[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Some concerns about intersection and domain independence
Dear all, I have been reading your posts since the beginning of the list. Sorry for the late participation but other constraints kept me away from contributing. I have been working on policy research during the last years, but mostly from the academia perspective. Here there are some questions/comments/concerns I hope provide some discussion: - If I am not wrong, WS-PolicyConstraints proposes a concept of intersection based on syntactic matching. That's the secret to make it domain independent. However, I see semantics as a key point during web service matching. For example, imagine an e-shop that accepts any credit cardit. The shop is obliged to list all possible "subclasses" of credit card. Probably this is a simple example where the number of assertions do not explode. However, now imagine that the policy expresses the request for a valid employee id issued by a partner company (all partner companies must be listed to do matching) or suppose a user willing to make a transaction if it is "secured". While the service provider lists only some specific protocols, the client should list all possible "secure" protocols in order to be matched. See [1] and [2] for some ideas about a matchmaking process taking into account hierarchies of concepts. I know that then the complexity is shifted from simple set containment (your "is a subset of" operator) to subsumption but my concern is whether simple set containment is feasible due to the potential number of constraints in real policies. - Delegation. Imagine a policy that says "employees from our administration department or current employees from our partner XYZ are allowed to access" (see [3] for other examples). In this case, since it is unlikely that XYZ is going to replicate its employee database, delegation is needed. Matchmaking is not anymore domain independent, isn't it?. It requires a matchmaking process for the first part and an external request for the second. How would this be addressed? - Regarding to intersection, as an extra point of view, I would add that it is not necessarily needed to be done in a one-step process. It might be that policies are not public, or there are too many in order to try to match them all. In such a case, there could be an iteration in which after each communication process/iteration of the negotiation new policies may be released and taken into account ([3], [4]). I don't see in your current document anything that would not allow this kind of negotiations but I just point it as a probably different scenario. A couple of extra questions/comments on the document WS-PolicyConstraints (24 October 2005): - Page 6 says "currently most semantic descriptions are captured only in custom code modules". Could you extend a bit on this? - Page 6 also talks about circular dependencies being inconsistent. I just would like to point that it is not necessary inconsistent. It is the case of OWL (based on description logics) but not of other approaches based on Logic Programming (like e.g. [4]). From a declarative point of view, cycles are perfectly right and not errors or inconsistences. Furthermore, even though cycles might be avoided in a centralized approach, it is not possible if distributed. Imagine the following example (extracted from a currently submitted paper): "suppose Bob wants to share his pictures with his friends. Bob protects his pictures with a policy that states “only my friends may access my pictures”. However, he does not only have a list of his friends but also include that “all Alice’s and Frank’s friends are also my friends”. Suppose Alice and Frank have a similar policy in which their friends list includes also all other’s friends. Given that setup, imagine that Tom requests access to Bob’s pictures. Bob’s security agent (SA) checks that Tom is not his friend but, since he might be a friend of Alice or Frank, it asks their security agents. Now, Alice’s SA checks locally if Tom is her friend, but some of her policies say that any friend of Bob or Frank is also her friend and therefore, it asks Bob’s and Frank’s SA. In parallel Frank’s SA evaluates its policies and produces a similar situation asking back Bob’s and Alice’s SA, and so on. As the reader can see, if not detected and handled appropriately, the evaluation of this request would never terminate (see figure 1), even if answers exist." Hope that my comments do not diverge too much the focus of the mailing list but I would be really interested in bringing some new requirements to discussion and knowing about your opinion on them. Best, D. [1] Lalana Kagal, Massimo Paoucci, Naveen Srinivasan, Grit Denker, Tim Finin, and Katia Sycara, "Authorization and Privacy for Semantic Web Services", IEEE Intelligent Systems (Special Issue on Semantic Web Services), 2004 [2] Grit Denker, Lalana Kagal, Tim Finin, Katia Sycara, and Massimo Paoucci, "Security for DAML Web Services: Annotation and Matchmaking", 2nd International Semantic Web Conference (ISWC2003), September 2003 [3] Rita Gavriloaie, Wolfgang Nejdl, Daniel Olmedilla, Kent Seamons, Marianne Winslett No Registration Needed: How to Use Declarative Policies and Negotiation to Access Sensitive Resources on the Semantic Web 1st European Semantic Web Symposium, May. 2004, Heraklion, Greece [4] Piero A. Bonatti, Daniel Olmedilla Driving and Monitoring Provisional Trust Negotiation with Metapolicies IEEE 6th International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Jun. 2005, Stockholm, Sweden -- Daniel Olmedilla L3S Research Center and Hannover University Deutscher Pavillon Expo plaza 1 D - 30539 Hannover Phone: +49 (0)511 762.9741 / +49 (0)511 7621.9767 Fax: +49 (0)511 762.9779 / +49 (0)511-7621.9712 http://www.l3s.de/~olmedilla/ E-Mail: olmedilla@l3s.de
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]