Semantic Web and Policy Workshop Panel Contribution Norman M. Sadeh School of Computer Science Carnegie Mellon University Director, e-Supply Chain Management.

Semantic Web and Policy WorkshopSemantic Web and Policy WorkshopPanel ContributionPanel Contribution

Norman M. Sadeh

School of Computer Science

Carnegie Mellon University

Director, e-Supply Chain Management LaboratoryDirector, Mobile Commerce Laboratory

Co-Director, COS PhD Program

2005 AAAI Fall Symposium- Slide 2Copyright ©2001-2005 N. Sadeh

Policies Are Everywhere B2B contracts

e.g. quantity flexible contracts, late delivery penalties, etc.

Negotiation e.g. rules associated with auction mechanisms

Security e.g. access control policies

Privacy Information Collection Policies (aka “ P3P Privacy

Policies”) Obfuscation Policies

Workflow management What to do under different sets of conditions

Context aware computing What service to invoke to access a particular contextual

attribute Context-sensitive preferences

2005 AAAI Fall Symposium- Slide 3Copyright ©2001-2005 N. Sadeh

Context-Sensitive Privacy & Security Policies Pervasive Computing

“My colleagues can only see the building I am in and only when they are on company premises”

Enterprise Collaboration “Only disclose inventory levels to customers with

past due shipments” DoD Scenarios (e.g. coalition forces)

“Only disclose ship departure time after the ship has left”

“Only disclose information specific to the context of ongoing joint operations”

Homeland Security & Privacy (e.g. video surveillance) “Only allow for facial recognition when a crime scene

is suspected”

2005 AAAI Fall Symposium- Slide 4Copyright ©2001-2005 N. Sadeh

Challenges in Enforcing Context-Sensitive Policies

Sources of contextual information: May not be known ahead of time

May change from one entity to another

May change over time

Examples: Different sources of location information

depending on who & where the subject is

Different sources of information to determine when supplies will arrive, depending on who the supplier is and the particular mode of transportation

2005 AAAI Fall Symposium- Slide 5Copyright ©2001-2005 N. Sadeh

Pervasive Computing Instantiation: MyCampus

Each entity has its own set of policies & policy evaluation agents

2005 AAAI Fall Symposium- Slide 6Copyright ©2001-2005 N. Sadeh

Semantic Web Approach

Interleave reasoning about policies with the dynamic identification of sources of contextual information Both explicit delegation & dynamic

discovery

Sources of contextual information modeled as Semantic Web Services

Service profiles & context-sensitive policies refer to shared ontologies

2005 AAAI Fall Symposium- Slide 7Copyright ©2001-2005 N. Sadeh

Specifying Context-Sensitive Policies

2005 AAAI Fall Symposium- Slide 8Copyright ©2001-2005 N. Sadeh

Motivating Scenario

Public ServiceDirectory Service

Personal ServiceDirectory Service

Privacy Agents

InformationDisclosure Agent

NotificationAgent

Mary’s User Agent

Mary

Personal AgentDirectory Service

Policy Repository

Service

Task-Specific Agents

Public AgentDirectory Service

White PagesDirectory Service

Bob

Company XYZ

Cell Phone Operator

Only people on my teamcan see the room I amin and only when weare in the same building

Is Bob on Mary’steam today?

2

Which building isBob in right now?3

-Is Mary allowed toask this?-Is there aservice tofind Bob’scurrent location?

4

What is the streetaddress for Bob’scurrent location?

5

What room is Mary in?1

2005 AAAI Fall Symposium- Slide 9Copyright ©2001-2005 N. Sadeh

Meta-Model for Query Processing Monitoring query processing progress

Including satisfaction of relevant policies

Meta-model information: Whether/which policy elements have (not) been

verified What facts are still missing

To verify relevant policies/answer the query What sources of information are available

Local vs. external, whether they have been identified, whether queries have been submitted and answers received

Etc.

2005 AAAI Fall Symposium- Slide 10Copyright ©2001-2005 N. Sadeh

Policy Enforcing Agent: Architecture

2005 AAAI Fall Symposium- Slide 11Copyright ©2001-2005 N. Sadeh

So, Where Do We Start?

Usability Challenges “Low Hanging Fruits”

B2B Easier to invest time in specifying policies Virtual Enterprise scenarios

Contracting, security, workflow management, pricing, and plenty of other corporate policies

Open Mobile & Pervasive Computing There’s no other way Roaming, complexity of Mobile Internet value chain, etc.

Challenges: Moving away from highly scripted trust management

protocols, usability challenges, expressiveness & computational tradeoffs, etc.

2005 AAAI Fall Symposium- Slide 12Copyright ©2001-2005 N. Sadeh

Q&A