Uncle-Share: Annotation-Based Access Control for Cooperative and Social Systems Peyman Nasirifard and Vassilios Peristeras Digital Enterprise Research Institute National University of Ireland, Galway IDA Business Park, Lower Dangan, Galway, Ireland [email protected]

Abstract. Shared workspaces and Web 2.0 platforms provide lots of services for sharing various objects. Most current shared workspaces and Web 2.0 platforms provide role-based, coarse-grained access control policies which undermine the utility of them in some cases. In this paper, we present Annotation-Based Access Control, an approach towards access control which benefits from user annotations to annotate people using various fixed and desired open vocabulary (tags) and helps to build a more flexible access control mechanism based on relationships among different types of users. We also present a prototype, a gadget called UncleShare, which we have developed to enable this access control mechanism and evaluate it. Key words: Access Control, Shared Workspace, Annotation, Social Network, Web 2.0

1

Introduction

Web 2.0 platforms and shared workspaces (e.g. BSCW, Microsoft SharePoint) provide necessary tools and infrastructure for sharing various items. In a shared workspace or social platform, where the people collaborate together and share resources, there should definitely exist some kind of embedded access control mechanisms in order to restrict unauthorized accesses to various resources. In brief, Access Control defines who can access what data [15]. We have analyzed the embedded access control mechanisms within some shared workspaces and Web 2.0 platforms. We signed up to some platforms, uploaded/added some resources (e.g. documents, photos, bookmarks), added some contacts as friends and tried to share our resources with some of our contacts. We noticed that the embedded access control mechanisms were not flexible enough to enable us to share our resources with desired contacts within specific context. For instance, we could not share a specific project-related bookmark with only people that are working on that project. To overcome this situation, we had to send emails to share the bookmark with them. Most current shared workspaces and Web 2.0 platforms provide coarse-grained access control policies which undermine the utility of them in some cases.

In this paper, we present an approach for access control by annotating people and defining access control policies based on the annotations (i.e. AnnotationBased Access Control). We benefit from Semantic Web [2] technologies for annotations, storing and retrieving data. These technologies enable us to do reasoning on top of annotations and also help us to interact with various platforms or even other applications can integrate with our platform. The rest of this paper proceeds like the following: In the next part, we have an overview of related work regarding access control in social and cooperative systems. In section 3, we introduce Annotation-Based Access Control model. In part 4, we present a prototype that we have developed to enable and evaluate our access control mechanism. After that, we compare our model with some other approaches and finally we conclude and have an overview of future works in section 6.

2

Related Work

There exist plenty of approaches and mechanisms towards controlling access to electronic resources: access control lists, which is probably the simplest access control mechanism, role-based access control [7, 17], attribute-based access control [12], etc. Each approach has its own advantages, disadvantages and feasibility scope. Many researchers try to combine different access control mechanisms to build a more powerful mechanism and decrease the disadvantages of each mechanism. Kern et al. [10] provide an architecture for role-based access control to use different rules to extract dynamic roles. Alotaiby et al. [1] present a team-based access control which is built upon role-based access control. Periorellis et al. [14] introduce another extension to role-based access control which is called taskbased access control. They discuss task-based access control as a mechanism for dynamic virtual organization scenarios. Georgiadis et al. [8] provide a model for combining contextual information with team-based access control and they provide a scenario in health care domain, where the model is used. Zhang et al. [21] propose a model for dynamic context-aware role-based access control for pervasive applications. They extend role-based access control and dynamically align role and permission assignments based on context information. The study of access control mechanisms in Cooperative Systems is not new and was in existence since the birth of e-Collaboration tools in 1980s. Shen et al. [18] studied access control mechanisms in a simple collaborative environment, i.e. a simple collaborative text editing environment. Zhao [22] provides an overview and comparison of three main access control mechanisms in collaborative environments. Tolone et al. [19] have published a comprehensive study on access control mechanisms in collaborative systems and compare different mechanisms based on multiple criteria, e.g. complexity, understandability, ease of use. Jaeger et al. [9] present basic requirements for role-based access control within collaborative systems. Kim et al. [11] propose a collaborative role-based access

control (C-RBAC) model for distributed systems which is fine-grained and try to address the conflicts from cross-domain role-to-role translation. There exist some studies on access control in social networks. Most of the literature focuses on relationships that the people may acquire in a social network. In [16], Kruk et al. suggest a role-based policy-based access control for social networks, where the access rights will be determined based on social links and trust levels between people. In [3], Carminati et al. present the same approach and in [5], they extend their model by adding the concept of private relationships in access control, as they noticed that all relationships within social networks should not be public, due to security and privacy reasons.

3

Annotation-Based Access Control Model

Annotation is a common mechanism which is used nowadays by many social platforms for annotating shared objects to facilitate the discovery of relevant resources. Our access control model is based on annotations. It benefits partially from social acquaintances to express the annotation mechanism, however it is not only limited to fixed terms and open vocabularies can be also utilized for annotations. In this approach, end users are able to annotate their contacts and define policies based on their annotations. In this case, only those annotated contacts, that fulfill the required policies, have access to specified resources. A simple example follows: User A annotates user B which is part of his social network as supervisor. User A owns also several resources and defines different policies for them. In this case, all resources that have just supervisor in their policies and their policies express that they can be shared with the people that have been tagged as supervisor, are automatically accessible to the user B which has been annotated as supervisor. Annotation-based access control is very close to how we share resources in our real-life. We may share the key of our apartments with our parents, but not with our friends. Based on this simple scenario, in annotation-based access control, both our parents and friends are parts of our social network, but our parents have been tagged as parent while our friends as friend and our keys are resources that we define to be shared only with entities tagged as parent. Our current access control model consists of three main entities and two main concepts: Person, Resource, and Policy are the entities; Annotation and Distance are the main concepts. A Person is an entity with the RDF type Person 1 . A Person is connected to zero or more other Persons. Each connection between Persons can be annotated with zero or more Annotations. An Annotation is a term or a set of terms that are connected together and aims to describe the Person. A Person owns zero or more Resources. A Resource is an entity with the RDF type Resource 2 and is owned by (isOwnedBy) one or more Persons. Resources may be in the form of URIs / URLs / short messages. A Resource can 1

2

http://uncle-share.com/ontology/Person OR Person http://uncle-share.com/ontology/Resource

http://xmlns.com/foaf/0.1/

Fig. 1. Main elements in access control mechanism and their relationships

be either private or public. A Policy is an entity with the RDF type Policy 3 . A Policy is defined by (isDefinedBy) one Person and belongs to (belongsTo) one Resource. A Policy has one Annotation and one Distance. Again an Annotation is a term or a set of terms that are connected together and aims to describe the Person that the Resource should be shared with. A Distance is a numerical value which determines the depth that the Policy is valid. Depth is actually the shortest distance among two Persons with consideration of Annotations. This will be more clear with an example in section 5. A Person defines zero or more Policies. Note that multiple Policies for a Resource that are defined by a Resource owner may have different Distances. Figure 1 demonstrates the main elements of our access control model. There exist several rules (meta-policies) in our approach: – Rule 1: A Person acquires access to a Resource, if and only if (iff) s/he meets all policies that have been defined by Resource owner for that Resource. It means that the Person has been already annotated with the Annotations which are defined in the Policies and s/he is also in the scope of the Policies (i.e. Distance criteria). A conclusion of this rule follows: Multiple Policies that are defined by a Resource owner for a Resource are ORed, if they have different Distances, otherwise the Policies are ANDed. – Rule 2: Only the Resource owner is eligible to define Policies for that Resource. – Rule 3: If a Person acquires access to a Resource, s/he may copy/add the Resource to his/her Resources. In this case, s/he will be the Resource owner. (The original Resource owner will also keep the ownership as well.) – Rule 4: A private Resource has zero or more Policies, whereas a public resource has at least one Policy. 3

http://uncle-share.com/ontology/Policy

Fig. 2. The general architecture and overview of UI

– Rule 5: The default Distance for Policies is one.

4

Uncle-Share: Annotation-Based Access Control Prototype

Based on the presented Annotation-Based Access Control model, we have developed a prototype called Uncle-Share to validate and test the approach. Figure 2 demonstrates the overall architecture of Uncle-Share plus an overall view of the User Interface (UI). In the following, we describe some important aspects of the architecture and UI. Uncle-Share is based on Service-Oriented Architecture (SOA). Uncle-Share provides several SOAP-based services to end users. In other words, all functionalities of Uncle-Share (registration, changing password, adding persons and resources, fetching shared resources, etc.) are wrapped as Web services. Following this approach enables developers to utilize all functionalities of Uncle-Share within their own applications. Uncle-Share provides currently the following services: – Handle Object: This service enables end users to register themselves to the system and/or change their passwords.

– Handle Connection: This service enables end users to add connections between persons; persons and resources; and persons and policies. This service enables also end users to annotate those connections with closed and open terms. – Get Connection: This service enables end users to get who/what stuff is connected to a specific person. – Get Registered Users: This service returns the list of the registered users on the system. – Get Social Network: This service returns the social network of authenticated user in RDF (based on FOAF4 ). – Get Available Resources: This service returns the available resources to a specific person based on Distance input. We have chosen to build the Uncle-Share user interface as a widget / gadget. These two terms, widget and gadget, are used sometimes to refer to the same concept. There exist currently many gadget / widget platforms, and open source and commercial gadget-building tools. NetVibes5 and iGoogle6 are two mostly used gadget platforms. Both platforms provide basic tools for building gadgets / widgets. Having gadgetized user interface enables end users to have UncleShare besides other applications and this can attract more users, as they should not launch a new application or browse a new Web page to utilize Uncle-Share. Our gadget can be embedded into any widget / gadget platform or Web site. We used AJAX [20] (Asynchronous JavaScript and XML) technologies for developing the user interface. The only client-side requirement is that the browser should support JavaScript. The current version of gadget has six main tabs: Login, Persons, Resources, Shared, Settings, and Help. For annotations and also defining policies, Uncle-Share has a suggest box. In the suggest box, end users will get some recommendations / suggestions from Uncle-Share. These suggestions are based on the RELATIONSHIP [6] ontology. It is an extended version of FOAF and a set of terms for describing the general relationships between people. Uncle-Share gadget can be accessed and tested online7 8 . We have successfully embedded the gadget into iGoogle and BSCW shared workspace, in order to enable Annotation-Based Access Control for bookmarks. We have chosen some specific open source and free software to implement Uncle-Share. We use Sesame 2.09 as RDF store. The SOA backbone is based on Apache CXF10 which eases the development of Web services. For building the AJAX-based gadget, we used Google Web Toolkit11 (GWT). GWT has a Java 4 5 6 7 8 9 10 11

http://www.foaf-project.org/ http://www.netvibes.com/ http://www.google.com/ig http://purl.oclc.org/projects/uncle-share-gadget-igoogle http://purl.oclc.org/projects/uncle-share-gadget-standalone http://www.openrdf.org/ http://incubator.apache.org/cxf/ http://code.google.com/webtoolkit/

to JavaScript compiler which compiles the Java source and generates desired user interface.

5

Evaluation and Comparisons

In the first glance, our approach for access control sounds to be similar to RoleBased Access Control [7, 17] (RBAC), Generalized Role-Based Access Control [13] (GRBAC) and other family members of RBAC. In brief, in RBAC, a user is assigned one or more roles. Each role has some defined permissions. Users will receive desired permissions through their roles or they inherit the permissions through the role hierarchy. RBAC is a quite successful access control method and is used in many platforms (operating systems, databases, etc.) and organizations. In GRBAC [13], the authors extend RBAC by introducing subject roles, object roles and environment roles. RBAC, GRBAC and other family members of RBAC works well, if there exists well-structured (and perhaps hierarchy) of roles, permissions (and resources). The main difference between RBAC and our approach is that in RBAC, the roles are already defined by a role engineer, but in our approach, we have decentralized concepts (i.e. annotations) which are not necessary roles (from the semantics point of view). It is the user that defines his/her own annotations and assigns them to his/her contacts which is more user-centric. From the RBAC perspective, our model can be seen as an extension to RBAC through assigning user-centric roles (i.e. annotations) to a person’s contacts. The other main difference is the concept of Distance which increases or decreases the scope of policies in sharing resources, as the people are connected together in a graph-like manner (rather than hierarchy-like manner). Where RBAC can be very useful in large and well-structured organizations, our approach fits well for defining access control policies for personal data. In our model, all relationships are private, as there is no need to publicly announce the relationships between people, due to privacy reasons. However, end users can freely publish their own relationships, if this is needed. While fixed vocabulary is used in approaches like [3], in our model and tool, fixed terms are just suggested to end users, as we do not really force users to exclusively use them. They are allowed to use their own terms as well as fixed terms for annotations. This open vocabulary approach enables end users to express the trust level in a more accurate way as well. As an example, instead of using percentages for expressing the trust level (e.g. friend 80%) like in [16], end users can express degrees of friendship in a more natural way with an annotation like closeFriendOf. The model becomes in this way more realistic and expressive, as we don’t really label our friends and relationships in real-life with numerical values and percentages. Moreover, we calculate the distance between two persons taking to account the annotation values. This is important because annotations build a graph among people which may contain several paths between two persons and it is important to consider all paths when we want to reach target person from

a source person. For example, if person A is connected to person B and this connection has the annotation student, the distance from person A to B (directional) with the consideration of student is one. The distance from person A to B (directional) with the consideration of any other annotation (e.g. friendOf) is infinity. The distance from person B to A (directional) is also infinity, if person B has not defined an outgoing link to person A.

6

Conclusion and Future Work

In this paper, we presented an annotation-based access control model and a prototype based on that. Uncle-Share enables end users to annotate their contacts and set different policies for their resources based on their annotations. From the RBAC perspective, our model can be seen as an extension to RBAC, where people are able to define their own roles (i.e. annotations) and assign them to others in a user-centric model. We are currently working to extend RELATIONSHIP ontology and add more collaboration-based terms to it, as our model and prototype are mainly utilized in collaboration-based environments. RELATIONSHIP ontology and works like REL-X [4] contain the terms that capture the general relationships and social acquaintances among people. One other interesting extensions is using Open Social12 API to embed the Uncle-Share into the social networking sites like MySpace and Orkut. Open Social follows the idea of Write once, run anywhere and enables developers to develop cross-platform applications among social Web sites. More advanced user model and suggestions / recommendations, and prioritizing the policies are different possible improvements. Due to the small nature of widgets / gadgets, we may develop a full-screen version of user interface and put a snippet of the main interface into the gadget.

Acknowledgments This work is supported by Ecospace project: FP6-IST-5-352085

References 1. Alotaiby, F.T., and Chen, J.X. A Model for Team-based Access Control. In International Conference on Information Technology: Coding and Computing. IEEE Computer Society, 2004. 2. Berners-Lee, T., Hendler, J., and Lassila, O. The Semantic Web, A new form of Web content that is meaningful to computers will unleash a revolution of new possibilities. Scientific American, 2001. 3. Carminati, B., Ferrari, E., and Perego, A. Rule-Based Access Control for Social Networks. In OTM Workshops (2), pages 1734–1744. Springer-Verlag, 2006. 12

http://opensocial.org/

4. Carminati, B., Ferrari, E., and Perego, A. The REL-X vocabulary. OWL Vocabulary. http://www.dicom.uninsubria.it/˜ andrea.perego/vocs/relx.owl, 2006. [Online; accessed 18-June-2008]. 5. Carminati, B., Ferrari, E., and Perego, A. Private Relationships in Social Networks. In Proceedings of ICDE Workshops, pages 163–171, 2007. 6. Davis, I., and Vitiello Jr, E. RELATIONSHIP: A vocabulary for describing relationships between people. http://vocab.org/relationship/, 2005. [Online; accessed 18-June-2008]. 7. Ferraiolo, D.F., and Kuhn, D.R. Role Based Access Control. In 15th National Computer Security Conference, pages 554–563, 1992. 8. Georgiadis, C.K., Mavridis, I., Pangalos, G., and Thomas. R.K. Flexible teambased access control using contexts. In SACMAT ’01: Proceedings of the sixth ACM symposium on Access control models and technologies, pages 21–27. ACM Press, 2001. 9. Jaeger, T., and Prakash, A. Requirements of role-based access control for collaborative systems. In 1st ACM Workshop on Role-based access control. ACM Press, 1996. 10. Kern, A., and Walhorn, C. Rule support for role-based access control. In 10th ACM symposium on Access Control Models and Technologies, pages 130–138. ACM Press, 2005. 11. Kim, H., Ramakrishna, R.S., and Sakurai, K. A Collaborative Role-Based Access Control for Trusted Operating Systems in Distributed Environment. IEICE transactions on fundamentals of electronics, communications and computer sciences, 88(1):270–279, 2005. 12. Kolter, J., Schillinger, R., and Pernul, G. A Privacy-Enhanced Attribute-Based Access Control System. In DBSec, volume 4602 of Lecture Notes in Computer Science, pages 129–143. Springer, 2007. 13. Moyer, M.J., and Ahamad, M. Generalized Role-Based Access Control. In ICDCS ’01: Proceedings of the The 21st International Conference on Distributed Computing Systems, page 391. IEEE Computer Society, 2001. 14. Periorellis, P., and Parastatidis, S. Task-Based Access Control for Virtual Organizations. In Scientific Engineering of Distributed Java Applications, pages 38–47, 2005. 15. Russell, D., and Gangemi, Sr. G.T. Computer Security Basics. O’Reilly and Associates, Inc., 1991. 16. Ryszard Kruk, S., Grzonkowski, S., Gzella, A., Woroniecki, T., and Choi, H.C. D-FOAF: Distributed Identity Management with Access Rights Delegation. In Proceedings of Asian Semantic Web Conference (ASWC), pages 140–154, 2006. 17. Sandhu, R.S., Coyne, E.J., Feinstein, H.L., and Youman, C.E. Role-Based Access Control Models. IEEE Computer, 29 (2):38–47, 1996. 18. Shen, H., and Dewan, P. Access Control for Collaborative Environments. In Computer-Supported Cooperative Work Conference, pages 51–58. ACM Press, 1992. 19. Tolone, W., Ahn, G., Pai, T., and Hong, S. Access control in collaborative systems. ACM Computing Surveys, 37:29–41, 2005. 20. Zakas, N.C., McPeak, J., and Fawcett, J. Professional Ajax (Programmer to Programmer). Wiley Publishing, second edition, 2007. 21. Zhang, G., and Parashar, M. Dynamic Context-aware Access Control for Grid Applications. In GRID ’03: Proceedings of the Fourth International Workshop on Grid Computing, page 101. IEEE Computer Society, 2003. 22. Zhao, B. Collaborative Access Control. In Seminar on Network Security (NetSec), 2001.

Annotation-Based Access Control for Cooperative and ...

Apache CXF10 which eases the development of Web services. For building .... Computer-Supported Cooperative Work Conference, pages 51–58. ACM Press ...

389KB Sizes 1 Downloads 274 Views

Recommend Documents

Annotation-Based Access Control for Cooperative and ...
[10] provide an architecture for role-based access control to use dif- ferent rules ... in access control, as they noticed that all relationships within social networks.

Cooperative Control and Potential Games - Semantic Scholar
However, we will use the consensus problem as the main illustration .... and the learning dynamics, so that players collectively accom- plish the ...... obstruction free. Therefore, we ..... the intermediate nodes to successfully transfer the data fr

Cooperative Control and Potential Games - Semantic Scholar
Grant FA9550-08-1-0375, and by the National Science Foundation under Grant. ECS-0501394 and Grant ... Associate Editor T. Vasilakos. J. R. Marden is with the ... J. S. Shamma is with the School of Electrical and Computer Engineer- ing, Georgia ......

Access Control - Ben Laurie
Mar 13, 2009 - be allowed to set the clock and talk to other time-keeping programs on the. Internet, and ..... book, but I give some examples here. 6.1 Allowing ...

pdf-0751\media-access-control-and-resource-allocation-for-next ...
... apps below to open or edit this item. pdf-0751\media-access-control-and-resource-allocation- ... ks-springerbriefs-in-applied-sciences-and-technolo.pdf.

Patient-Cooperative Control Strategies for Coordinated ...
support the subject in a patient-cooperative way during the training is introduced. .... In order to define support, an ideal reference trajec- tory is needed.

Patient-Cooperative Control Strategies for Coordinated ...
to use admittance control, a force/torque sensor is needed. Since there are ... filter are the velocities ˙qc in the joint space. The velocities ˙q in the joint space are subtracted from the reference velocities. jZr. -1. J. jD. jYc. Force/ Torque.

Distributed Extremum Seeking and Cooperative Control ...
The proposed approach retains all the advantages of cooperative control (such ... Mobile platforms with wireless communication capabili- ties can often be used ...

Access Control (v0.1) - Ben Laurie
8The laptop produced by the One Laptop Per Child project[4]. 4 .... Examples of the operating system approach are Keykos[9], Amoeba[17],. EROS[14] and ...

Access Control (v0.1) - Ben Laurie
particularly in the context of the Web, where merely viewing a page can cause code to run. ... 3Single problem domain, that is, not DNS domain. 4I avoid ..... and buy something on my behalf using that capability ... or steal the money from me.

Context-Aware Access Control for Collaborative ...
Due to availability of semantic search engines and open data like [49], this approach ..... Wikipedia: Access control — Wikipedia, The Free Encyclopedia. http:.

Inference-Based Access Control for Unstructured Data - Liz Stinson
Apr 21, 2009 - Virtual Private Database (VPD) Oracle's VPD entails dy- namically rewriting ..... IBM Database Magazine Quarter 1, 2007, Vol. 12,. Issue 1 (May ...

squaring backoff based media access control for mobile ...
JOURNAL OF COMPUTER SCIENCE AND ENGINEERING, VOLUME 6, ... three requirements. ... successful transmissions is also a major factor that needs.

Sigma-F Protocol Access Control for Real Time System - IJRIT
Key Words- Access control protocol; Scheduling; Real Time System; Response Time. 1. Introduction. The Real Time ... database locks etc. A job may need some ...

Sigma-F Protocol Access Control for Real Time System - IJRIT
Key Words- Access control protocol; Scheduling; Real Time System; Response Time. 1. Introduction. The Real Time ... database locks etc. A job may need some ...

Distributed medium access control for wireless mesh ...
Department of Electrical and Computer Engineering, Centre for Wireless Communications, University of. Waterloo, Waterloo ... Contract/grant sponsor: Natural Science and Engineering Research Council (NSERC) of Canada. radio spectrum, many .... data ch

Towards an Access Control Mechanism for Wide-area ...
We call these filters access ..... vices can specify the conditions for principals to activate the role. .... tional Conference on System Sciences (HICSS-35), Big Is-.

Toward Quantified Risk-Adaptive Access Control for ...
Toward Quantified RAdAC for Multi-tenant Cloud Computing. 3 computing, it is ... In most common definitions, cloud computing is comprised of three services.

Annotation-Based Access Control for e-Professionals
Keywords. Access Control, Shared Workspace, Annotation, Social Network. 1 Introduction ... workspaces, such as BSCW and Microsoft SharePoint. The current ...

Observation-Based Fine Grained Access Control for ...
Fine Grained Access Control (FGAC) can be applied at lower level such as individual ... and remaining digits are confidential) by Customer-Care Personnel.

Cooperative frequency control with a multi-terminal high ... - ORBi
Sep 18, 2012 - prominent application domain where cooperative reactions allow substantial savings. Probably the most well-known cooperative reaction mechanism in ..... In absence of integral action, power flows are directly driven by frequency differ

From Autonomy to Cooperative Traded Control of ...
the design of a framework for teleoperating a humanoid robot to perform a ..... of the motion trajectory in a dedicated 3D GUI component. (see Figure 1) by clicking a ..... [11] D. Sakamoto, T. Kanda, T. Ono, H. Ishiguro, and N. Hagita, “Android.