Policy Aware Web: Fact or Fiction ?

Lalana Kagal

Decentralized Information Group
MIT Computer Science and Artificial Intelligence Laboratory


Policy-Awareness Usecase

  • Sen. Barack Obama's passport file improperly accessed
  • Not a question of access control - the contractors and trainees had access to this passport info
  • Usage control
    • What purpose are you accessing it for ?
  • Violation caught because system logged accesses to high profile individuals
    • Worked because it was a closed system
    • Logging policy not explicit
    • Policies not well defined - what constitutes high profile individuals
  • What if passport info was used to access tax returns in IRS database ?

Barack Obama
Image courtesy of CNN

PAW Challenges

  • Web-scale policy reasoning and integration
    • Narrow domains such as Flickr as well as large-scale data integration
    • Simple policy languages for web-scale systems as well as expressive languages for smaller systems
  • Policy interoperability
  • Usability
    • ease of policy authoring
    • seamless interaction with existing infrastructures
Virgin Mobile Ad with CC licenses
Image courtesy of http://www.flickr.com/photos/sesh00/

SW Applications
Image courtesy of TimBL

PAW Challenges

Rules are for handling
       bad people
Image courtesy of Adventure Quest http://www.battleon.com/

PAW Challenges

Screen shot of Justification UI
   for AIR Reasoner

Panel Questions

Panel Questions

  • Will the Semantic Web help or hinder?
    • Semantic Web technologies can cause information leakage as they can be used to discover information linkages
      • Do not disclose my HIV status
      • Ontology states that drug B is only used to treat HIV
      • You tell someone I take drug B
    • SW advantages
      • Grounding in a common model
      • Integration
      • Interoperability

Biopax ontology
Image courtesy of TimBL

Panel Questions

  • How will users trust the policy-aware web?
    • Social regulations that provide legal support for holding policy violators accountable
    • Explanations for policy decisions allow users to understand how the results were obtained

Lady of Justice

Panel Questions

  • What standards need to be developed?
  • Having a standard policy language with well understood semantics seems to the easiest approach. Is this the best way to start ?
    • RIF dialect for policy - P-RIF
      • Specialized for policy interoperability
    • A policy language must be serializable in P-RIF in order to be supported within PAW
    • Allows policy languages of varying expressivity

W3C logo

More Information

Creative Commons License