Research Abstracts - 2006

The Rein Policy Framework for the Semantic Web

Lalana Kagal, Tim Berners-Lee, Dan Connolly & Daniel Weitzner

Overview

As the necessity of flexible Web security becomes more apparent and as the notion of using policies for access control gains popularity, the number of policy languages being proposed for controlling access to Web resources increases. Instead of requiring everyone on the Web to conform their description of their policy relationships to a single language, we leverage the power of the Semantic Web to reason across the various languages (such as RDF-S, OWL, and rule languages) that people use to describe policies. We propose Rein - a policy and delegation framework that is grounded in Semantic Web technologies - to help the Web preserve maximum expressiveness for local policy communities by enabling global interoperability of policy reasoning. Rein provides ontologies for describing policies and delegations, and provides mechanisms for reasoning over them, both of which can be used to develop domain and policy language specific access control frameworks for Web resources.

Approach

Rein is a framework for policy specification and reasoning, which exploits the inherently decentralized and open nature of the (Semantic) Web [1, 2] and draws on policy concepts defined in the Rei policy language [3, 4]. Rein supports policies and meta-policies (for conflict resolution) that are described in RDF-S [5] , OWL [6], and rule languages such as N3 [7] over policy languages defined in RDF-S or OWL. Policies, meta policies, and policy languages can be re-used and extended as required. Inter-related resources, their policies and meta policies, the policy languages used, and their relationships together form Rein policy networks. Rein policy networks are described using Rein ontologies [8] and these descriptions are used by the Rein engine to provide policy reasoning.

Another important aspect of the Rein framework is that it supports delegation of authorization and trust that allow policies to be less exhaustive and provide decentralized security control. Delegation of authorization is very important to the Web because owners of Web resources may not be able to project who should have access to their resources or pre-establish all desirable requirements for access. This kind of delegation allows permissions on a resource to be propagated by a set of trusted entities without explicitly changing the policy or requirements. In order to support the openness of the Web, the Rein framework also includes delegation of trust such that only trusted information on the Web is accepted and reasoned about. Both kinds of delegation can be used with different policy languages defined in RDF-S and OWL.

Some of the main contributions of Rein include:

• Rein is a open and extensible approach to representing and reasoning over policies. It provides interoperability between domains that use different policy languages.
• Rein supports different mechanisms for delegation that can be grounded out in domain-specific policy languages. It also provides a uniform way of reasoning over delegation networks.
• It allows flexibility in how sophisticated or expressive the policies can be. For example, a policy can be as simple as a list of users and the resources they can/cannot access whereas another policy can be a set of rules that define access rights in terms of specific attributes of users, resources, and the environment and that use information and inferences from other Web resources.
• Rein provides a unified way for reasoning over policies and delegations to make access control decisions.
• Except for the relationship between a resource and its policies, all other entities in Rein policy networks are self-describing i.e. all information required to understand the entity is within the entity or linked from the entity. The relation between the resource and its policies is not described within the resource itself but is known to the Web server controlling access to the resource.
• Rein supports a compartmentalized approach to policy development as it permits the designing of policy languages, writing of meta-policies associated with policy languages, developing of policies, and enforcing of policies to be modular tasks. This allows policy developers to make frequent changes at their high level of understanding without requiring any other changes to the system.

Research Support

This research was supported by the National Science Foundation (Awards 0427275 and 052448).

References:

[1] Rein. URL : http://dig.csail.mit.edu/2005/09/rein/

[2] Lalana Kagal, Tim Berners-Lee, Dan Connolly, and Daniel Weitzner. Using Semantic Web Technologies for Open Policy Management on the Web. Under review, February 2006.

[3] Lalana Kagal. A Policy-Based Approach to Governing Autonomous Behavior in Distributed Environments. PhD Thesis, Baltimore, Maryland, USA, September 2004.

[4] Lalana Kagal. Rei Policy Specification Language. URL : http://rei.umbc.edu/

[5] World Wide Web Consortium (W3C). RDF Vocabulary Description Language 1.0: RDF Schema. W3C Recommendation, February 2004. URL : http://www.w3.org/TR/rdf-schema/

[6] World Wide Web Consortium (W3C). Web Ontology Language (OWL) Reference. W3C Recommendation, February 2004. URL : http://www.w3.org/TR/owl-ref/

[7] Tim Berners-Lee, Dan Connolly, Eric Prud'homeaux, Yosi Scharf. Experience with N3 rules. In W3C Workshop on Rule Languages for Interoperability, Washington, D.C., USA, April 2005.

[8] Tom Gruber. What is an Ontology? URL : http://www.ksl.stanford.edu/kst/what-is-an-ontology.html