Security and the Semantic Web, An Overview
Security of the Semantic Web is of paramount importance. How can we determine what web developers can be trusted to accurately define domains? An inexperienced web developer may inefficiently define a particular domain. When something new is encountered regarding a particular domain, the knowledgebase will add the new items to the domain. The quality of data exchanged within the semantic web must be high and free of inconsistencies. There must exist a way to determine what additions to the ontologies and agents are valid and which are not, or what developers can be trusted and which cannot.
In a distributed computing environment, users are authenticated through a central server. The web cannot follow this model because it is too diverse. It is an open system and cannot conform to usual channels of authentication. More often than not on the web, the user of information does not know the originator of the information. A policy language allows an individual user to define and specify entities that are to be trusted. In dynamic systems, each entity will enforce its own individual policy. A trust management component cannot evaluate requests to perform authorization by using a global policy or trust relationship [Finin & Joshi 2002].
A policy language best handles the issue of who should be trusted when updating ontologies and agents. Each user has its own set of policies that determine what sources are trustworthy. Trust is subjective. A source that is considered trustworthy to one user may not be trust worthy at all to another user. A user can be a person, a company, or any other type of entity.
Access rights, inheritance and delegation also need to be considered. If a user has access rights to a particular company’s web site, say TD Waterhouse, should everyone that the user trust, also have access to TD Waterhouse’s website? Should TD Waterhouse honor that request? In addition, if TD Waterhouse trusts Morningstar.com, should the user inherit the trust and also trust Morningstar.com?
A policy language can be used to manage and delegate trust and access rights according to the user’s profile. Many researchers believe that a hierarchy of delegation will emerge. An agent can make any delegation, however just because an agent makes a delegation does not mean it will be honored. Whether or not an agent’s delegation will be honored depends on various factors such as the security policy, the agent’s rights, and the rights of the agents ahead of it in the delegation hierarchy. [Finin & Joshi 2002].
What will life be like with the Semantic Web?
“In the article on semantic web by Berners Lee et al., the semantic web is described to be a web that can understand and interpret web pages and manage activities for people.” [Thuraisingham, Hughes, & Allen 2002]. Activities may include providing timely information, supplying advice and managing day to day chores. If the advice pertains to selling a stock because the potential for it to fall significantly arises, if the advice is not timely, it may be of no value. For the semantic web to be successful, the data and information must be timely, accurate and precise.[Thuraisingham et al.].
Consider the following scenario: Joan is on her way to pick up her son, Adam from daycare when she has a car accident. A passerby sees the accident and immediately calls 911 on her cell phone. The passerby informs the 911 operator of the location of the accident. The emergency agent calls the police agent and Officer O’Reilly is dispatched to the scene of the accident. Officer O’Reilly arrives on the scene and sees that Joan is hurt and needs to go to the hospital. Officer O’Reilly’s agent notifies the medical emergency agent and an ambulance is dispatched to the scene of the accident. One of the paramedics sees Joan’s purse and looks through it and finds an emergency card. The paramedics’ agent contacts Derrick, Joan’s husband and notifies him that Joan was in a car accident and is being taken to St. Peters Hospital.
Derrick was on his way to a meeting with David. Derrick calls his personal agent and tells him what happened. He tells his agent to cancel his meeting, get directions to St. Peters Hospital and to call Joan’s sister Kathy and ask her to pick up Adam from daycare. Derrick’s agent goes online to superpages.com and finds that there are two St. Peters Hospitals in the area. Derrick’s personal agent queries the hospital agents of both hospitals to find out which hospital Joan has been taken to. The agent then queries the Map Quest agent to get directions to the hospital and notifies the car’s navigational agent. Derrick’s agent then calls Kathy to tell her to pick Adam up from daycare and take him to her house. The agent then notifies David’s agent that the meeting is cancelled due to a family emergency.
This scenario shows that soon there will be a growing number of active agents on the semantic web that will interact with each other and access information sources on the web in an effort to fulfill users’ needs.
The emergency agent contacts the police agent so that an officer can be dispatched. The officer’s agent contacts the medical agent to notify them of medical emergencies. These agents should have access to one another so that help can be provided when an emergency arises. On the other hand, Derrick’s agent needs to query the hospitals agent to retrieve information about Derrick’s wife. Should all agents be allowed to do this? Certainly not, but it’s important that Derrick be able to find out where his wife has been taken. How can the hospital agent determine who should be given access to this sensitive information? Derrick’s agent should also be able to communicate with Derrick’s car to give directions. It should also be able to communicate with David’s agent to cancel the meeting. As the semantic web comes to fruition, information will be used by an increasing number of agents and not by human users, and security will become increasingly important.
At first glance, one solution would be to extend the security mechanisms that apply to distributed systems for the semantic web. After further deliberation, it is evident that because the nature of the web is decentralized, and the extremely large number of agents and users and their diversity, that would be extremely difficult. Also, the set of users that would be granted access to information sources would need to be known in advance and that would be impossible to know. In addition all agents will not use the same security protocols or the same terminology to represent information. Any security mechanism chosen needs to be flexible, adaptable and easy to automate [Finin & Joshi 2002].
References
Finin, T., & Joshi, A. (2002). Agents, Trust, and Information Access on the Semantic Web. SIGMOD Record, 31(4), 30-35.
Thuraisingham, B., Hughes, E., & Allen, D. (2002). Dependable Semantic Web. Proceedings of the Seventh International Workshop on Object-Oriented Real-Time Dependable Systems (WORDS 2002), , 305-308.