1 DataSpace MIT Decentralized Information Group Tim Berners-LeeDanny Weitzner Lalana KagalGerry Sussman Hal Abelson Visitors: Joe Pato (HP)Latanya Sweeney (CMU) Collaborators: Joan Feigenbaum (Yale) Jim Hendler & Deb McGuinness (RPI) Wendy Hall & Nigel Shadbolt (Southampton)

3 Policy Awareness on the World-Wide Web Problem: – Maintaining data use policies (privacy, security, ownership, compliance) becomes infeasible as data bases become increasingly interconnected via the Web Idea – Tag information on the web with metadata that expresses policy –Use Semantic Web infrastructure so that metadata schemes are open an extensible – Develop rules and reasoning mechanisms that check for adherence with policy – Evaluate policies with reference to user preferences, user data, Web data, operating context Benefits – Enables flexible, decentralized approach to policy management – Permits local control (vs. global authorities) – Can deal with contexts where access control is insufficient.

4 Information Accountability: When information has been used, it should to possible to determine what happened, and to pinpoint use that is inappropriate

5 Augmenting information architecture to support accountability Information is annotated with provenance that identifies its source. Data transfers and uses are logged so that chains of transfers have audit trails Databases and data providers supply machine-readable policies that govern permissible uses of the data. Automated reasoning engines use policies to determine whether data use is appropriate. Reasoning preserves context information and justifications supported by truth-maintenance systems. As data items are combined, the usage rules governing the combinations are automatically deduced by means of a data-purpose algebra Users of manipulate information via policy-aware interfaces that can enforce policies and/or signal non-compliant uses.

6 Use Case: Sharing of Data in Fusion Centers Sender: Mia Analysa of Commonwealth Fusion Center Data: Request for Information regarding Robert Guy Receiver: Fedd Agenti of DHS Is this allowed under policies of involved parties ?

7 Policy reasoning result in Justification UI

8 Exploring Policy Reasoning Results

9

10 AIR: A Policy Language for Usage Rules :Rule1 a air:Belief-rule; air:variable :U2; air:variable :P2; air:variable :AP; air:label "FirstAIRRule"; air:pattern { :U2 a air:UseEvent; :refers-to [ a mit:ProxCardEvent ]; :purpose P2; :UseEvent :allowed-purposes :AP. :P2 is-member-of :AP }; air:assert { :U2 :validPurpose :P2 }.

MIT enforces privacy policy at constraint:.... :CU0002UserPrivacy a policy:Policy; policy:context :MITLibrariesPrivacyPolicy; policy:grants :UserProvdePersonalInfo; policy:grants :UsePersonalInfo; policy:grants :DoNotDisclosePersonalInfo; policy:grants :DoRemovePersonalInfo. :UserProvidePersonalInfo a deontic:Obligation; deontic:actor :varPerson; deontic:action :ProvidePersonalInfo; deontic:context :EventParticipationAndAlertSubscription; policy:desc "DSpace requires users to provide personal information if they: 1. are involved in the submission of DSpace content and metadata 2. subscribe to the DSpace alerting service". :ProvidePersonalInfo a action:Action; a history:ModifyMetadata; action:actor :varPerson; action:target :varPersonInfo; policy:desc "Provide Personal Information is the act of supplying the metadata recorded as an EPerson's object in DSpace.". A snippet of DSpace policy, expressed in REI