PPO & PPM 2.0: Extending the Privacy Preference Framework
-
Upload
owen-sacco -
Category
Technology
-
view
199 -
download
1
description
Transcript of PPO & PPM 2.0: Extending the Privacy Preference Framework
Copyright 2011 Digital Enterprise Research Institute. All rights reserved.
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
PPO & PPM 2.0: Extending the Privacy Preference
FrameworkOwen Sacco and John G. Breslin
[email protected] and [email protected]
I-SEMANTICS 2012 – Graz, Austria Thursday 6th September 2012
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Introduction
Increase in shared personal information on the Social Web raised awareness about privacy
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Current Limitations
Social Web applications provide system default privacy settings
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Use Case
A FOAF based Social Network
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Users feel more confident to publish their information
Users would be in full control– Which specific information can be shared and to whom
Granting access based on interest and not only to friends in contact lists
– Eg: Provide my phone number only to DERI colleagues without being in a friend or group list called DERI
Protecting a FOAF based Social Network
Use Case
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
PPO Overview
A light weight vocabulary for defining fine-grained privacy preferences for RDF data
A privacy preference contains: Which resource, statement or graph must be restricted A condition that must be satisfied The access control privilege (defined using WAC) A SPARQL query that tests whether a user requesting
information matches a graph pattern
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
PPO Overview
ppo:PrivacyPreference
ppo:hasLiteral
rdfs:Literal
rdfs:Resource
ppo:appliesToResource
rdf:Statement trix:Graph
ppo:AccessSpaceppo:hasAccessSpace
ppo:appliesToStatement ppo:appliesToNamedGraph
ppo:hasAccessQuery
ppo:Condition
rdf:Property
ppo:hasPropertyppo:classAsObjectppo:classAsSubjectppo:resourceAsObject
acl:Access
ppo:hasAccess
ppo:resourceAsSubject
ppo:hasCondition
Restrictions Conditions Access Test Queries Access Control Privileges
rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class
rdfs:Literal
This rdfs:Literal represents a SPARQL query as a String.
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending PPO
ppo:PrivacyPreference
ppo:Condition
ppo:ConditionOperator
ppo:AccessSpace
rdfs:Resource
rdf:Statement
trix:Graph
void:Dataset
rdfs:Resource
rdfs:Resource rdfs:Resource rdfs:Class rdfs:Classrdfs:Litera
lrdfs:Propoerty
acl:Access
acl:Access foaf:Agent rdfs:Literal
ppo:appliesToStatement
ppo:appliesToNamedGraph
ppo:hasNoAccess ppo:hasAccess ppo:hasAccessQueryppo:hasAccessAgent
ppo:hasLogicalOperator
ppo:hasCondition
ppo:hasConditionOperator
ppo:conditionOperatorOf
ppo:hasAccessSpace
ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject
wo:Weight
ppo:hasPriority
ppo:Operator
ppo:appliesToDataset
ppo:appliesToResource
ppo:appliesToContext
ppo:classAsObject
ppo:hasChildConditionOperator
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending PPO
ppo:PrivacyPreference
ppo:Condition
ppo:ConditionOperator
ppo:AccessSpace
rdfs:Resource
rdf:Statement
trix:Graph
void:Dataset
rdfs:Resource
rdfs:Resource rdfs:Resource rdfs:Class rdfs:Classrdfs:Litera
lrdfs:Propoerty
acl:Access
acl:Access foaf:Agent rdfs:Literal
ppo:appliesToStatement
ppo:appliesToNamedGraph
ppo:hasNoAccess ppo:hasAccess ppo:hasAccessQueryppo:hasAccessAgent
ppo:hasLogicalOperator
ppo:hasCondition
ppo:hasConditionOperator
ppo:conditionOperatorOf
ppo:hasAccessSpace
ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject
wo:Weight
ppo:hasPriority
ppo:Operator
ppo:appliesToDataset
ppo:appliesToResource
ppo:appliesToContext
ppo:classAsObject
ppo:hasChildConditionOperator
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending PPO
ppo:PrivacyPreference
ppo:Condition
ppo:ConditionOperator
ppo:AccessSpace
rdfs:Resource
rdf:Statement
trix:Graph
void:Dataset
rdfs:Resource
rdfs:Resource rdfs:Resource rdfs:Class rdfs:Classrdfs:Litera
lrdfs:Propoerty
acl:Access
acl:Access foaf:Agent rdfs:Literal
ppo:appliesToStatement
ppo:appliesToNamedGraph
ppo:hasNoAccess ppo:hasAccess ppo:hasAccessQueryppo:hasAccessAgent
ppo:hasLogicalOperator
ppo:hasCondition
ppo:hasConditionOperator
ppo:conditionOperatorOf
ppo:hasAccessSpace
ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject
wo:Weight
ppo:hasPriority
ppo:Operator
ppo:appliesToDataset
ppo:appliesToResource
ppo:appliesToContext
ppo:classAsObject
ppo:hasChildConditionOperator
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending PPO
ppo:PrivacyPreference
ppo:Condition
ppo:ConditionOperator
ppo:AccessSpace
rdfs:Resource
rdf:Statement
trix:Graph
void:Dataset
rdfs:Resource
rdfs:Resource rdfs:Resource rdfs:Class rdfs:Classrdfs:Litera
lrdfs:Propoerty
acl:Access
acl:Access foaf:Agent rdfs:Literal
ppo:appliesToStatement
ppo:appliesToNamedGraph
ppo:hasNoAccess ppo:hasAccess ppo:hasAccessQueryppo:hasAccessAgent
ppo:hasLogicalOperator
ppo:hasCondition
ppo:hasConditionOperator
ppo:conditionOperatorOf
ppo:hasAccessSpace
ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject
wo:Weight
ppo:hasPriority
ppo:Operator
ppo:appliesToDataset
ppo:appliesToResource
ppo:appliesToContext
ppo:classAsObject
ppo:hasChildConditionOperator
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending PPO
ppo:PrivacyPreference
ppo:Condition
ppo:ConditionOperator
ppo:AccessSpace
rdfs:Resource
rdf:Statement
trix:Graph
void:Dataset
rdfs:Resource
rdfs:Resource rdfs:Resource rdfs:Class rdfs:Classrdfs:Litera
lrdfs:Propoerty
acl:Access
acl:Access foaf:Agent rdfs:Literal
ppo:appliesToStatement
ppo:appliesToNamedGraph
ppo:hasNoAccess ppo:hasAccess ppo:hasAccessQueryppo:hasAccessAgent
ppo:hasLogicalOperator
ppo:hasCondition
ppo:hasConditionOperator
ppo:conditionOperatorOf
ppo:hasAccessSpace
ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject
wo:Weight
ppo:hasPriority
ppo:Operator
ppo:appliesToDataset
ppo:appliesToResource
ppo:appliesToContext
ppo:classAsObject
ppo:hasChildConditionOperator
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending PPO
ppo:PrivacyPreference
ppo:Condition
ppo:ConditionOperator
ppo:AccessSpace
rdfs:Resource
rdf:Statement
trix:Graph
void:Dataset
rdfs:Resource
rdfs:Resource rdfs:Resource rdfs:Class rdfs:Classrdfs:Litera
lrdfs:Propoerty
acl:Access
acl:Access foaf:Agent rdfs:Literal
ppo:appliesToStatement
ppo:appliesToNamedGraph
ppo:hasNoAccess ppo:hasAccess ppo:hasAccessQueryppo:hasAccessAgent
ppo:hasLogicalOperator
ppo:hasCondition
ppo:hasConditionOperator
ppo:conditionOperatorOf
ppo:hasAccessSpace
ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject
wo:Weight
ppo:hasPriority
ppo:Operator
ppo:appliesToDataset
ppo:appliesToResource
ppo:appliesToContext
ppo:classAsObject
ppo:hasChildConditionOperator
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending PPO
ppo:PrivacyPreference
ppo:Condition
ppo:ConditionOperator
ppo:AccessSpace
rdfs:Resource
rdf:Statement
trix:Graph
void:Dataset
rdfs:Resource
rdfs:Resource rdfs:Resource rdfs:Class rdfs:Classrdfs:Litera
lrdfs:Propoerty
acl:Access
acl:Access foaf:Agent rdfs:Literal
ppo:appliesToStatement
ppo:appliesToNamedGraph
ppo:hasNoAccess ppo:hasAccess ppo:hasAccessQueryppo:hasAccessAgent
ppo:hasLogicalOperator
ppo:hasCondition
ppo:hasConditionOperator
ppo:conditionOperatorOf
ppo:hasAccessSpace
ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject
wo:Weight
ppo:hasPriority
ppo:Operator
ppo:appliesToDataset
ppo:appliesToResource
ppo:appliesToContext
ppo:classAsObject
ppo:hasChildConditionOperator
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending PPO
ppo:Operator
ppo:And
ppo:Or
ppo:Not
rdfs:subClassOf rdfs:subClassOf rdfs:subClassOf Condition 1
AND
Condition 2 Condition 3
OR
ppo:PrivacyPreference
ppo:ConditionOperator
ppo:hasLogicalOperator
ppo:hasConditionOperator
ppo:Operator
ppo:hasChildConditionOperator
ppo:Conditionppo:conditionOperatorOf
ppo:hasCondition
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending WAC
ppo:Create
ppo:Delete
ppo:Update
acl:Access
acl:Read acl:Controlacl:Write
acl:Append
rdfs:subClassOf
rdfs:subClassOf rdfs:subClassOf
rdfs:subClassOf
rdfs:subClassOf rdfs:subClassOf
rdfs:subClassOf
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extended PPO Example
Define a privacy preference which is: Applied to all triples of the investment cost resource ID 90000001
Applied to all triples in the dataset called dataset1 Conditions:
– The resource URI 90000001 as the subject of the triple– The resource is an IT System type with ID 8000000002
Apply read and update access control privileges Apply privacy preference to all those that work at the US
Government Department for Health and Human Services
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
ex:pp1 a ppo:PrivacyPreference;
ppo:appliesToResource <http://www.example.org/Investment/90000001>;
ppo:appliesToDataset <http://www.example.org/repositories/dataset1>;
ppo:hasConditionOperator [ ppo:conditionOperatorOf [
ppo:resourceAsSubject <http://www.example.org/Investment/90000001> ];
ppo:hasLogicalOperator ppo:And;
ppo:conditionOperatorOf [ ppo:resourceAsObject
http://www.example.org/ITSystem/8000000002 ]];
ppo:hasAccess acl:Read; ppo:hasAccess ppo:Update;
ppo:hasAccessSpace [ ppo:hasAccessQuery
"ASK { ?x foaf:workplaceHomepage <http://www.hhs.gov> }"].
Extended PPO Example
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
The Privacy Preference Manager provides two main tasks: A user creates his/her privacy preferences A requester logs in to the other user’s manager which
returns filtered RDF data – in this case a faceted profile
Privacy Preference Manager
JohnRequester
Privacy PreferenceManager Private FOAF Profile
Privacy Preferences
Alex
WebID
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Privacy Preference Manager Ontology
ppmo:Administration
foaf:Agent
acl:Access
acl:Access
acl:Access
acl:Access
ppmo:hasOwner
ppmo:hasAdministration
ppmo:hasDefaultNoAccess
ppmo:hasDefaultConflictAccess
ppmo:hasDefaultConflictNoAccess
acl:Access
acl:Access
ppmo:AdminSpace
foaf:Agent
rdfs:Literal
ppmo:PrivacyPreferenceManager
ppmo:hasAdministrator ppmo:hasAdminSpaceQuery
ppmo:hasAdminAccess
ppmo:hasAdminNoAccessppmo:hasAdminSpace
ppmo:hasDefaultAccess
wo:Scale
ppmo:hasPriorityScale
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Privacy Preference Manager Ontology
ppmo:Administration
foaf:Agent
acl:Access
acl:Access
acl:Access
acl:Access
ppmo:hasOwner
ppmo:hasAdministration
ppmo:hasDefaultNoAccess
ppmo:hasDefaultConflictAccess
ppmo:hasDefaultConflictNoAccess
acl:Access
acl:Access
ppmo:AdminSpace
foaf:Agent
rdfs:Literal
ppmo:PrivacyPreferenceManager
ppmo:hasAdministrator ppmo:hasAdminSpaceQuery
ppmo:hasAdminAccess
ppmo:hasAdminNoAccessppmo:hasAdminSpace
ppmo:hasDefaultAccess
wo:Scale
ppmo:hasPriorityScale
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Privacy Preference Manager Ontology
ppmo:Administration
foaf:Agent
acl:Access
acl:Access
acl:Access
acl:Access
ppmo:hasOwner
ppmo:hasAdministration
ppmo:hasDefaultNoAccess
ppmo:hasDefaultConflictAccess
ppmo:hasDefaultConflictNoAccess
acl:Access
acl:Access
ppmo:AdminSpace
foaf:Agent
rdfs:Literal
ppmo:PrivacyPreferenceManager
ppmo:hasAdministrator ppmo:hasAdminSpaceQuery
ppmo:hasAdminAccess
ppmo:hasAdminNoAccessppmo:hasAdminSpace
ppmo:hasDefaultAccess
wo:Scale
ppmo:hasPriorityScale
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Privacy Preference Manager Ontology
ppmo:Administration
foaf:Agent
acl:Access
acl:Access
acl:Access
acl:Access
ppmo:hasOwner
ppmo:hasAdministration
ppmo:hasDefaultNoAccess
ppmo:hasDefaultConflictAccess
ppmo:hasDefaultConflictNoAccess
acl:Access
acl:Access
ppmo:AdminSpace
foaf:Agent
rdfs:Literal
ppmo:PrivacyPreferenceManager
ppmo:hasAdministrator ppmo:hasAdminSpaceQuery
ppmo:hasAdminAccess
ppmo:hasAdminNoAccessppmo:hasAdminSpace
ppmo:hasDefaultAccess
wo:Scale
ppmo:hasPriorityScale
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Privacy Preference Manager Ontology
ppmo:Administration
foaf:Agent
acl:Access
acl:Access
acl:Access
acl:Access
ppmo:hasOwner
ppmo:hasAdministration
ppmo:hasDefaultNoAccess
ppmo:hasDefaultConflictAccess
ppmo:hasDefaultConflictNoAccess
acl:Access
acl:Access
ppmo:AdminSpace
foaf:Agent
rdfs:Literal
ppmo:PrivacyPreferenceManager
ppmo:hasAdministrator ppmo:hasAdminSpaceQuery
ppmo:hasAdminAccess
ppmo:hasAdminNoAccessppmo:hasAdminSpace
ppmo:hasDefaultAccess
wo:Scale
ppmo:hasPriorityScale
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Privacy Preference Manager Ontology
ppmo:Administration
foaf:Agent
acl:Access
acl:Access
acl:Access
acl:Access
ppmo:hasOwner
ppmo:hasAdministration
ppmo:hasDefaultNoAccess
ppmo:hasDefaultConflictAccess
ppmo:hasDefaultConflictNoAccess
acl:Access
acl:Access
ppmo:AdminSpace
foaf:Agent
rdfs:Literal
ppmo:PrivacyPreferenceManager
ppmo:hasAdministrator ppmo:hasAdminSpaceQuery
ppmo:hasAdminAccess
ppmo:hasAdminNoAccessppmo:hasAdminSpace
ppmo:hasDefaultAccess
wo:Scale
ppmo:hasPriorityScale
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Extending the Privacy Preference Manager
WebIDAuthenticator
RDF Data Retriever & Parser
Privacy Preferences
Enforcer
Privacy Preferences
Creator
User Interface
Privacy Preferences
WebID Authentication Service
foafssl.org
User
SSL Certificate Confirmation
ConfirmationSSL Certificate
PrivacyPreference
Privacy Preference
PrivacyPreference
Query
RDF Data
Filtered RDF Data
Request
Request RDF Data
Query
Request
Information
Privacy Preference Manager
RDF Documents
SPARQL Endpoint
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Future Work
Defining and computing trustworthiness of requesters
Enhancing Privacy Preference Manager to assert trustworthiness whilst enforcing privacy preferences
Digital Enterprise Research Institute www.deri.ie
Enabling Networked Knowledge
Links
PPO Namespace URI: http://vocab.deri.ie/ppo#
PPMO Namespace URI: http://vocab.deri.ie/ppmo#
Screencasts Creating Privacy Preferences: http://bit.ly/p0N1Vi Viewing Filtered FOAF Profiles: http://bit.ly/qiAdxT
Email: [email protected]