Design and Application of Rule Based
Access Control Policies
Huiying Li, Xiang Zhang, Honghan Wu & Yuzhong Qu
xzhang@seu.edu.cn
Dept. Computer Science & Engineering
Southeast University, China
Nov. 2, 2005
1
Outline
Our Idea
Semantic Web Rule Language
Model Design
Use Cases
Conclusion and Future Work
Nov. 2, 2005
2
Our Idea
Requirements of WonderSpace
Express access control policies with powerful
expressive ability.
Semantic Web Rule Language (SWRL)
A Horn clause rules extension to OWL
proposed in 2004.
Nov. 2, 2005
3
What is the Idea
Express access control policies based on
OWL and SWRL
OWL: ontology
SWRL: rule
Friend of a Friend (FOAF)
Information about people
Nov. 2, 2005
4
Semantic Web Rule Language
SWRL extends OWL DL by adding a
simple form of Horn-style rules for the
purpose of enhancing expressive ability
The form of a rule
antecedent  consequent.
Nov. 2, 2005
5
Semantic Web Rule Language
The antecedent and consequent of a rule
consist of zero or more atoms.
Atoms can be the form of C(x), P(x, y),
Q(x, z), sameAs(x, y) or differentFrom(x,
y)
An typical example:
parent(?a, ?b)  brother(?b, ?c) 
uncle(?a, ?c). It is true in China…
Nov. 2, 2005
6
Model Design - Ontology
Assertion about what kinds of agents are
permitted/prohibited to access to what
kinds of resources
Nov. 2, 2005
7
Model Design - Ontology
Nov. 2, 2005
8
Model Design - Ontology
Nov. 2, 2005
9
Model Design - Rule
Give more explicit meaning to properties
member(?z, ?x)  member(?z, ?y) 
Person(?x)  Person(?y) 
sameGroupOf(?x, ?y)
Nov. 2, 2005
10
Model Design - Rule
Express access control policies
member(wonderspace, ?x) 
isPermittedtoRead(?x, somePaper)
Nov. 2, 2005
11
Use Case
Jack published a note about a project plan and
asserted that the members of WonderSpace
group could read this plan, while the members
of his group could edit it online.
member(?z, ?x)  member(?z, ?y)  Person(?x) 
Person(?y)  sameGroupOf(?x, ?y)
 memberOf(?x,WonderSpace)  isPermittedtoRead (?x,
plan),
 sameGroupOf(?y, Jack)  isPermittedtoEdit(?y, plan).
Nov. 2, 2005
12
Conclusion and Future Work
Prove Our Concept:
OWL + SWRL for Access Control Policy
Policy Confliction
Policy Enforcement
Trustworthy of the information source
Operational semantics of the policy language.
Nov. 2, 2005
13
Main References
 I. Horrocks, P. F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, and
M. Dean: SWRL: A semantic web rule language combining owl and
ruleml. W3C Member Submission, 21 May 2004.
 J. M. Bradshaw, S. Dutfield, P. Benoit, and J. D. Woolley:KAoS:
Toward An Industrial-Strength Open Agent Architecture. Software
Agents, J.M. Bradshaw (ed.), AAAI Press (1997) 375-418
 L. Kagal, T. Finin, and A. Joshi: A policy language for a pervasive
computing environment. IEEE 4th International Workshop on Policies
for Distributed Systems and Networks (2003).
 P.F. Patel-Schneider, P. Hayes, I. Horrocks (eds.): OWL: Web
Ontology Language Semantics and Abstract Syntax. W3C
Recommendation 10 February 2004.
 P. Hayes (ed.): RDF Semantics. W3C Recommendation 10 February
2004.
Nov. 2, 2005
14
Thank you !
Nov. 2, 2005
15