Page 1
Semantic Web and Policy WorkshopSemantic Web and Policy WorkshopPanel ContributionPanel Contribution
Norman M. Sadeh
School of Computer Science
Carnegie Mellon University
Director, e-Supply Chain Management LaboratoryDirector, Mobile Commerce Laboratory
Co-Director, COS PhD Program
Page 2
2005 AAAI Fall Symposium- Slide 2Copyright ©2001-2005 N. Sadeh
Policies Are Everywhere B2B contracts
e.g. quantity flexible contracts, late delivery penalties, etc.
Negotiation e.g. rules associated with auction mechanisms
Security e.g. access control policies
Privacy Information Collection Policies (aka “ P3P Privacy
Policies”) Obfuscation Policies
Workflow management What to do under different sets of conditions
Context aware computing What service to invoke to access a particular contextual
attribute Context-sensitive preferences
Page 3
2005 AAAI Fall Symposium- Slide 3Copyright ©2001-2005 N. Sadeh
Context-Sensitive Privacy & Security Policies Pervasive Computing
“My colleagues can only see the building I am in and only when they are on company premises”
Enterprise Collaboration “Only disclose inventory levels to customers with
past due shipments” DoD Scenarios (e.g. coalition forces)
“Only disclose ship departure time after the ship has left”
“Only disclose information specific to the context of ongoing joint operations”
Homeland Security & Privacy (e.g. video surveillance) “Only allow for facial recognition when a crime scene
is suspected”
Page 4
2005 AAAI Fall Symposium- Slide 4Copyright ©2001-2005 N. Sadeh
Challenges in Enforcing Context-Sensitive Policies
Sources of contextual information: May not be known ahead of time
May change from one entity to another
May change over time
Examples: Different sources of location information
depending on who & where the subject is
Different sources of information to determine when supplies will arrive, depending on who the supplier is and the particular mode of transportation
Page 5
2005 AAAI Fall Symposium- Slide 5Copyright ©2001-2005 N. Sadeh
Pervasive Computing Instantiation: MyCampus
Each entity has its own set of policies & policy evaluation agents
Page 6
2005 AAAI Fall Symposium- Slide 6Copyright ©2001-2005 N. Sadeh
Semantic Web Approach
Interleave reasoning about policies with the dynamic identification of sources of contextual information Both explicit delegation & dynamic
discovery
Sources of contextual information modeled as Semantic Web Services
Service profiles & context-sensitive policies refer to shared ontologies
Page 7
2005 AAAI Fall Symposium- Slide 7Copyright ©2001-2005 N. Sadeh
Specifying Context-Sensitive Policies
Page 8
2005 AAAI Fall Symposium- Slide 8Copyright ©2001-2005 N. Sadeh
Motivating Scenario
Public ServiceDirectory Service
Personal ServiceDirectory Service
Privacy Agents
InformationDisclosure Agent
NotificationAgent
Mary’s User Agent
Mary
Personal AgentDirectory Service
Policy Repository
Service
Task-Specific Agents
Public AgentDirectory Service
White PagesDirectory Service
Bob
Company XYZ
Cell Phone Operator
Only people on my teamcan see the room I amin and only when weare in the same building
Is Bob on Mary’steam today?
2
Which building isBob in right now?3
-Is Mary allowed toask this?-Is there aservice tofind Bob’scurrent location?
4
What is the streetaddress for Bob’scurrent location?
5
What room is Mary in?1
Page 9
2005 AAAI Fall Symposium- Slide 9Copyright ©2001-2005 N. Sadeh
Meta-Model for Query Processing Monitoring query processing progress
Including satisfaction of relevant policies
Meta-model information: Whether/which policy elements have (not) been
verified What facts are still missing
To verify relevant policies/answer the query What sources of information are available
Local vs. external, whether they have been identified, whether queries have been submitted and answers received
Etc.
Page 10
2005 AAAI Fall Symposium- Slide 10Copyright ©2001-2005 N. Sadeh
Policy Enforcing Agent: Architecture
Page 11
2005 AAAI Fall Symposium- Slide 11Copyright ©2001-2005 N. Sadeh
So, Where Do We Start?
Usability Challenges “Low Hanging Fruits”
B2B Easier to invest time in specifying policies Virtual Enterprise scenarios
Contracting, security, workflow management, pricing, and plenty of other corporate policies
Open Mobile & Pervasive Computing There’s no other way Roaming, complexity of Mobile Internet value chain, etc.
Challenges: Moving away from highly scripted trust management
protocols, usability challenges, expressiveness & computational tradeoffs, etc.
Page 12
2005 AAAI Fall Symposium- Slide 12Copyright ©2001-2005 N. Sadeh
Q&A