1 Ontology based Policy Interoperability Dr. Latifur Khan Tahseen Al-Khateeb Mohammad Alam Mohammad Farhan Husain

2 Outline  Motivating example ←  XACML Recap  The problem of heterogeneity  OPI: Our solution to the problem  Demonstration  Future Works

3 An example scenario  Suppose there are two organizations: OrgA and OrgB, both having geo-spatial data.  Access control policy in XACML.  They form a federation and want that subjects (e.g. People, client s/w etc.) of one organization will be able to access resources (e.g. Data, file etc.) of other organization based on existing policies without any modification & human assistance

4 Problem faced  Both organizations have policies based on their own naming convention, data type Not recognized by other organization  Access request will contain organization specific keywords and data type  Requests will fail if evaluated by existing XACML processing model

5 Geo-spatial data specific improvement  For some data in case full permission cannot be given, Partial Permit can be provided  Partial Permit will essentially mean getting a part of data the request wanted to get

6 Outline  Motivating example  XACML Recap ←  The problem of heterogeneity  OPI: Our solution to the problem  Demonstration  Future Works

7 XACML: brief introduction  XACML stands for eXtensible Access Control Markup Language.  It is a declarative access control policy language implemented in XML  It also includes a processing model, describing how to interpret the policies.  Latest version 2.0 was ratified by OASIS standards organization on 1 February 2005.

8 XACML Request processing rule PDP PEP Decision request (Premise) Decision response (Conclusion) 3 2 Access request 1 5 Attributes Decision, Obligations rule PEP fulfills obligations 4 PDP – Policy Decision Point PEP – Policy Enforcement Point

9 More about XACML  Elements Attribute Function Rule Policy Policy Set  Rule effects Permit Deny

10 Rule combination algorithms Combination AlgorithmExpected Behavior Deny Override A policy is denied if a rule is encountered the effect of which is “Deny” Permit Override A policy is permitted if a rule is encountered the effect of which is “Permit” First-one-applicable The combined result is the same as the result of the first rule Only-one-applicable The combined result corresponds to the result of the unique rule which applies to the request.  If there are multiple rules in a policy, they must be combined to get a single decision. The XACML normative rule combination algorithms are :

11 An example policy  Here is a simple example Policy in the following slide. Policy target says that Policy applies to requests for High access objects (e.g. sys-admin) Policy has a Rule which applies to viewing Airport data. A request is permitted if Subject is trying to view data between 10am and 2pm.

12 Policy Target Rule Effect

13 Rule Condition

14 Outline  Motivating example  XACML Recap  The problem of heterogeneity ←  OPI: Our solution to the problem  Demonstration  Future Works

15 The problem of heterogeneity  Types of heterogeneity Naming heterogeneity Data type heterogeneity  Subjects, resources and attributes can be differently defined in different organizations  For example Network Administrator = System Admin Read = View Directory = Folder  In such case, policy of one organization is not applicable to another when they form a federation

16 Heterogeneity

17 Outline  Motivating example  XACML Recap  The problem of heterogeneity  OPI: Our solution to the problem ←  Demonstration  Future Works

18 OPI: our approach to solve the problem  In case a directly applicable policy or rule is not found for a request, we will use a domain ontology for Subjects Resources Actions

19 New rule effect: Partial Permit  We have added new rule effect: “Partial Permit” to XACML to grant request partially.  Example Grant only the outer boundary of some object e.g. airport Return a map with lower resolution than requested

20 Steps taken: Suppose, a subject of OrgA sends request to OrgB. Following steps will be taken:  Within all the policies and rules of OrgB, find the rule which has a subject of minimum semantic distance from the subject of the request in the ontology of subjects. In case of ties, find the rule among the tied rules which has a resource of minimum semantic distance from the resource of the request in the ontology of resources. In case of ties, find the rule among the tied rules which has an action of minimum semantic distance from the action of the request in the ontology of actions

21 Steps taken: (continued)  Use a semantic distance score formula to get a match score  If Score ≥ Full-effect threshold  use its effect as the outcome.  If Score ≤ Full-effect threshold & Score ≥ Partial-effect threshold & Rule-effect == Permit  Partial-permit  If Score < Partial-permit threshold  Deny  In case of multiple rules having tie, we will use rule combination algorithm specified in the policy to break the tie.

22 Steps taken:  Request Subject: SystemAdmin Resource: AIRPORT_area Action: View  Rule-1 Subject: GISAdmin Resource: AIRPORT_area Action: View Effect: Permit  Rule-2 Subject: Lkhan Resource: EMPLOYERS_point Action: View Effect: Deny  Rule-3 Subject: LowAccessSubjects Resource: AIRPORT_area Action: View Effect: Deny

23 The ontology

24 Semantic distance score formula  To find the matching similarity score between two nodes C1 and C2, we first determine their closes common parent C. Then the score S(C1,C2) is formulated as follows: S(C1, C2) =  Where len is a length operator that calculates the shortest distance between two nodes in an ontology tree and D is the overall depth of the tree.

25 Semantic distance score formula (continued)  We calculate there different score values, S S (C1, C2), S R (C1, C2), and S A (C1, C2) for subject, resource and action parameters, respectively. The score values are combined by an aggregation function where is a set of 3-ary tuples and is the set of real numbers. The function, henceforth referred to as Aggregation function, is represented as  Aggregation function result is compared against a pre-determined threshold value to resolve the policy decision. The decision could be either one of the three effects: Permit, Deny, and Partial- Permit.

26 A complete example

27

28

29 Outline  Motivating example  XACML Recap  The problem of heterogeneity  OPI: Our solution to the problem  Demonstration ←  Future Works

30 Outline  Motivating example  XACML Recap  The problem of heterogeneity  OPI: Our solution to the problem  Demonstration  Future Works ←

31 Future works:  Take all policies of all organizations into account  Address data type heterogeneity

32 Future Works:  GML rendering API in java ArcGIS shows GML data but the process is cumbersome ArcGIS does not provide API for GML display Currently, no API in any language for displaying GML data