E.: Automating Role-based Provisioning by Learning from Examples. In: Proc. of the 14th SACMAT (2009)
OASIS. Oasis service provisioning markup language (spml) v. 2 (2006), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=provision
Parsia, B., Sirin, E.: Pellet: An OWL DL Reasoner. In: McIlraith, S.A., Plexousakis, D., van Harmelen, F. (eds.) ISWC 2004. LNCS, vol. 3298. Springer, Heidelberg (2004)
Parsia, B., Wang, T., Golbeck, J.: Visualizing web ontologies with cropcircles. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729. Springer, Heidelberg (2005)
Patel-Schneider, P.F., Hayes, P., Horrocks, I.: OWL Web Ontology Language Semantics and Abstract Syntax. W3C (2004), http://www.w3.org/tr/owl-semantics
Protégé, http://protegewiki.stanford.edu
Shepherdson, J.C.: Negation as failure: a comparison of clark’s completed data base and reiter’s closed world assumption. J. Log. Program. 1(1), 51–79 (1984)
Sintek, M., Decker, S.: Triple - a query, inference, and transformation language for the semantic web. In: Horrocks, I., Hendler, J. (eds.) ISWC 2002. LNCS, vol. 2342, p. 364. Springer, Heidelberg (2002)
Windley, P.J.: Digital Identity. O’Reilly, Sebastopol (2005)
Yang, G., Kifer, M., Zhao, C.: FLORA-2: A Rule-Based Knowledge Representation and Inference Infrastructure for the Semantic Web. In: Meersman, R., Tari, Z., Schmidt, D.C. (eds.) CoopIS 2003, DOA 2003, and ODBASE 2003. LNCS, vol. 2888, Springer, Heidelberg (2003)
Yu, H., Xie, Q., Che, H.: Description Logic Based Conflict Detection Methods for RB-RBAC Model. IJCSNS 6(1A), 120 (2006)
Zhao, C., Heilili, N., Liu, S., Lin, Z.: Representation and reasoning on rbac: A description logic approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 381–393. Springer, Heidelberg (2005)
Zou, Y., Finin, T.W., Chen, H.: F-OWL: an Inference Engine for the Semantic Web. In: Hinchey, M.G., Rash, J.L., Truszkowski, W.F., Rouff, C.A. (eds.) FAABS 2004. LNCS (LNAI), vol. 3228, pp. 238–248. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Rempel, P., Katt, B., Breu, R. (2010). Supporting Role Based Provisioning with Rules Using OWL and F-Logic. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_45
Download citation
DOI: https://doi.org/10.1007/978-3-642-16934-2_45
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-16933-5
Online ISBN: 978-3-642-16934-2
eBook Packages: Computer ScienceComputer Science (R0)