Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
DataSpace MIT Decentralized Information Group Tim Berners-Lee Lalana Kagal Hal Abelson Visitors: Joe Pato (HP) Danny Weitzner Gerry Sussman Latanya Sweeney (CMU) Collaborators: Joan Feigenbaum (Yale) Jim Hendler & Deb McGuinness (RPI) Wendy Hall & Nigel Shadbolt (Southampton) 1 Policy Awareness on the World-Wide Web • Problem: – Maintaining data use policies (privacy, security, ownership, compliance) becomes infeasible as data bases become increasingly interconnected via the Web • Idea – Tag information on the web with metadata that expresses policy – Use Semantic Web infrastructure so that metadata schemes are open an extensible – Develop rules and reasoning mechanisms that check for adherence with policy – Evaluate policies with reference to user preferences, user data, Web data, operating context • Benefits – Enables flexible, decentralized approach to policy management – Permits local control (vs. global authorities) – Can deal with contexts where access control is insufficient. 3 Information Accountability: When information has been used, it should to possible to determine what happened, and to pinpoint use that is inappropriate 4 Augmenting information architecture to support accountability • • • • • • • Information is annotated with provenance that identifies its source. Data transfers and uses are logged so that chains of transfers have audit trails Databases and data providers supply machine-readable policies that govern permissible uses of the data. Automated reasoning engines use policies to determine whether data use is appropriate. Reasoning preserves context information and justifications supported by truth-maintenance systems. As data items are combined, the usage rules governing the combinations are automatically deduced by means of a data-purpose algebra Users of manipulate information via policy-aware interfaces that can enforce policies and/or signal non-compliant uses. 5 Use Case: Sharing of Data in Fusion Centers Sender: Mia Analysa of Commonwealth Fusion Center • Data: Request for Information regarding Robert Guy • Receiver: Fedd Agenti of DHS • Is this allowed under policies of involved parties ? • 6 Policy reasoning result in Justification UI 7 Exploring Policy Reasoning Results 8 9 AIR: A Policy Language for Usage Rules :Rule1 a air:Belief-rule; air:variable :U2; air:variable :P2; air:variable :AP; air:label "FirstAIRRule"; air:pattern { :U2 a air:UseEvent; :refers-to [ a mit:ProxCardEvent ]; :purpose P2; :UseEvent :allowed-purposes :AP. :P2 is-member-of :AP }; air:assert { :U2 :validPurpose :P2 }. 10 DSpace @ MIT enforces privacy policy at http://libraries.mit.edu/dspace-mit/build/policies/privacy.html @prefix : <http://www.dspace.org/rules#> . @prefix action: <http://www.cs.umbc.edu/~lkagal1/rei/ontologies/ReiAction.owl#> . @prefix constraint: <http://www.cs.umbc.edu/~lkagal1/rei/ontologies/ReiConstraint.owl#> . ... :CU0002UserPrivacy a policy:Policy; policy:context :MITLibrariesPrivacyPolicy; policy:grants :UserProvdePersonalInfo; policy:grants :UsePersonalInfo; policy:grants :DoNotDisclosePersonalInfo; policy:grants :DoRemovePersonalInfo . :UserProvidePersonalInfo a deontic:Obligation; deontic:actor :varPerson; deontic:action :ProvidePersonalInfo; deontic:context :EventParticipationAndAlertSubscription; policy:desc "DSpace requires users to provide personal information if they: 1. are involved in the submission of DSpace content and metadata 2. subscribe to the DSpace alerting service" . :ProvidePersonalInfo a action:Action; a history:ModifyMetadata; action:actor :varPerson; action:target :varPersonInfo; policy:desc "Provide Personal Information is the act of supplying the metadata recorded as an EPerson's object in DSpace.". A snippet of DSpace policy, expressed in REI