modelling and reasoning languages for social networks policies
DESCRIPTION
Presentation given at EDOC 2009 on policy languages for social networks. Full paper available at http://www.governatori.net/papers/2010/eis10networks.pdfTRANSCRIPT
Modelling and Reasoning Languagesfor Social Networks Policies
Guido Governatori and Renato Iannella
EDOC 2009
c© NICTA 2009 1 / 20
The SPIN project: networks, people, information, sharing
Advanced Research on Web 2.0 Platforms for Profiles and Policiestowards improved Interoperability for Online Communities
Partial Profiles
User in ControlExposureMultiple ProfilesDistributed
Semantic Profiles
Increased NetworkThemesOpinionsExperience
Shared Policies
c© NICTA 2008 2 / 20
SPIN Shared Policies
Create an infrastructure to represent policies (e.g., privacy, rights, etc)for social networks. The framework includes languages to define policies,and tools to manipulate and reasoning with the policies
Expressive Language to capturesocial networks concepts
Conceptual languages to allowsfor end user transparency,accountability and policyawareness
Scalable reasoning techniques
Combination of policies: SocialNetwork policies and (multiple)user policies
PrivacyPolicy
Terms&
Conditions
SecurityPolicy
Unified policy
AccessPolicy
MyPublicPolicy
MyPrivatePolicy
MyPublicPolicy
MyPublicPolicy
MyPublicPolicy
MyPrivatePolicy
MyPrivatePolicy
MyPrivatePolicy
c© NICTA 2008 3 / 20
Policy Challenges
Policy Expression – how to unambiguously define the termsand conditions of a policy.
Policy Transparency – how to ensure all parties are aware ofthe policy and its implications.
Policy Conflict – how to detect potential incompatibilitiesbetween dependent policies.
Policy Accountability – how to track policy exceptions andobligations.
c© NICTA 2008 4 / 20
Policies on Social Networks
c© NICTA 2008 5 / 20
Key Policy Language Elements
A clear identification of the Asset (for any type of SocialNetwork content).
Actions that are allowed to be performed (Permissions) or notallowed to be performed (Prohibitions) can be articulated.
All the Parties involved can be specified (who assigns rights towhom).
Any Duties on Parties can be stipulated (their obligations thatmust be meet).
Constraints can be enumerated for any of the key entities.
c© NICTA 2008 6 / 20
ODRL: From Digital Right To Social Network
c© NICTA 2008 7 / 20
Social Network Use Case
Alice wants to give access to her wedding pictures only to peoplethat are fellows on both Flickr and Twitter and that have a blogshe commented at least twice during the last 10 days.
c© NICTA 2008 8 / 20
Dissecting Alice
Identifying the Wedding Photos
Alice is assigning rights
The permission is viewing
The recipient of the permission is the group of people thatmeet all of these criteria
Members of Flickr and Twitter, andHave Blog sites, andAlice has commented at least twice on these blogs,In the last 10 days.
c© NICTA 2008 9 / 20
Alice in ORDL
c© NICTA 2008 10 / 20
FCL: Policy Reasoning
policy conditions have a normative nature;
policy conditions can have exceptions;
conditions in policy can conflict with each other;
policies in a social networks can come from different sources;
policy conditions sometimes involve violations of other policyconditions.
c© NICTA 2008 11 / 20
Alice in Wonderland
Suppose that the network offers members the facility to createblacklists where a member can list members of the networks thatcannot access the member resources, and the user can specifyrestrictions on the resources available to members in a blacklist.
Alice decided that blacklisted members cannot access her resourcesat all. Moreover, suppose that Alice put Bob in the photoblacklist, but she has posted a few recent comments on Bob’sblog, and Bob is a member of the categories listed in Aliceconditions to access her wedding pictures.
c© NICTA 2008 12 / 20
Alice in Wonderland
Suppose that the network offers members the facility to createblacklists where a member can list members of the networks thatcannot access the member resources, and the user can specifyrestrictions on the resources available to members in a blacklist.
Alice decided that blacklisted members cannot access her resourcesat all. Moreover, suppose that Alice put Bob in the photoblacklist, but she has posted a few recent comments on Bob’sblog, and Bob is a member of the categories listed in Aliceconditions to access her wedding pictures.
c© NICTA 2008 12 / 20
Alice in Wonderland. Chapter 2
The network has another feature. Each user has a profile page, andthe user has to upload a picture to the profile page, and thispicture is available to everybody in the network. Members who donot comply with the above conditions cannot access othermembers’ private resources.
Alice puts a picture of her wedding as her public photo. Carl isanother Flickr and Twitter fellow of Alice (not in her blacklist, andshe repeatedly posted in his blog during the past week) who doesnot have his public picture in his profile.
c© NICTA 2008 13 / 20
Alice in Wonderland. Chapter 2
The network has another feature. Each user has a profile page, andthe user has to upload a picture to the profile page, and thispicture is available to everybody in the network. Members who donot comply with the above conditions cannot access othermembers’ private resources.
Alice puts a picture of her wedding as her public photo. Carl isanother Flickr and Twitter fellow of Alice (not in her blacklist, andshe repeatedly posted in his blog during the past week) who doesnot have his public picture in his profile.
c© NICTA 2008 13 / 20
FCL Blueprint
Combination of an efficient non-monotonic logic (defeasible logic) and adeontic logic of violation.
Used to model contracts, and business process compliance.
Facts are indisputable statements.
Defeasible rules are rules that can be defeated by contrary evidence.
A1, . . . ,An⇒ C
The superiority relation is a binary relation defined over the set ofrules. The superiority relation determines the relative strength oftwo (conflicting) rules.
Extended with deontic operators O,P,F ,⊗, obligation, permission,prohibition, violation (binary)
A1, . . . ,An⇒ OB1⊗·· ·⊗OBm
c© NICTA 2008 14 / 20
Reasoning with Policies
Positive defeasible conclusions: meaning that the conclusionscan be defeasible proved;
Negative defeasible conclusions: meaning that one can showthat the conclusion is not even defeasibly provable.
1 A is a fact; or2 there is an applicable defeasible rule for A, and either
1 all the rules for ¬A are discarded (i.e., not applicable) or2 every applicable rule for ¬A is weaker than an applicable strict
or defeasible rule for A.
c© NICTA 2008 15 / 20
Reasoning with Policies
Positive defeasible conclusions: meaning that the conclusionscan be defeasible proved;
Negative defeasible conclusions: meaning that one can showthat the conclusion is not even defeasibly provable.
1 A is a fact; or2 there is an applicable defeasible rule for A, and either
1 all the rules for ¬A are discarded (i.e., not applicable) or2 every applicable rule for ¬A is weaker than an applicable strict
or defeasible rule for A.
c© NICTA 2008 15 / 20
FCL at Work: Exceptions
Member resources on the network can be access by everybody,unless a resource is declared private
r1 :resource(x)⇒ P access(x)
r2 :private(x),¬owner(x ,y)⇒ Oy¬access(x)
r1 ≺ r2
c© NICTA 2008 16 / 20
FCL at Work: Conflicts
Alice’s wedding pictures policy
p1 : wedding photo(x),flickr(y), twitter(y),
blog(z ,y),posted(a,z , t1),posted(a,z , t2),
t1 > Now −10, t2 > Now −10⇒ Pyaccess(x)
r2 ≺ p1
If a member is a in blacklist then the member cannot accessprivate resources
p2 : private(x),blacklist(y)⇒ Oy¬access(x)
p1 ≺ p2
c© NICTA 2008 17 / 20
FCL at Work: Conflicts
Alice’s wedding pictures policy
p1 : wedding photo(x),flickr(y), twitter(y),
blog(z ,y),posted(a,z , t1),posted(a,z , t2),
t1 > Now −10, t2 > Now −10⇒ Pyaccess(x)
r2 ≺ p1
If a member is a in blacklist then the member cannot accessprivate resources
p2 : private(x),blacklist(y)⇒ Oy¬access(x)
p1 ≺ p2
c© NICTA 2008 17 / 20
FCL at Work: Violations
1 each member has to upload a picture to the profile page, andthis picture is available to everybody in the network
2 members who do not comply with the above conditionscannot access other members’ private resources
r3 : ⇒ Oxpublish public⊗Ox¬access(y)
c© NICTA 2008 18 / 20
Where are we?
fully implemented FCL rule engine (SPINdle, open source)
implementing a policy based social network server (prototype)
basic conflict detection and conflict resolution
What’s missing?
user friendly policy editor
better models of policy integration
scalability study
c© NICTA 2008 19 / 20
Where are we?
fully implemented FCL rule engine (SPINdle, open source)
implementing a policy based social network server (prototype)
basic conflict detection and conflict resolution
What’s missing?
user friendly policy editor
better models of policy integration
scalability study
c© NICTA 2008 19 / 20
If you are interested
http://spin.nicta.org.au
http://spin.nicta.org.au/spindleOnline
c© NICTA 2008 20 / 20