Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.

Slides:



Advertisements
Similar presentations
ROWLBAC – Representing Role Based Access Control in OWL
Advertisements

1 Long term changes to P3P Long Term Future of P3P Workshop Giles Hogben Joint Research Centre European Commission.
TU/e technische universiteit eindhoven Hera: Development of Semantic Web Information Systems Geert-Jan Houben Peter Barna Flavius Frasincar Richard Vdovjak.
Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
Semantic Web Thanks to folks at LAIT lab Sources include :
XML Technology in E-Commerce
CS570 Artificial Intelligence Semantic Web & Ontology 2
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.
Policy Description & Enforcement Languages Anis Yousefi
The Web of data with meaning... By Michael Griffiths.
OASIS Reference Model for Service Oriented Architecture 1.0
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
W3C Finland Seminar: Semantic Web & Web Services© Kimmo RaatikainenMay 6, 2003 XML in Wireless World Kimmo Raatikainen University of Helsinki, Department.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.
ReQuest (Validating Semantic Searches) Norman Piedade de Noronha 16 th July, 2004.
BTW Information Annotation By Rudd Stevens, Jason Endo.
PROMPT: Algorithm and Tool for Automated Ontology Merging and Alignment Natalya F. Noy and Mark A. Musen.
From SHIQ and RDF to OWL: The Making of a Web Ontology Language
Privacy Policy, Law and Technology Carnegie Mellon University Fall 2007 Lorrie Cranor 1 Privacy Policy.
International User Group Information Delivery Manuals: General Overview Courtesy:This presentation is based on material provided by AEC3 and AEC Infosystems.
1 of 30 Declarative Policies for Describing Web Service Capabilities and Constraints Lalana Kagal Tim Finin Anupam Joshi University of Maryland Baltimore.
Semantic Web Technologies Lecture # 2 Faculty of Computer Science, IBA.
Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.
An OWL based schema for personal data protection policies Giles Hogben Joint Research Centre, European Commission.
Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.
An XPath-based Preference Language for P3P IBM Almaden Research Center Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu.
Intelligent Agents Meet the Semantic Web in Smart Spaces Harry Chen,Tim Finin, Anupam Joshi, and Lalana Kagal University of Maryland, Baltimore County.
Deploying Trust Policies on the Semantic Web Brian Matthews and Theo Dimitrakos.
The Semantic Web Service Shuying Wang Outline Semantic Web vision Core technologies XML, RDF, Ontology, Agent… Web services DAML-S.
SOUPA: Standard Ontology for Ubiquitous and Pervasive Applications Harry Chen, Filip Perich, Tim Finin, Anupam Joshi Department of Computer Science & Electrical.
MITREMITRE Coalition Security Policy Language Project 11 December 2000.
INF 384 C, Spring 2009 Ontologies Knowledge representation to support computer reasoning.
Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.
Integrated Development Environment for Policies Anjali B Shah Department of Computer Science and Electrical Engineering University of Maryland Baltimore.
SWETO: Large-Scale Semantic Web Test-bed Ontology In Action Workshop (Banff Alberta, Canada June 21 st 2004) Boanerges Aleman-MezaBoanerges Aleman-Meza,
1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.
Modeling  Conversation  Policies using Permissions  and  Obligations Lalana Kagal and Tim Finin University of Maryland, Baltimore County AAMAS Workshop.
Linked-data and the Internet of Things Payam Barnaghi Centre for Communication Systems Research University of Surrey March 2012.
Use of a P3P User Agent by Early Adopters Lorrie Faith Cranor Manjula Arjula Praven Guduru AT&T Labs November 2002.
Rei and Rules Tim Finin, UMBC Lalana Kagal, MIT Tim Finin, UMBC Lalana Kagal, MIT.
1 Vigil : Enforcing Security in Ubiquitous Environments Authors : Lalana Kagal, Jeffrey Undercoffer, Anupam Joshi, Tim Finin Presented by : Amit Choudhri.
Extending context models for privacy in pervasive computing environments Jadwiga Indulska The School of Information Technology and Electrical Engineering,
Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Introduction to the Course.
I2RS draft-rfernando-yang-mods.txt I2RS Yang Extensions draft-rfernando-yang-data-mods R.Fernando, P.Chinnakannan, M.Madhayyan, A.Clemm.
A Policy Based Approach to Security for the Semantic Web Lalana Kagal, Tim Finin and Anupam Joshi.
Introduction to Semantic Web Service Architecture ► The vision of the Semantic Web ► Ontologies as the basic building block ► Semantic Web Service Architecture.
1 Device Descriptions and User Profiles 인공지능연구실 정홍석.
11 Restricting key use with XACML* for access control * Zack’-a-mul.
Computational Policies in a Need to Share Environment Tim Finin University of Maryland, Baltimore County SemGrail workshop, Redmond WA, 21 June 2007.
ShareNet Integrating Trust and Privacy policy Li Ding.
1 Nov. 2, 2005 Design and Application of Rule Based Access Control Policies Huiying Li, Xiang Zhang, Honghan Wu & Yuzhong Qu Dept. Computer.
1 T. Hill Review of: ROWLBAC – Representing Role Based Access Control in OWL T. Finin, A. Joshi L. Kagal, B. Thuraisingham, J. Niu, R. Sandhu, W. Winsborough.
NSF Cyber Trust Annual Principal Investigator Meeting September 2005 Newport Beach, California UMBC an Honors University in Maryland Trust and Security.
Selected Semantic Web UMBC CoBrA – Context Broker Architecture  Using OWL to define ontologies for context modeling and reasoning  Taking.
Semantic Interoperability in GIS N. L. Sarda Suman Somavarapu.
CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ
Anupam Joshi University of Maryland, Baltimore County Joint work with Tim Finin and several students Computational/Declarative Policies.
A Semi-Automated Digital Preservation System based on Semantic Web Services Jane Hunter Sharmin Choudhury DSTC PTY LTD, Brisbane, Australia Slides by Ananta.
OWL (Ontology Web Language and Applications) Maw-Sheng Horng Department of Mathematics and Information Education National Taipei University of Education.
Web Ontology Language for Service (OWL-S)
Ontology.
Policies for Autonomy in Open Distributed Systems
On Parametric Obligation Policies: Enabling Privacy-aware Information Lifecycle Management in Enterprises IEEE Policy Workshop 2007 Marco Casassa Mont.
Enhancing Web Privacy Protection Through Declarative Policies
The Platform for Privacy Preferences Project
Presentation transcript:

Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte 1, Anupam Joshi 1, Tim Finin 1 1 2

Pranam Kolari – Policy 2005 Outline Web Privacy P3P/APPEL Motivation and Problem Description User Trust Rei Policy Language System Design Privacy Policy Specification Conclusion

Pranam Kolari – Policy 2005 Cathy on the Web Source : Cathy Guisewite via Lorrie Cranor

Pranam Kolari – Policy 2005 Cathy on the Web Source : Cathy Guisewite via Lorrie Cranor

Pranam Kolari – Policy 2005 P3P – The current solution P3P is Platform for Privacy Preferences Protocols and specification languages –P3P Schema for Websites –APPEL Schema for Clients

Pranam Kolari – Policy 2005 P3P Sample Policy <POLICY discuri=" name="policy"> <DATA <DATA ref="#business.contact-info.online.uri"> Web Privacy With P3P We keep standard web server logs. Site’s name and contact info Access disclosure Statement Human-readable explanation How data may be used Data recipients Data retention policy Types of data collected Slide Courtesy: Lorrie Cranor

Pranam Kolari – Policy 2005 APPEL APPEL is A P3P Preference Exchange Language (W3C working draft in April 2002) … … … Website P3P PolicyAPPEL User Preference

Pranam Kolari – Policy 2005 The problem …

Pranam Kolari – Policy 2005 Trusting Websites 56% of consumers don’t believe businesses keep promises 63% believe independent verification is important 62% believe existing laws and organizational practices are insufficient Consumer Confidence Trust website policies Distrust website policies Source : (Ernst and Young report 2004)

Pranam Kolari – Policy 2005 Existing Mechanisms A4Proxy

Pranam Kolari – Policy 2005 P3P/XPref … … Website P3P Policy XPref User Preference <RULE behavior=“request” condition=“/POLICY[ every $pname in STATEMENT/PURPOSE/* satisfies name($panme)=“individual-decision” and every $rname in STATEMENT/RECIPIENT/* satisfies name($rname)= “ours” ]”/> … APPEL User Preference

Pranam Kolari – Policy 2005 Low P3P Adoption

Pranam Kolari – Policy 2005 Problem Description 1.P3P policies published by websites not trusted by users 2.Low P3P adoption impedes client adoption by users 3.The languages available to describe user privacy preferences are not sufficiently expressive 4.P3P framework does not provide a coherent view of available privacy protection mechanisms to the user

Pranam Kolari – Policy 2005 Our approach …

Pranam Kolari – Policy 2005 Social Recommendations (1, 2) Note: Superscripts signify problem being addressed

Pranam Kolari – Policy 2005 Website Evaluation Ontology (1, 2) Modeling User Perspective of Trust Populating ontology with instance data –BizRate –Services for users to explicitly specify preferences Share using existing social network mechanisms (Ding 2003) DiscussionGroup serviceType 9 URI org -- popularity hasP3P hasTextPolicy hasPrivacyCertifier domainSuffix isBasedOutOf hasPolicyEnforcement lawEnforcedBy URI USA Yes US OSDN policySimilarTo owner Website Evaluation Ontology

Pranam Kolari – Policy 2005 Rei Policy Language (3)(4) Rei, a policy specification language developed by Lalana Kagal at UMBC (lkagal 2003) Encoded in (1) Prolog, (2) OWL Models deontic concepts of permissions, prohibitions, obligations and dispensations Uses meta policies for conflict resolution Uses speech acts for dynamic policy modification We used it as a policy specification language –RDF specification capability (matches that of P3P) –Dynamic Policies as future extension to our work Part content Courtesy: Lalana Kagal

Pranam Kolari – Policy 2005 Rei Policy Language (3)(4) Policy Granting Entity DeonticObject Constraint Action Boolean Simple DomainAction SpeechAct grants to deontic requirement context actor, target action precondition, effect

Pranam Kolari – Policy 2005 Rei Policy Modeling (1)(2)(3)(4) Two actors –Website –Web browser Multiple context –P3P RDF published by websites –User Context –Trust Recommendations Multiple actions with priorities –Right, Prohibition, Obligation* *(not enforced)

Pranam Kolari – Policy 2005 System Design (1)(2)(3)(4) # FOAF, Golbeck, Li ideas of Trust Trusted Agent Network # FOAF Website Recommender Network Ontologies, Trust rules Personal agents Web Server Clients publish publish (optionally) XSLT Transformer JRC Privacy Proxy * Rei Engine Privacy Expert Rei Privacy Policy (RDF based, enhancements over APPEL) P3P Policy Key Points 1.Web Sites optionally publish P3P policies 2.Clients specify privacy preferences using a policy language - Rei 3.Privacy Expert is the privacy enhancement enabler by binding together entities of the system 4.Rei Engine evaluates policies of users against website attributes 5.Website Recommender Network propagates and builds a model of websites based on reputation 6.FOAF – Enables the creation of the website recommender network

Pranam Kolari – Policy 2005 Example Policy [1] - Template.. Current policy allows access to a website … … Policy Rule Rule Actor Policy Constraint Rule Desc. Rule Action

Pranam Kolari – Policy 2005 Example Policy [1] - Constraints <constraint:SimpleConstraint rdf:about=“&wwwpolicy;domainOfServiceConstraint” constraint:subject =“&wwwpolicy;var1” constraint:predicate=“&wwwpolicy;domainOfServiceConstraint” constraint:object=“&weo;travel” /> <constraint:SimpleConstraint rdf:about=“&wwwpolicy;trustedDomainGOVconstraint” constraint:subject =“&wwwpolicy;var1” constraint:predicate=“&weo;domainSuffix” constraint:object=“&weo;gov” /> … Policy Constraint

Pranam Kolari – Policy 2005 Example Policy [2] - Obligation <policy:Policy rdf:about="&wwwpolicy;obligationexample" … ….. … … Obligation Right

Pranam Kolari – Policy 2005 Example Policy [3] - Priority … … Default Explicit Rules

Pranam Kolari – Policy 2005 Closing Remarks Evaluation of trust based recommender systems Web browser adopting enhanced framework – clients with FOAF based spam filtering –Policy Engines –User Context Manager Ontologies from the Semantic Web –Development of common shared ontologies for user trust and context – FOAF, SOUPA

Pranam Kolari – Policy 2005 Conclusion The utility of an existing policy language in a highly complex policy engineering domain Policy engineering and enforcement in Web Privacy offers many challenges –Enforcing Obligations –Engineering Delegation Logic using Speech Acts and subsequent enforcement

Pranam Kolari – Policy 2005 Questions ?? Paper and Presentation Available at:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.