Ontology based Policy
Interoperability
Dr. Latifur Khan
Tahseen Al-Khateeb
Mohammad Alam
Mohammad Farhan Husain
1
Outline






Motivating example ←
XACML Recap
The problem of heterogeneity
OPI: Our solution to the problem
Demonstration
Future Works
2
An example scenario
 Suppose there are two organizations: OrgA
and OrgB, both having geo-spatial data.
 Access control policy in XACML.
 They form a federation and want that
 subjects (e.g. People, client s/w etc.) of one
organization will be able to access resources
(e.g. Data, file etc.) of other organization based
on existing policies without any modification &
human assistance
3
Problem faced
 Both organizations have policies
based on their own naming
convention, data type
 Not recognized by other organization
 Access request will contain
organization specific keywords and
data type
 Requests will fail if evaluated by
existing XACML processing model
4
Geo-spatial data specific
improvement
 For some data in case full permission
cannot be given, Partial Permit can
be provided
 Partial Permit will essentially mean
getting a part of data the request
wanted to get
5
Outline






Motivating example
XACML Recap ←
The problem of heterogeneity
OPI: Our solution to the problem
Demonstration
Future Works
6
XACML: brief introduction
 XACML stands for eXtensible Access
Control Markup Language.
 It is a declarative access control policy
language implemented in XML
 It also includes a processing model,
describing how to interpret the policies.
 Latest version 2.0 was ratified by OASIS
standards organization on 1 February 2005.
7
XACML Request processing
PDP
Attributes
2
Decision request
(Premise)
rule
rule
rule
3
Decision response
(Conclusion)
1
Access request
4
Access request
Decision,
Obligations
PEP
PDP – Policy Decision Point
PEP – Policy Enforcement Point
5
PEP fulfills obligations
8
More about XACML
 Elements





Attribute
Function
Rule
Policy
Policy Set
 Rule effects
 Permit
 Deny
9
Rule combination algorithms
 If there are multiple rules in a policy, they must be
combined to get a single decision. The XACML
normative rule combination algorithms are:
Combination Algorithm
Expected Behavior
Deny Override
A policy is denied if a rule is
encountered the effect of which
is “Deny”
Permit Override
A policy is permitted if a rule is
encountered the effect of which
is “Permit”
First-one-applicable
The combined result is the
same as the result of the first
rule
Only-one-applicable
The combined result
corresponds to the result of the
unique rule which applies to the
10
request.
An example policy
 Here is a simple example Policy in the
following slide.
 Policy target says that Policy applies to
requests for High access objects (e.g.
sys-admin)
 Policy has a Rule which applies to
viewing Airport data.
 A request is permitted if Subject is trying
to view data between 10am and 2pm.
11
Policy Target
Rule Effect
12
Rule
Condition
13
Outline






Motivating example
XACML Recap
The problem of heterogeneity ←
OPI: Our solution to the problem
Demonstration
Future Works
14
The problem of heterogeneity
 Types of heterogeneity
 Naming heterogeneity
 Data type heterogeneity
 Subjects, resources and attributes can be
differently defined in different organizations
 For example
 Network Administrator = System Admin
 Read = View
 Directory = Folder
 In such case, policy of one organization is
not applicable to another when they form a
federation
15
Heterogeneity
16
Outline






Motivating example
XACML Recap
The problem of heterogeneity
OPI: Our solution to the problem ←
Demonstration
Future Works
17
OPI: our approach to solve the
problem
 In case a directly applicable policy or
rule is not found for a request, we will
use a domain ontology for
 Subjects
 Resources
 Actions
18
New rule effect: Partial Permit
 We have added new rule effect:
“Partial Permit” to XACML to grant
request partially.
 Example
 Grant only the outer boundary of some
object e.g. airport
 Return a map with lower resolution than
requested
19
Steps taken:
Suppose, a subject of OrgA sends request to OrgB.
Following steps will be taken:
 Within all the policies and rules of OrgB, find the rule
which has a subject of minimum semantic distance
from the subject of the request in the ontology of
subjects.
 In case of ties, find the rule among the tied rules
which has a resource of minimum semantic distance
from the resource of the request in the ontology of
resources.
 In case of ties, find the rule among the tied rules
which has an action of minimum semantic distance
from the action of the request in the ontology of
actions
20
Steps taken: (continued)
 Use a semantic distance score formula to
get a match score
 If Score ≥ Full-effect threshold  use its
effect as the outcome.
 If Score ≤ Full-effect threshold & Score ≥
Partial-effect threshold & Rule-effect ==
Permit  Partial-permit
 If Score < Partial-permit threshold  Deny
 In case of multiple rules having tie, we will
use rule combination algorithm specified in
the policy to break the tie.
21
Steps taken:








Subject: SystemAdmin
Resource:
AIRPORT_area
Action: View



Subject: GISAdmin
Resource: AIRPORT_area
Action: View
Effect: Permit
Rule-2


Request


Rule-1
Subject: Lkhan
Resource:
EMPLOYERS_point
Action: View
Effect: Deny
Rule-3




Subject: LowAccessSubjects
Resource: AIRPORT_area
Action: View
Effect: Deny
22
The ontology
23
Semantic distance score formula
 To find the matching similarity score between
two nodes C1 and C2, we first determine
their closes common parent C. Then the
score S(C1,C2) is formulated as follows:
S(C1, C2) =
 log
len( C 1,C )  len( C ,C 2 )
2D
 Where len is a length operator that calculates
the shortest distance between two nodes in
an ontology tree and D is the overall depth of
the tree.
24
Semantic distance score formula
(continued)
 We calculate there different score values, SS(C1,
C2), SR(C1, C2), and SA(C1, C2) for subject,
resource and action parameters, respectively. The
score values are combined by an aggregation
function :    where is a set of 3-ary tuples and
is the set of real numbers. The function,
henceforth referred to as Aggregation function, is
represented as
 Aggregation function result is compared against a
pre-determined threshold value to resolve the
policy decision. The decision could be either one
of the three effects: Permit, Deny, and PartialPermit.
( SS , SR, SA)  SS  SR  SA
25
A complete example
26
27
28
Outline






Motivating example
XACML Recap
The problem of heterogeneity
OPI: Our solution to the problem
Demonstration ←
Future Works
29
Outline






Motivating example
XACML Recap
The problem of heterogeneity
OPI: Our solution to the problem
Demonstration
Future Works ←
30
Future works:
 Take all policies of all organizations
into account
 Address data type heterogeneity
31
Future Works:
 GML rendering API in java
 ArcGIS shows GML data but the process
is cumbersome
 ArcGIS does not provide API for GML
display
 Currently, no API in any language for
displaying GML data
32