Skip to main content
SpringerLink
Log in
Book cover

OTM Confederated International Conferences "On the Move to Meaningful Internet Systems"

OTM 2010: On the Move to Meaningful Internet Systems: OTM 2010 pp 600–618Cite as

Supporting Role Based Provisioning with Rules Using OWL and F-Logic

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 6426))

Abstract

The rule-based RBAC (RB-RBAC) model has been proposed to dynamically assign users to roles based on a set of rules. We identify two problems of this model: simplified rule language with limited expressiveness and the lack of rule reasoning capabilities. In this paper we propose an expressive and extensible provisioning framework that overcomes these drawbacks. Our framework supports complex user-role assignment rules and provides rule reasoning capabilities using OWL DL and F-Logic. Furthermore, we show how our approach supports (i) weak and strong negation to enhance expressiveness and strictness, (ii) defining static SoD constraints, and (iii) detecting conflicts. Finally, the paper describes a mechanism to deduce well-formed SPML requests from rules to provision policy systems with entitlements.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Jena - a semantic web framework for java. Internet, http://jena.sourceforge.net

  2. Al-Kahtani, M., Sandhu, R.: A model for attribute-based user-role assignment. In: Proc. 18th ACSAC (2002)

    Google Scholar 

  3. Al-Kahtani, M.A., Sandhu, R.: Induced role hierarchies with attribute-based rbac. In: Proc. 8th SACMAT (2003)

    Google Scholar 

  4. Al-Kahtani, M.A., Sandhu, R.S.: Rule-based rbac with negative authorization, pp. 405–415. IEEE Computer Society, Los Alamitos (2004)

    Google Scholar 

  5. Angele, J., Kifer, M., Lausen, G.: Ontologies in F-logic. In: Handbook on Ontologies, pp. 45–70 (2009)

    Google Scholar 

  6. Berners-Lee, T., Connolly, D., Kagal, L., Scharf, Y., Hendler, J.A.: N3Logic: A logical framework for the World Wide Web. TPLP 8, 249–269 (2008)

    MathSciNet  MATH  Google Scholar 

  7. Bertino, E., Catania, B., Ferrari, E., Perlasca, P.: A logical framework for reasoning about access control models. In: Proc. of SACMAT 2001, pp. 41–52. ACM, New York (2001)

    Google Scholar 

  8. Carroll, J.J., Roo, J.: OWL Web Ontology Language Test Cases. W3C recommendation W3C (2004), http://www.w3.org/tr/owl-test

  9. Clark, K.L.: Negation as failure. In: Logic and Data Bases (1978)

    Google Scholar 

  10. Cruz, I.F., Gjomemo, R., Lin, B., Orsini, M.: A constraint and attribute based security framework for dynamic role assignment in collaborative environments. In: Proc. of the 4th CollaborateCom 2008 (2008)

    Google Scholar 

  11. de Bruijn, J., Heymans, S.: On the Relationship between Description Logic-based and F-Logic-based Ontologies, vol. 82. IOS Press, Amsterdam (2008)

    MATH  Google Scholar 

  12. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM TISSEC 4(3), 224–274 (2001)

    Article  Google Scholar 

  13. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W., Thuraisingham, B.: ROWLBAC: representing role based access control in OWL. In: Proc. of the 13th ACM SACMAT (2008)

    Google Scholar 

  14. Giunchiglia, F., Zhang, R., Crispo, B.: Relbac: Relation based access control. In: 4th Int. Conf. on SKG 2008, pp. 3–11 (2008)

    Google Scholar 

  15. Giunchiglia, F., Crispo, B., Zhang, R.: Design and run time reasoning with relbac. Technical report, DISI (2008)

    Google Scholar 

  16. Grosof, B.N., Horrocks, I., Volz, R., Decker, S.: Description logic programs: combining logic programs with description logic. In: Proc. of the 12th international conference on WWW (2003)

    Google Scholar 

  17. Horrocks, I., Patel-Schneider, P.F.: A proposal for an owl rules language. In: Proc. of the 13th Int. WWW (2004)

    Google Scholar 

  18. Horrocks, I., Patel-Schneider, P.F., Boley, H., Tabet, S., Grosof, B., Dean, M.: SWRL: A Semantic Web Rule Language Combining OWL and RuleML. W3C Member Submission W3C (2004), http://www.w3.org/Submission/SWRL/

  19. Horrocks, I., Patel-Schneider, P.F., van Harmelen, F.: From SHIQ and RDF to OWL: the making of a Web Ontology Language. J. Web Sem. 1(1), 7–26 (2003)

    Article  Google Scholar 

  20. Kattenstroth, H., May, W., Schenk, F.: Combining OWL with F-Logic Rules and Defaults. In: Proc. of 2nd Int. WS on ALPSWS (2007)

    Google Scholar 

  21. Kern, A., Walhorn, C.: Rule support for rolebased access control. In: Proceedings of the tenth ACM symposium on Access control models and technologies (2005)

    Google Scholar 

  22. Kifer, M., Lausen, G., Wu, J.: Logical foundations of object-oriented and frame-based languages. J. ACM 42, 741–843 (1995)

    Article  MathSciNet  MATH  Google Scholar 

  23. Nejdl, W., Olmedilla, D., Winslett, M., Zhang, C.C.: Ontology-based policy specification and management. In: Gómez-Pérez, A., Euzenat, J. (eds.) ESWC 2005. LNCS, vol. 3532, pp. 290–302. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  24. Ni, Q., Lobo, J., Calo, S., Rohtangi, P., Bertino, E.: Automating Role-based Provisioning by Learning from Examples. In: Proc. of the 14th SACMAT (2009)

    Google Scholar 

  25. OASIS. Oasis service provisioning markup language (spml) v. 2 (2006), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=provision

  26. Parsia, B., Sirin, E.: Pellet: An OWL DL Reasoner. In: McIlraith, S.A., Plexousakis, D., van Harmelen, F. (eds.) ISWC 2004. LNCS, vol. 3298. Springer, Heidelberg (2004)

    Google Scholar 

  27. Parsia, B., Wang, T., Golbeck, J.: Visualizing web ontologies with cropcircles. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729. Springer, Heidelberg (2005)

    Google Scholar 

  28. Patel-Schneider, P.F., Hayes, P., Horrocks, I.: OWL Web Ontology Language Semantics and Abstract Syntax. W3C (2004), http://www.w3.org/tr/owl-semantics

  29. Protégé, http://protegewiki.stanford.edu

  30. Shepherdson, J.C.: Negation as failure: a comparison of clark’s completed data base and reiter’s closed world assumption. J. Log. Program. 1(1), 51–79 (1984)

    Article  MathSciNet  MATH  Google Scholar 

  31. Sintek, M., Decker, S.: Triple - a query, inference, and transformation language for the semantic web. In: Horrocks, I., Hendler, J. (eds.) ISWC 2002. LNCS, vol. 2342, p. 364. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  32. Windley, P.J.: Digital Identity. O’Reilly, Sebastopol (2005)

    MATH  Google Scholar 

  33. Yang, G., Kifer, M., Zhao, C.: FLORA-2: A Rule-Based Knowledge Representation and Inference Infrastructure for the Semantic Web. In: Meersman, R., Tari, Z., Schmidt, D.C. (eds.) CoopIS 2003, DOA 2003, and ODBASE 2003. LNCS, vol. 2888, Springer, Heidelberg (2003)

    Google Scholar 

  34. Yu, H., Xie, Q., Che, H.: Description Logic Based Conflict Detection Methods for RB-RBAC Model. IJCSNS 6(1A), 120 (2006)

    Google Scholar 

  35. Zhao, C., Heilili, N., Liu, S., Lin, Z.: Representation and reasoning on rbac: A description logic approach. In: Van Hung, D., Wirsing, M. (eds.) ICTAC 2005. LNCS, vol. 3722, pp. 381–393. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  36. Zou, Y., Finin, T.W., Chen, H.: F-OWL: an Inference Engine for the Semantic Web. In: Hinchey, M.G., Rash, J.L., Truszkowski, W.F., Rouff, C.A. (eds.) FAABS 2004. LNCS (LNAI), vol. 3228, pp. 238–248. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Oxford Computer Group Germany, Munich, Germany

    Patrick Rempel

  2. University of Innsbruck, Innsbruck, Austria

    Basel Katt & Ruth Breu

Authors
  1. Patrick Rempel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Basel Katt
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ruth Breu
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. STAR Lab, Vrije Universiteit Brussel (VUB), Bldg G/10, Pleinlaan 2, 1050, Brussels, Belgium

    Robert Meersman

  2. Curtin University of Technology, DEBII - CBS, De Laeter Way, Bentley, 6102, WA, Australia

    Tharam Dillon

  3. Facultad de Informática, Universidad Politécnica de Madrid, Campus de Montegancedo S/N, 28660, Boadilla del Monte, Madrid, Spain

    Pilar Herrero

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Rempel, P., Katt, B., Breu, R. (2010). Supporting Role Based Provisioning with Rules Using OWL and F-Logic. In: Meersman, R., Dillon, T., Herrero, P. (eds) On the Move to Meaningful Internet Systems: OTM 2010. OTM 2010. Lecture Notes in Computer Science, vol 6426. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-16934-2_45

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-16934-2_45

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-16933-5

  • Online ISBN: 978-3-642-16934-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation