Piero A. Bonatti, Daniel Olmedilla:
Rule-Based Policy Representation and Reasoning for the Semantic Web.

Complete Text [
.pdf, 298KB]
In: Proceedings of Summer School Reasoning Web 2007, Dresden, Germany (3rd - 7th September 2007), Organization: REWERSE, LNCS 4634, 240-268, September 2007
© Springer

The Semantic Web aims at enabling sophisticated and autonomic machine to machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the Semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate an automatic access to sensitive information. Policy-based access control provides sophisticated means in order to support protecting sensitive resources and information disclosure. However, the term policy is often overloaded. A general definition might be “a statement that defines the behaviour of a system”. However, such a general definition encompasses different notions, including security policies, trust management policies, business rules and quality of service specifications, just to name a few. Researchers have mainly focussed on one or more of such notions separately but not on a comprehensive view. Policies are pervasive in web applications and play crucial roles in enhancing security, privacy, and service usability as well. Interoperability and self-describing semantics become key requirements and here is where Semantic Web comes into play. There has been extensive research on policies, also in the Semantic Web community, but there still exist some issues that prevent policy frameworks from being widely adopted by users and real world applications. This document aims at providing an overall view of the state of the art (requirements for a policy framework, some existing policy frameworks languages, policy negotiation, context awareness, etc.) as well as open research issues in the area (policy understanding in a broad sense, integration of trust management, increase in system cooperation, user awareness, etc.) required to develop a successful Semantic Policy Framework.



	author = {Piero A. Bonatti and Daniel Olmedilla},
	title = {Rule-Based Policy Representation and Reasoning for the Semantic Web},
	booktitle = {Proceedings of Summer School Reasoning Web 2007, Dresden, Germany (3rd--7th September 2007)},
	year = {2007},
	volume = {4634},
	organization = {REWERSE},
	series = {LNCS},
	pages = {240--268},
	url = {}