Policy Based Protection and Personalized Generation of Web Content

The World Wide Web offers easy sharing of information, but provides only few options for the protection of sensitive information and other sensitive resources. Traditional protection mechanisms rely on the characterization of requesters by identity, which works well in a closed system with a known set of users. Trust negotiation protocols have emerged as a solution for open environments such as the Web, in which parties may make connections and interact without being previously known to each other. In this paper we present an access control framework for the Web that not only provides advanced protection mechanisms for static resources but also personalized generation of content. Our approach separates security from the application logic, integrates a flexible and expressive policy language, enables (possibly automated) interactions with human and software agents, and boosts user awareness and cooperative enforcement of such policies.

[1]  Kaarel Kaljurand,et al.  Attempto Controlled English for Knowledge Representation , 2008, Reasoning Web.

[2]  Timothy W. Finin,et al.  A Policy Based Approach to Security for the Semantic Web , 2003, SEMWEB.

[3]  Pierangela Samarati,et al.  Regulating service access and information release on the Web , 2000, CCS.

[4]  Kent E. Seamons,et al.  Content-triggered trust negotiation , 2004, TSEC.

[5]  Piero A. Bonatti,et al.  Advanced Policy Explanations on the Web , 2006, ECAI.

[6]  Li Ding,et al.  Enhancing Web privacy protection through declarative policies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[7]  K.E. Seamons,et al.  Automated trust negotiation , 2000, Proceedings DARPA Information Survivability Conference and Exposition. DISCEX'00.

[8]  Sabrina De Capitani di Vimercati,et al.  A fine-grained access control system for XML documents , 2002, TSEC.

[9]  Kent E. Seamons,et al.  Simple Authentication for the Web , 2007, SecureComm.

[10]  Wolfgang Nejdl,et al.  Rule-based Policy Specification , 2007, Secure Data Management in Decentralized Systems.

[11]  Ninghui Li,et al.  Design of a role-based trust-management framework , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[12]  Piero A. Bonatti,et al.  Driving and monitoring provisional trust negotiation with metapolicies , 2005, Sixth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'05).

[13]  Juri Luca De Coi,et al.  Using Natural Language Policies for Privacy Control in Social Platforms , 2009, SPOT@ESWC.

[14]  Marianne Winslett,et al.  No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web , 2004, ESWS.

[15]  Kent E. Seamons,et al.  Simple Authentication for the Web , 2007, 2007 Third International Conference on Security and Privacy in Communications Networks and the Workshops - SecureComm 2007.