Semantic Web Technologies to Reconcile Privacy and Context Awareness
advertisement
Semantic Web Technologies to Reconcile Privacy and Context Awareness Norman M. Sadeh ISRI- School of Computer Science Carnegie Mellon University Pittsburgh, PA - USA Copyright ©2001-2004 Norman Sadeh Mobility Challenge Can no longer assume the user’s undivided attention Time critical nature of many tasks Limited input/output functionality Copyright ©2001-2004 Norman Sadeh Context Awareness …All this argues for: Higher levels of automation Context awareness …True also in fixed Internet scenarios Copyright ©2001-2004 Norman Sadeh Sources of Contextual Information A user’s context information is distributed across a number of disparate resources Calendar Location tracking Address book Buddy lists Weather Available resources vary from one user to another …and over time e.g. roaming across different networks Copyright ©2001-2004 Norman Sadeh Vision A growing collection of context-aware agents that users can buy or subscribe to Personal resources modeled as Semantic Web services Service profile Each user has a Semantic eWallet Automated identification and access of a user’s personal resources subject to privacy preferences Copyright ©2001-2004 Norman Sadeh Semantic Web Approach Ontologies to explicitly represent and reason about: Personal/Contextual Resources Location tracking, calendar, organizational resources, messaging resources, preferences, etc. Contextual attributes e.g. location, calendar activities, social or organizational context, etc. Preferences, incl. privacy preferences: Access control preferences “Obfuscation” rules Web services Automated service identification and access Copyright ©2001-2004 Norman Sadeh Personal Resource Ontology: An Example Personal Resource IS-A Location Information Resource Activity Information Resource List of Friends INSTANCE CMU Location Tracking Microsoft Outlook Calendar Sprint PCS Location Tracking Copyright ©2001-2004 Norman Sadeh MyCampus Project Motivation: Campus as “everyday life microcosm” Objective: Enhance campus life through context-aware services accessible over the WLAN Methodology: Involve stakeholders in the design Students and other members of the community Evaluate and extrapolate to other environments Mobile Commerce, Mobile Enterprise, etc. Copyright ©2001-2004 Norman Sadeh Overall Architecture Semantic Web-enabled Context Resources Calendar Contextual Ontologies User’s Personal Environment e-Wallet Location Tracking Personal Resource Directory (incl. Privacy Pref.) Personal Preference Ontologies Personal Resource Ontologies Service Ontologies Internet and Intranet Semantic Web-enabled Services Semantic Web Service Directory Wireless LAN Social Context Preferences Task-Specific Agents Copyright ©2001-2004 Norman Sadeh Semantic eWallet Context-independent knowledge Name, email address, context-independent preferences Context-dependent knowledge “When driving, I don’t want to receive instant messages” Service invocation rules Automated service identification and access Map contextual attributes onto different resources (personal and public) Privacy rules Access control rules “Only my classmates can see my location” Obfuscation rules “My classmates can only see the building I am in but not the actual room” Copyright ©2001-2004 Norman Sadeh Location Tracking as Web Service Location Tracking as a Web Service Copyright ©2001-2004 Norman Sadeh Query context Query assertion Asserting elementary needs for Pre-check authorized information access rights eResult Assertion of authorized knowledge Application of obfuscation rules Fetch useful static knowledge Call relevant external services Post-check access rights Example : Query from John inquiring about Mary’s location the sender of the query is John John’s query requires accessing Mary’s location 1.Is John allowed to see Mary’s location given what we know about the context of the query? 2.Mary said she only allows colleagues to see her location when she is on campus 3.John is a colleague of Mary Access location tracking functionality or Mary’s calendar Is Mary on campus? Mary is willing to disclose the building but not the room she is in Mary is in Smith Hall Copyright ©2001-2004 Norman Sadeh User Interaction Agent Agent Management Agent (FIPA) e-Wallet Manager Agent Ontologist Agent FIPA ACL messages and OWL Content Directory Facilitator Agent (FIPA) Task-Specific Agents JADENorman platform Copyright ©2001-2004 Sadeh HTTP Request User Interaction Agent Agent Management Agent (FIPA) e-Wallet Manager Agent Ontologist Agent FIPA ACL messages and OWL Content Directory Facilitator Agent (FIPA) Task-Specific Agents JADENorman platform Copyright ©2001-2004 Sadeh Design of an e-Wallet Three-layer architecture: security through typing Core knowledge: User static & contextsensitive knowledge Service Layer: Automatic identification and invocation of external sources of knowledge (e.g. public web services and and personal resources) Privacy layer: Enforces privacy rules access control & obfuscation All facts represented in OWL Backward chaining migration rules: privacy rules, service rules, static migration rules privacy service Core Knowledge query answer Copyright ©2001-2004 Norman Sadeh Design of an e-Wallet Three-layer architecture: security through typing Core knowledge: user static & contextsensitive knowledge Service Layer: automatic identification and invocation of personal and public semantic web services Privacy layer: enforces privacy rules access control obfuscation rules Query context Query assertion Result privacy service Core Knowledge query answer Asserting elementary needs for Pre-check authorized information access rights Fetch useful static knowledge Assertion of authorized knowledge e- Application of obfuscation rules Call relevant external services Post-check access rights Copyright ©2001-2004 Norman Sadeh Implementation Details OWL Meta-model in CLIPS Ontology in OWL & Ontology stylesheet Ontology in CLIPS Annotation in OWL & Annotation stylesheet Annotation in CLIPS Rule in (R)OWL & Rule stylesheet Rule in CLIPS Services in (W)OWL & Service stylesheet Service rule in CLIPS Privacy in (S)OWL & Privacy stylesheet Privacy rule in CLIPS Query in (Q)OWL & Query stylesheet Query rules in CLIPS XSLT Engine Result in OWL JESS Copyright ©2001-2004 Norman Sadeh Visualizing & Editing Preferences Visualizing & editing a privacy rule Copyright ©2001-2004 Norman Sadeh Editing Based on Existing Ontologies Copyright ©2001-2004 Norman Sadeh Obfuscation Example User location finder City block level City level level Copyright ©2001-2004 Norman Sadeh Slide Projector Agent Copyright ©2001-2004 Norman Sadeh Empirical Evaluation Initial prototype working on Carnegie Mellon’s campus Restaurant concierge agent, message filtering agent, etc. Integration with calendar, location tracking, user profile, etc. Evaluation Context awareness adds value Requires access to a broad range of resources/attributes Privacy concerns have to be addressed Additional validation on context-aware enterprise and DoD applications Copyright ©2001-2004 Norman Sadeh Concluding Remarks Context awareness helps overcome the limitations of mobile devices and the time criticality of mobile scenarios Context awareness makes privacy even more critical Our experiments indicate that user preferences are often complex Incl. context-sensitive preferences Capturing these preferences is far from trivial Default profiles, learning, dialogs, How far can we go? Semantic Web approach Allows for policies that refer to concepts introduced in any number of domain-specific ontologies Opportunities for reconciliation with P3P/APPEL Copyright ©2001-2004 Norman Sadeh Q&A Source:http://www.firstmonday.org/issues/issue 4_9/odlyzko/index.html Copyright ©2001-2004 Norman Sadeh
