Access Control on Semantic Web Data Using Query Rewriting

Access Control on Semantic Web Data Using Query Rewriting

Jian Li (Hong Kong Baptist University, China) and William K. Cheung (Hong Kong Baptist University, China)
DOI: 10.4018/978-1-4666-1577-9.ch008


Semantic Web technologies allow on-line resources to be semantically annotated to support more effective and intelligent online services. However, ontologies sometimes may contain sensitive information. Providing access to them requires proper control to ensure the data protection requirement. Yet, the protection should not be too restrictive to make the access management inflexible. While there has been recent work on policy-based access control, in this paper, the authors present a policy representation specifically for access control on ontology-based data and explain how issues like policy propagation and policy conflict resolution are addressed. The authors present bucket-based query rewriting algorithms for realizing the access control policies to avoid sensitive resources leakage in the context of the Semantic Web. The authors validate the correctness of the proposed mechanisms by going through some illustrative examples in detail.
Chapter Preview

2 A Brief Overview On Semantic Web

The vision of the Semantic Web (Berners-Lee, et al., 2001) is to have on-line resources expressed in a machine understandable format so that they can be interpreted and used by software agents. The ultimate goal is to enable Web users to find, share, integrate and thus reason on distributed information or knowledge more effectively. In the Semantic Web, ontology is one of the key concepts where entities and relationships intended to be modeled within some domains are described or posited as a form of knowledge. “Concept” and “role” are the two common terms used to refer to the two modeling elements in ontologies. Concepts (also called classes) refer to the abstract definitions of entities within the domain, whereas roles express the relationships between entities. On-line resources annotated with the labels of concepts are generally termed as instances of these concepts. Figure 1 shows a simple ontology about the domain of weapons, where concepts (e.g., “Weapon” and “Missile”) are annotated using ellipses, “subclass” roles and other user defined roles (e.g., “HasRange”) are annotated using dashed and solid lines respectively, and individual values are annotated using rectangles (e.g., “Liquid Fuel” and “Solid Fuel”). Resources about missiles can then be described accordingly using instances of concepts defined in this ontology.

Complete Chapter List

Search this Book: