Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2008 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.ie An Annotation-based Access.

Published byJocelyn Moran Modified over 11 years ago

Similar presentations

Presentation on theme: "Copyright 2008 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.ie An Annotation-based Access."— Presentation transcript:

1 Copyright 2008 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.ie An Annotation-based Access Control Model and Tools for Collaborative Information Spaces Peyman Nasirifard, Vassilios Peristeras, Stefan Decker firstname.lastname@deri.org

2 Digital Enterprise Research Institute www.deri.ie Introduction Annotation-Based Access Control Use Case Scenario Collaboration Vocabulary (CoVoc) Prototypes Widget: Uncle-Share Visualization based on CoVoc terms: Who-With-Whom Conclusion and Future Work Outline

3 Digital Enterprise Research Institute www.deri.ie Current Access Control Sharing data/resources: Shared Workspaces (BSCW,NetWeaver, SharePoint, etc.) Social Networking Sites (Flickr, YouTube, del.icio.us, etc.) Sharing needs access control Current approaches: Access control lists (email contacts) Role-based access control (root, admin, user) Social-based access control (friends)

4 Digital Enterprise Research Institute www.deri.ie Problems with Current Access Control Problems with current approaches: Coarse-grained: – Private vs. Public, share with friends Fixed vocabulary, no flexibility Access control at application not at resource level Not context-aware To move from messaging to sharing: Social-awareness based access-control

5 Digital Enterprise Research Institute www.deri.ie Real-Life Access control We share resources based on social relationships we attribute to people We may share our credit card details with our parents, but not with our friends. We mentally annotate people, meaning of term may differ between people parent, supervisor, friend, close friend, director, etc. Real life model can be applied to online model Annotation-Based Access Control – more natural and flexible

6 Digital Enterprise Research Institute www.deri.ie Annotation-Based Access Control Model

7 Digital Enterprise Research Institute www.deri.ie Three Entities and Two Concepts A Person is an entity with the RDF type Person. A Person is connected to zero or more other Persons. A Person owns zero or more Resources. A Person defines zero or more Policies. An Annotation is a term or a set of terms that are connected together and aims to describe the Person. Each connection between Persons can be annotated with zero or more Annotations. A Resource is an entity with the RDF type Resource and is owned by (isOwnedBy) one or more Persons. Resources are in the form of URIs, URLs, and/or short messages. A Policy is an entity with the RDF type Policy. A Policy is defined by (isDefinedBy) one Person and belongs to (belongsTo) one Resource. A Policy has one Annotation and one Distance. A Distance is a numerical value which determines the depth that the Policy is valid. The depth is actually the shortest path among two Persons with consideration of Annotations.

8 Digital Enterprise Research Institute www.deri.ie Meta-policies (Rules) Rule 1: A Person acquires access to a Resource, if and only if (iff) s/he meets all policies that have been defined by Resource owner for that Resource. It means that the Person has been already annotated with the Annotations which are defined in the Policies and s/he is also in the scope of the Policies (i.e. Distance criteria). Rule 2: Only the Resource owner is eligible to define Policies for that Resource. Rule 3: A private Resource has zero or more Policies, whereas a public Resource has at least one Policy. Rule 4: The default Distance for Policies is one.

9 Digital Enterprise Research Institute www.deri.ie Benefits of Annotation-Based Approach Close to real-life model Simple We tried to keep the model as simple as possible – Resources have (currently) no annotations – The main focus of this model is annotating contacts rather than resources Flexible Fixed terms & Open Vocabularies (See following slides) Semantics helps for further reasoning Distance among users may be calculated All relationships are private Users can freely publish their realtionships

10 Digital Enterprise Research Institute www.deri.ie Use Case Scenario

11 Digital Enterprise Research Institute www.deri.ie Who will see what? Alice has access to her three resources and www.resource5.com via Bob, because www.resource5.com is accessible to the Bob's contacts that have been annotated as student and have maximum distance one to Bob and Alice fulfils this policy. Bob has access to his two resources and also two of Alice's resources: www.resource1.com and www.resource2.com. Tom has access to www.resource4.com which was shared via Bob to him and also www.resource2.com which was shared via Alice to him. Mary will see the short message from Alice: I_need_to_talk_to_you_please.

12 Digital Enterprise Research Institute www.deri.ie Collaboration Vocabulary CoVoc: A vocabulary for describing collaborations and e- Professionals (mainly researchers) Five main categories An e-Professional (researcher) collaborates in different projects An e-Professional (researcher) participates in different events like conferences and workshops and publishes various stuff An e-Professional (researcher) may be part of the university board An e-Professional (researcher) can be involved in industry An e-Professional (researcher) has various online (social) activities For each category, we proposed some terms writeDeliverableWith, hadCoffeeBreakWith, supervisor, CEO, readNewsOf We built RDF schema for CoVoc Extensible for future needs

13 Digital Enterprise Research Institute www.deri.ie Prototypes Enabling our approach Evalute it We used free and open source tools Annotation-Based Access Control Uncle-Share Mashups for helping users to find appropriate contacts Who-With-Whom

14 Digital Enterprise Research Institute www.deri.ie Uncle-Share Widget Login: User login or registration, including full name, user name, and password. Person: User may add, modify, and annotate contact list. Resources: User may add resources (URL/URI/short message) and assign them policies. Shared: User may see the resources that have been shared with him by others. The distance may be set in order to increase or decrease the scope of the shared resources. Settings: User and server configuration. Help: Provides a tutorial video and some technical and contact information regarding the platform.

15 Digital Enterprise Research Institute www.deri.ie Features Widget Can be embedded into any Web page or widget platform Syndication, flexibility, portability, and customization. Service Oriented Architecture (SOA) All functionalities are wrapped as services RDF triples to store data (Sesame) AJAX No additional interations with the server Suggest Box Suggests annotations to end users

16 Digital Enterprise Research Institute www.deri.ie Embedded Widget (iGoogle and BSCW)

17 Digital Enterprise Research Institute www.deri.ie Uncle-Share Architecture

18 Digital Enterprise Research Institute www.deri.ie Uncle-Share Services Handle Object: This service enables end users to register themselves to the system and/or change their passwords. Handle Connection: This service enables end users to add connections between persons; persons and resources; and persons and policies. This service enables also end users to annotate those connections with closed (Covoc) and/or open terms. Get Connection: This service enables end users to get who/what is connected to a specific person. Get Registered Users: This service returns the list of registered users. Get Social Network: This service returns the social network of authenticated user in RDF. Get Available Resources: This service returns the available resources to a specific person based on the Distance input.

19 Digital Enterprise Research Institute www.deri.ie Who-With-Whom: A mashup Social Network Visualization based on CoVoc terms Based on GraphGear (Flash) Fetches data from RDF store (e.g. Uncle-Share) Helps users to choose/come up with appropriate persons that should be granted access to resources Part of DERI collaboration network: collaboratesWith (see below)

20 Digital Enterprise Research Institute www.deri.ie Comparisons and Evaluations Role-Based Access Control (RBAC), Generalized RBAC (G-RBAC), etc. Roles and permissions are pre-defined by role engineers – Users get permissions through roles and/or role hierarchy We do not have predefined roles and permissions We have annotations – User-cetnric approch – May not be roles (from semantics point of view) – From RBAC perspective: Annotations are user-defined roles. We have graph-like connected people rather than hierarchy – Distance among two persons can be calculated and used Semantics can be used for reasoning Logic-Based Access Control Frameworks (like PROTUNE) Very powerful, but too complex for personal usage No Percentage for relationships (e.g. friend 80%) We do not label our friendships and contacts with percentages in real-life

21 Digital Enterprise Research Institute www.deri.ie Experimental Evaluation We asked 16 people to participate in an experimental evaluation Name at least 5 persons that they know Assign at least 3 annotations for each of their contacts Results 8 participants confirmed that the task was pretty easy – They use various sorts of annotations: hasADog, likesHorrorMovies, laughALot, writePaperWith, goingOutWith, worksWith, discussIdeasWith, etc. 4 participants found its difficulty medium 4 participants found it difficult – They never annotate somebody on a paper or with a software tool, however they did it mentally before – They tried to be over-cautious, as they were worried that their annotations could be further distributed (privacy issues)

22 Digital Enterprise Research Institute www.deri.ie Future Work Run an extended evaluation exercise in the context of the Ecospace IP project (Living Labs) Extend the model to include context-aware information perhaps using micro-blogs (e.g. Twitter) Using the Open Social API and other APIs to integrate it with existing CWE platforms. embed the uncle-share widget into social networking sites, such as MySpace or Orkut Prioritizing policies Context-aware term recommendations Based on statistics Statistical evalutation of CoVoc terms usage Further refinement of the terms More mashups based on user annotations Social network analysis Using this analysis in access control

23 Copyright 2008 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.ie Thank you for your attention! 23 of 4 Peyman Nasirifard, Vassilios Peristeras, Stefan Decker firstname.lastname@deri.org Try them yourself: http://epeyman.googlepages.com/ http://epeyman.googlepages.com/

Download ppt "Copyright 2008 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.ie An Annotation-based Access."

Similar presentations

EzScoreboard.com A Fully Integrated Administration Service.

EzScoreboard.com A Fully Integrated Administration Service.
Final Project Instructor: Nguyen Anh Tu Students: Tran Tien Tai Tran Tien Tai Tran Ngoc Mai Tran Ngoc Mai Tu Kim Tuan Tu Kim Tuan Nguyen Ngoc Phuong Nguyen.

Final Project Instructor: Nguyen Anh Tu Students: Tran Tien Tai Tran Tien Tai Tran Ngoc Mai Tran Ngoc Mai Tu Kim Tuan Tu Kim Tuan Nguyen Ngoc Phuong Nguyen.
PROTOTYPE Rehatch.com. Rehatch $35k total; dispersed evenly over 6 months. Captures the unique niche from the top 20 networking sites. Infused with instant.

PROTOTYPE Rehatch.com. Rehatch $35k total; dispersed evenly over 6 months. Captures the unique niche from the top 20 networking sites. Infused with instant.
automated single login access to Novell storage resources

automated single login access to Novell storage resources
Implementing Tableau Server in an Enterprise Environment

Implementing Tableau Server in an Enterprise Environment
Connecting Social Content Services using FOAF, RDF and REST Leigh Dodds, Engineering Manager, Ingenta Amsterdam, May 2005.

Connecting Social Content Services using FOAF, RDF and REST Leigh Dodds, Engineering Manager, Ingenta Amsterdam, May 2005.
Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.

Copyright © 2006 Data Access Technologies, Inc. Open Source eGovernment Reference Architecture Approach to Semantic Interoperability Cory Casanave, President.
Copyright 2006 Digital Enterprise Research Institute. All rights reserved. www.deri.ie MarcOnt Initiative Tools for collaborative ontology development.

Copyright 2006 Digital Enterprise Research Institute. All rights reserved. MarcOnt Initiative Tools for collaborative ontology development.
Michael S. Chan xLM Solutions, LLC

Michael S. Chan xLM Solutions, LLC
Copyright © 2006 Help Desk Systems, Inc. All rights reserved. Overview of Help Desk Systems Inc. (HDSI) HDSI offers a hosted, web based trouble ticket.

Copyright © 2006 Help Desk Systems, Inc. All rights reserved. Overview of Help Desk Systems Inc. (HDSI) HDSI offers a hosted, web based trouble ticket.
 Copyright 2006 Digital Enterprise Research Institute. All rights reserved. www.deri.ie The Future is Now JeromeDL A Digital Library on Social Semantic.

 Copyright 2006 Digital Enterprise Research Institute. All rights reserved. The Future is Now JeromeDL A Digital Library on Social Semantic.
IIT Kanpur Web Based Land Records Management System Prof. P.K.Kalra Developed by Department of Electrical Engineering Indian Institute.

IIT Kanpur Web Based Land Records Management System Prof. P.K.Kalra Developed by Department of Electrical Engineering Indian Institute.
Dr. Ashraf Armoush Supervisor Oday Jihad Ibrahim Tariq Ziad Yameen.

Dr. Ashraf Armoush Supervisor Oday Jihad Ibrahim Tariq Ziad Yameen.
 Copyright 2009 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.ie Tadvise: A Twitter Assistant.

 Copyright 2009 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute Tadvise: A Twitter Assistant.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
 Copyright 2008 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.ie Anatomy of a Semantic Virus.

 Copyright 2008 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute Anatomy of a Semantic Virus.
Building and Analyzing Social Networks Web Data and Semantics in Social Network Applications Dr. Bhavani Thuraisingham February 15, 2013.

Building and Analyzing Social Networks Web Data and Semantics in Social Network Applications Dr. Bhavani Thuraisingham February 15, 2013.
Web 2.0: Concepts and Applications 5 Connecting People.

Web 2.0: Concepts and Applications 5 Connecting People.
 Copyright 2009 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute www.deri.ie Extracting and Utilizing.

 Copyright 2009 Digital Enterprise Research Institute. All rights reserved. Digital Enterprise Research Institute Extracting and Utilizing.
 Copyright 2006 Digital Enterprise Research Institute. All rights reserved. www.deri.ie 1 Tools and Terms for Annotation-Based Access Control Peyman Nasirifard.

 Copyright 2006 Digital Enterprise Research Institute. All rights reserved. 1 Tools and Terms for Annotation-Based Access Control Peyman Nasirifard.

Similar presentations

Ads by Google