Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Trustworthy Semantic Webs Dr. Bhavani Thuraisingham The University of Texas at Dallas Lecture #3 Semantic Web, Web Services and Security Outline Today’s Web From web to semantic web Applications and Technologies Layered Approach Web Services Introduction Today’s Web High recall, low precision: Too many web pages resulting in searches, many not relevant Sometimes low recall Results sensitive to vocabulary: Different words even if they mean the same thing do not results in same web pages Results are single web pages not linked web pages From Today’s Web to the Semantic Web Machine understandable web pages Activities on the web such as searching with little or no human intervention Technologies for knowledge management, e-commerce, interoperability] Solutions to the problems faced by today’s web - Retrieving appropriate web pages, sensitive to vocabulary etc. - Semantic web applications including Layered Approach: Tim Berners Lee’s Vision www.w3c.org Applications: Web Services Web Services refers to the technologies that allow for making connections. Services are what you connect together using Web Services. A service is the endpoint of a connection. Also, a service has some type of underlying computer system that supports the connection offered. The combination of services - internal and external to an organization - make up a service-oriented architecture. Knowledge Management Corporation Need - Searching, extracting and maintaining information, uncovering hidden dependencies, viewing information Semantic web for knowledge management - Organizing knowledge, automated tools for maintaining knowledge, question answering, querying multiple documents, controlling access to documents Business to Consumer E-Commerce Users shopping on the web; wrapper technology is used to extract information about user preferences etc. and display the products to the user Use of semantic web: Develop software agents that can interpret privacy requirements, pricing and product information and display timely and correct information to the use; also provides information about the reputation of shops Future: negotiation among the behalf of the user Business to Business E-Commerce Organizations work together and carrying out transactions such as collaborating on a product, supply chains etc. With today’s web lack of standards for data exchange Use of semantic web: XML is a big improvement, but need to agree on vocabulary. Future will be the use of ontologies to agree on meanings and interpretations Personal Agents Agents are essentially processes that have evolved from object-oriented programming; agent is an active objects Agents will use metadata to find resources on the web; ontologies will be used to interpret statements; logic will be used for drawing conclusions Agents will not completely replace humans; but will make the tasks of the humans much easier. Example: John is a president of a company. He needs to have a surgery for a serious but not a critical illness. With current web he has to check each web page for relevant information, make decisions depending on the information provided With the semantic web, the agent will retrieve all the relevant information, synthesize the information, ask John if needed, and then present the various options to John and also makes recommendations Semantic Web Technologies Explicit metadata - XML, RDF, etc. Ontologies (e.g, OWL) Logic/Rules (e.g., RuleML, SWRL) Explicit metadata Metadata is data about data Need metadata to be explicitly specified so that different groups and organizations will know what is on the web Using metadata, one can then carry out various activities such as searching, integration and executing actions Metadata specification languages include XML and RDF Ontologies Explicit and formal specification of conceptualization describes a domain of discourse Consists of concepts and prelateships between them Web searches can exploit ontologies to facilitate the search process Ontology languages include XML, RDF, OWL Ontology Engineering? Tools and Techniques to - Create Ontologies - Specify Ontologies - Maintain Ontologies - Query Ontologies - Evolve Ontologies - Reuse Ontologies - Incorporate features such as security, data quality, integrity Logic Logic can be used to specify facts as well as rules New facts and derived from existing facts based on the inference rules Descriptive Logic is the type of logic that has been developed for semantic web applications Example Logic-based languages: SWRL, RuleML Semantic web vs. Artificial Intelligence - Goal of Artificial Intelligence is to build an intelligent agent exhibiting human-level intelligence - Goal of the semantic web is to enable machine understandable web pages Overview of Web Services Service Oriented Architectures Web Services Description Language UDDI SOAP WSDL with XML Security OASIS Federated identity Service Oriented Architectures (SOA) A service-oriented architecture is essentially a collection of services. ; These services communicate with each other. A service is a function that is well-defined, self-contained, and does not depend on the context or state of other services The communication can involve either simple data passing or it could involve two or more services coordinating some activity. Some means of connecting services to each other is needed. The technology of web services is the most likely connection technology of service-oriented architectures. Web services essentially use XML Technology create a robust connection. A service consumer sends a service request message to a service provider ; The service provider returns a response message to the service consumer. The request and subsequent response connections are defined in some way that is understandable to both the service consumer and service provider. A service provider can also be a service consumer. Web Services BusinessEntity <dsig:Signature> tModel Query UDDI BusinessService PublisherAssertion BusinessService Service requestor Service provider BindingTemplate Web Services Description Language The Web Services Description Language (WSDL) forms the basis for Web Services. The steps involved in providing and consuming a service are: - A service provider describes its service using WSDL. This definition is published to a directory of services. The directory could use Universal Description, Discovery, and Integration (UDDI). Other forms of directories can also be used. - A service consumer issues one or more queries to the directory to locate a service and determine how to communicate with that service. - Part of the WSDL provided by the service provider is passed to the service consumer. This tells the service consumer what the requests and responses are for the service provider. - The service consumer uses the WSDL to send a request to the service provider. - The service provider provides the expected response to the service consumer. UDDI The UDDI registry is intended to eventually serve as a means of "discovering" Web Services described using WSDL . The idea is that the UDDI registry can be searched in various ways to obtain contact information and the Web Services available for various organizations. UDDI registry is a way to keep up-to-date on the Web Services your organization currently uses Alternative to UDDI is ebXML Directory SOAP All the messages are sent using SOAP. (SOAP at one time stood for Simple Object Access Protocol; Now, the letters in the acronym have no particular meaning .) SOAP essentially provides the envelope for sending the Web Services messages. SOAP generally uses HTTP , but other means of connection may be used. HTTP is the familiar connection we all use for the Internet. It is the pervasiveness of HTTP connections that will help drive the adoption of Web Services. WDSL with XML WSDL uses XML to define messages. XML has a tagged message format. Both the service provider and service consumer use these tags. In fact, the service provider could send the data in any order. The service consumer uses the tags and not the order of the data to get the data values. Security Security and authorization specifications include: - eXtensible Access Control Markup Language (XACML) - eXtensible Rights Markup Language (XrML) - Security Assertion Markup Language (SAML) - Service Protection Markup Language (SPML) - Web Services Security (WSS) - XML Common Biometric Format (XCBF) - XML Key Management Specification (XKMS) Security Firewalls - Specialized XML firewalls offer the promise of protecting - internal systems when using Web Services. Traditional firewalls offer protection at the packet level and do not examine the contents of messages. XML firewalls, on the other hand, examine the contents of messages. This includes the SOAP headers and the XML content. They are designed to permit authorized content to pass through the firewall. Security: Examples XACML, SAML, WSS XACML (OASIS Spec) - eXtensible Access Control Markup Language (XACML) provides fine grained control of authorized activities, the effect of characteristics of the access requestor, the protocol over which the request is made, authorization based on classes of activities, and content introspection. SAML (OASIS Spec) - It is an XML framework for exchanging authentication and authorization information. It is used with WSS WSS (OASIS Spec) - It describes enhancements to SOAP messaging in order to provide quality of protection through message integrity, and single message authentication. These mechanisms can be used to accommodate a wide variety of security models and encryption technologies. OASIS Organization for the Advancement of Structured Information Standards (OASIS) OASIS is a not-for-profit, global consortium that drives the development, convergence, and adoption of e-business standards. Members themselves set the OASIS technical agenda, using a lightweight, open process expressly designed to promote industry consensus and unite disparate efforts. OASIS produces worldwide standards for security, Web Services, XML conformance, business transactions, electronic publishing, topic maps, and interoperability within and between marketplaces. OASIS also hosts XML.org, which provides information about the application of XML, and The Cover Pages which is a reference collection supporting the SGML/XML family of markup language standards and their application. Federated Identity Federated identity allows users to link identity information between accounts without centrally storing personal information. Also, users can control when and how their accounts and attributes are linked and shared between domains and Service Providers, allowing for greater control over their personal data. In practice, this means that users can be authenticated by one company or Web site and be recognized and delivered personalized content and services in other locations without having to re-authenticate or sign on with a separate username and password. Standards include Identity Web Services Framework (I-WSF)