Towards an authorisation model for distributed systems based on the Semantic Web

Authorisation is a crucial process in current information systems. Nowadays, many of the current authorisation systems do not provide methods to describe the semantics of the underlying information model which they are protecting. This fact can lead to mismatch problems between the semantics of the authorisation model and the semantics of the underlying data and resources being protected. In order to solve this problem, this paper describes an authorisation model based on Semantic Web technologies. This authorisation model uses the common information model (CIM) to represent the underlying information model. For this reason, a new conversion process of CIM into the Semantic Web languages has been proposed converting properly the semantics available in the CIM model. This representation provides a suitable information model based on a well-known logic formalism for implementing the authorisation model and a formal language for describing concisely the semantic of the information models being protected. The formal authorisation model supports role-based access control (RBAC), hierarchical RBAC, conditional RBAC and object hierarchies, among other features. Moreover, this paper describes an authorisation architecture for distributed systems taking into account aspects such as privacy among parties and trust management. Finally, some implementation aspects of this system have also been described.

[1]  Boris Motik,et al.  OWL 2 Web Ontology Language: structural specification and functional-style syntax , 2008 .

[2]  Huajun Chen,et al.  The Semantic Web , 2011, Lecture Notes in Computer Science.

[3]  E. Prud hommeaux,et al.  SPARQL query language for RDF , 2011 .

[4]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[5]  Bo Gao,et al.  A Framework for Native Multi-Tenancy Application Development and Management , 2007, The 9th IEEE International Conference on E-Commerce Technology and The 4th IEEE International Conference on Enterprise Computing, E-Commerce and E-Services (CEC-EEE 2007).

[6]  H. Lan,et al.  SWRL : A semantic Web rule language combining OWL and ruleML , 2004 .

[7]  Dennis Heimbigner,et al.  DMTF-CIM to OWL : A Case Study in Ontology Conversion , 2005 .

[8]  Timothy W. Finin,et al.  A policy language for a pervasive computing environment , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[9]  Martin Staudt,et al.  Metadata standards for data warehousing: open information model vs. common warehouse metadata , 2000, SGMD.

[10]  Jorge Lobo,et al.  Privacy-aware role based access control , 2009, SACMAT '07.

[11]  Antonio F. Gómez-Skarmeta,et al.  Deploying authorisation mechanisms for federated services in eduroam (DAMe) , 2007, Internet Res..

[12]  Stefan Decker,et al.  Creating Semantic Web Contents with Protégé-2000 , 2001, IEEE Intell. Syst..

[13]  Seng Wai Loke,et al.  Methods for policy conflict detection and resolution in pervasive computing environments. , 2005, WWW 2005.

[14]  Ravi S. Sandhu,et al.  The NIST model for role-based access control: towards a unified standard , 2000, RBAC '00.

[15]  Jeremy J. Carroll,et al.  Resource description framework (rdf) concepts and abstract syntax , 2003 .

[16]  Somchart Fugkeaw,et al.  A hybrid multi-application authentication and authorization model using Multi-Agent System and PKI , 2007 .

[17]  Jeffrey M. Bradshaw,et al.  KAoS policy and domain services: toward a description-logic approach to policy representation, deconfliction, and enforcement , 2003, Proceedings POLICY 2003. IEEE 4th International Workshop on Policies for Distributed Systems and Networks.

[18]  Agostino Poggi,et al.  JADE: A software framework for developing multi-agent applications. Lessons learned , 2008, Inf. Softw. Technol..

[19]  J. Carroll,et al.  Jena: implementing the semantic web recommendations , 2004, WWW Alt. '04.

[20]  Yarden Katz,et al.  Pellet: A practical OWL-DL reasoner , 2007, J. Web Semant..

[21]  Juan E. Tapiador,et al.  Certificate-based Access Control in Pure P2P Networks , 2006, Sixth IEEE International Conference on Peer-to-Peer Computing (P2P'06).

[22]  David Cordes,et al.  A scalable authorization approach for the Globus grid system , 2005, Future Gener. Comput. Syst..

[23]  BertinoElisa,et al.  Privacy-aware role-based access control , 2010 .

[24]  Ramaswamy Chandramouli,et al.  The Queen's Guard: A Secure Enforcement of Fine-grained Access Control In Distributed Data Analytics Platforms , 2001, ACM Trans. Inf. Syst. Secur..

[25]  Dan Brickley,et al.  Rdf vocabulary description language 1.0 : Rdf schema , 2004 .

[26]  Diego Calvanese,et al.  The Description Logic Handbook: Theory, Implementation, and Applications , 2003, Description Logic Handbook.

[27]  Winston Bumpus,et al.  Common Information Model: Implementing the Object Model for Enterprise Management , 1999 .

[28]  Jacek Kitowski,et al.  Translation of Common Information Model to Web Ontology Language , 2007, International Conference on Computational Science.