Add to collection(s) Add to saved
  1. Arts & Humanities
  2. Communications

The Virtuous Circle of Expressing Authorization Policies David Chadwick, University of Kent

advertisement 
The Virtuous Circle of Expressing
Authorization Policies
David Chadwick, University of Kent
Angela Sasse, University College London
Introduction
• A 20 month UK EPSRC funded project with the following very
ambitious objectives
• Create a complete ontology for authorisation policies for eScience projects that incorporates all words and phrases used
by both novices and experts e.g. credentials, subjects, targets,
as well as more complex concepts such as obligations,
delegation and recognition of authority. Synonyms and
antonyms will be identified, as well as the relationships between
the terms;
• Build a natural language policy creating interface that will use
the ontology and grammar templates to interpret the input
sentences and create a machine representation of the policy in
memory
• Convert the machine representation back to natural language
for display to the user
• Output the machine representation through a backend compiler
into two commonly used XML policy syntaxes (XACML and
PERMIS) ready for input to PDPs
The Virtuous Circle of Policy
Specification
Human
Intention
Transcription
Improve
understanding
Virtuous Circle
Human
Readable
Policy
Machine
parsing and processing
Machine
transliteration
Diagnostic
Display
Machine
Processable
Policy
Validation checking
Background
• Already had some experience of building an
authorisation policy GUI, but first efforts were a
failure when “average” users tried to use it to
create policies, since the GUI used security terms
(jargon) familiar to professionals e.g. subject,
action, domain, target etc. but users did not
understand them
• Led to experiments to capture the best words and
short phrases that had the correct semantics for
“average” users
• These were then used in the GUI
e.g. Subject Domain → “where users are from”
Current Project
• Replace current GUI with natural language
interface, then convert ontology into XML
policy for use by XACML and PERMIS PDPs
• Compare and contrast the performance of
both interfaces for capturing user’s intentions
• Add natural language output to both tools
• We are using the GATE/CLIE NLP software
from University of Sheffield as the basis to
capture the ontology of the user’s policy
Controlled Language Information
Extraction tool (CLIE)
•
•
•
•
Is capable of:
Definition of new classes
Creation of class hierachies
Definitions of object and data type
properties
• Creation of object class instances
• Setting of property values for instances
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
•
Example of CLIE input/output
There are policies.
“My AC policy” is a policy.
There are resources and users.
David is a user.
Printer is a type of resource.
“HP Laserjet4” is a printer.
There are domains.
Kent is a domain.
There are “User Account Administrators”.
Peter is a User Account Administrator.
There are actions and parameters.
Print is an action.
Delete is an action.
Pause and resume are actions.
“No of pages” is a parameter.
Actions have parameters.
Print has action with value “No of pages”.
There are roles.
Student is a role.
Staff is a role.
Resources have actions.
“HP Laserjet4” has action with value print.
“HP Laserjet4”has action with value delete.
“HP Laserjet4” has action with value pause.
“HP Laserjet4” has action with value resume
Seeing Object Properties
• You need to click on an object to view its properties
Current limitations of CLIE
• Cannot specify relationships between objects
except the HAS relationship which is built in
– E.g. Resource HAS action
• We need to be able to specify other verbs as
relationship types
– E.g. Administrator CAN ASSIGN Roles, Project Leaders
CAN ACCESS Printers
• We need to create reserved vocabulary such as
– IF for conditions
– Operators such as EQUALS, GREATER THAN, LESS
THAN etc.
• We will need to decide how to handle more
complex concepts such as Obligations
Producing NL output
• We use XSLT to convert the XML policy
into natural language
• First version has been produced by
domain experts (Bad!!) and is very
verbose
• Shortly this will be tested on users and
vocabulary changed to match user’s
expected semantics
Future Work
• Complete the collection of a full authorisation
“meta” ontology
• Obtain “average” user understanding of terms
to produce synonyms, antonyms etc.
• Work with University of Sheffield to enhance
their NLP tools to provide more features
• Trial the NLP interface with e-Science users
• Build back end compilers to produce XML
authorisation policies for PDPs
• Document and release as Open Source
Any questions?
• You can contact me at
d.w.chadwick@kent.ac.uk
• You can read about our projects at
http://www.cs.kent.ac.uk/research/groups/iss/index.html
Related documents
Ontology and Natural Language
Ontology and Natural Language
Metaphysics Question Pool
Metaphysics Question Pool
In this activity, you will diagram a business ontology model.
In this activity, you will diagram a business ontology model.
algemene presentatie Universiteit Utrecht
algemene presentatie Universiteit Utrecht
Download
advertisement