what may i do with your data? what do i have to do with your data? policies and provenance for data...
DESCRIPTION
Invited Talk at Microsoft eScience Workshop 2011, Stockholm, December 2011 cf. also http://www.uni-koblenz.de/~cringel/pub/Ringelstein_PhDThesis_2011.pdfTRANSCRIPT
Steffen [email protected]
1WeST
http://wegov-project.eu/index.php
Web Science & Technologies
University of Koblenz ▪ Landau, Germany
Provenance in the Semantic Web
Christoph Ringelstein & Steffen Staab
Steffen [email protected]
2WeST
http://wegov-project.eu/index.php
Web Science & Technologies
University of Koblenz ▪ Landau, Germany
Provenance in the Semantic Web
Christoph Ringelstein & Steffen Staab
Querying, Inferencing Policies, Obligations
Steffen [email protected]
3WeST
http://wegov-project.eu/index.php
Web Science & Technologies
University of Koblenz ▪ Landau, Germany
What may I do with your data? What do I have to do with your data?
Policies and Provenance for Data Mgmt
Christoph Ringelstein & Steffen Staab
Steffen [email protected]
4WeST
Do you remember?
That CIA published a list of his agents on the internet….
That Italian tax office published all tax data about citizens on its Web page…
Even in a friendly environment allowing/disallowing data handling is a big issue
Steffen [email protected]
5WeST
Our Assumptions
Semantic Web: flexible graph data
• with ontologies as delicious icing - if you want icing a great infrastructure to share data all over the place distributed publishing, querying, replication,…
For instance: Facebook allows me to determine what pictures to share with who, BUT it is very inflexible!
Access rights management is not sufficient, we need decisions on complex `business rules‘
Steffen [email protected]
6WeST
Alice (nurse)
transfer transfer discharge
Bob (physician)
Jane Doe
Middle Rhine Hospital
Steffen [email protected]
7WeST
Jane Doe 1. I want to describe
what may be done
with my record
2. I want to define what
must be done with my
record (obligation)
Middle Rhine Hospital
Steffen [email protected]
9WeST
Alice (nurse)
transfer transfer discharge
Bob (physician)
Jane Doe
?
Steffen [email protected]
10WeST
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.
Alice (nurse)
transfer transfer discharge
Bob (physician)
Jane Doe
?
Steffen [email protected]
11WeST
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.
Alice (nurse)
transfer transfer discharge
Bob (physician)
Jane Doe
? Provenance-aware
Policies
Provenance Information
Semantics
Steffen [email protected]
12WeST
Provenance
transfer discharge
Bob (physician)
Alice (nurse)
...step (record_jd, bob, null, discharge, 5, {4})step (record_jd, bob, alice, transfer, 6, {5,13})...
Steffen [email protected]
13WeST
...step (record_jd, bob, null, discharge, 5, {4})step (record_jd, bob, alice, transfer, 6, {5,13})...
Provenance
s1admission
s2examination
s3asking permit
s6transfer
History now
s4examination
s10prepareshare
s11share
s12analysis
s13return
s5discharge
≤𝐻
Steffen [email protected]
15WeST
transfer
Policies
ProvenanceInformation
History, ..
Propertiesof the Data
Owner, Type, ..
Contextual Information
Actor, Time, ..
XACMLEPALXrML
Steffen [email protected]
16WeST
Policy Rules – Permit and Deny
PAPEL Syntax for Policies:permit (ID) IF Condition .deny (ID) IF Condition .
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member).
Steffen [email protected]
17WeST
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member).
AFTER Operator
Alice (nurse)
transfer transfer discharge
Bob (physician)
Jane Doe
?
Steffen [email protected]
18WeST
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member).
Evaluation of Conditions
...step (record_jd, bob, null, discharge, 5, {4})step (record_jd, bob, alice, transfer, 6, {5,13})...
Steffen [email protected]
20WeST
Policies
Alice (nurse)
transfer
Jane Doe
?
step (record_jd, alice, jane, transfer, 7, {6})
Steffen [email protected]
21WeST
Policies
...step (record_jd, bob, null, discharge, 5, {4})step (record_jd, bob, alice, transfer, 6, {5,13})
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member).
step (record_jd, alice, jane, transfer, 7, {6})
+
Facts:
History + Next Step
Rules:
Policy Rule
Query & Results:
Allowed: permitted and not denied
Invalid: not allowed
+
isAllowed(7).
Steffen [email protected]
24WeST
Policies – Obligation
Alice (nurse)
transfer transfer discharge
Bob (physician)
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.(P2): Staff members and the archive are permitted to transfer the record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.(O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Jane Doe
Steffen [email protected]
25WeST
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.(P2): Staff members and the archive are permitted to transfer the record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.(O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Policies – Obligation
Alice (nurse)
transfer transfer discharge
Bob (physician)
Jane Doe
Obligation 1
archive
Obligation 2 transfer
Steffen [email protected]
26WeST
Alice (nurse)
Obligation 1
transfer transfer
Jane Doearchive
Obligation 2
transfer
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.(P2): Staff members and the archive are permitted to transfer the record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.(O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Steffen [email protected]
27WeST
Alice (nurse)
Obligation 1
transfer transfer
Jane Doearchive
Obligation 2
transfer
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.(P2): Staff members and the archive are permitted to transfer the record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.(O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Steffen [email protected]
28WeST
Alice (nurse)
Obligation 1
transfer
Jane Doearchive
Obligation 2
transfer
Bob (physician)
transfer
(P1): Staff members are permitted to transfer the record to Jane Doe after her discharge.(P2): Staff members and the archive are permitted to transfer the record to staff members.
(O1): Jane Doe demands to receive her record after her discharge.(O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge.
(D1): Jane Doe is denied to transfer her record.
Steffen [email protected]
29WeST
....s13
Future Execution Graph
s2examination
s3asking permit
s6transfer
s4examination
s10prepareshare
s11share
s12analysis
s5discharge
s7.a
s8.a
s8.b s8.c
..
.... .. .... ..
invalid
allowed
History now Future Execution Graph
Steffen [email protected]
30WeST
s13
Closing
s2examination
s3asking permit
s6transfer
s4examination
s10prepareshare
s11share
s12analysis
s5discharge
s7.a
s8.a
s8.b s8.c
..
.... .. .... ..
....
closed
invalid
allowed
History now Future Execution Graph
Steffen [email protected]
31WeST
s7.a
s13
The Destiny
s2examination
s3asking permit
s6transfer
s4examination
s10prepareshare
s11share
s12analysis
s5discharge
s8.a
s8.b s8.c
closed
Destiny
..
.... .. .... ..
....invalid
allowed
Steffen [email protected]
32WeST
s7.a
s13
The Destiny
s2examination
s3asking permit
s6transfer
s4examination
s10prepareshare
s11share
s12analysis
s5discharge
s8.a
s8.b s8.c
..
.... .. .... ..
....
?Destiny
closed
invalid
allowed
Steffen [email protected]
33WeST
Alice (nurse)
transfer transfer
Jane Doe
discharge
archive
transfer
?Which next steps have a destiny?
Steffen [email protected]
34WeST
Policies
...step (record_jd, bob, null, discharge, 5, {4})step (record_jd, bob, alice, transfer, 6, {5,13})
permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member).
step (record_jd, alice, jane, transfer, 7, {6})
+
Input:
History + Next Step +Policy Rules
Translation:
Axioms + Translation
Decision:
Reachability of a future state where all obligations are met.
Axioms specifying possible steps.
+Translation to colored Petri nets.
+
Steffen [email protected]
35WeST
Alice (nurse)
transfer transfer
Jane Doe
discharge
archive
transfer
Which next steps have a destiny?
Steffen [email protected]
36WeST
Conclusion
Policies with Obligations:`Business rules‘ may decide about what may/may not and must be done to your data
Provenance Graph is core to store what has and will be done to data
Formal underpinning of our approach makes it semantically sound and complete
Steffen [email protected]
37WeST
http://wegov-project.eu/index.php
Web Science & Technologies
University of Koblenz ▪ Landau, Germany
Thank You!
Key Publications
Ringelstein, Christoph; Staab, Steffen (2010): PAPEL: A Language and Model for Provenance-Aware Policy Definition and Execution. In: BPM 2010 - International Conference on Business Process Management.
Ringelstein, Christoph (2011): Data Provenance and Destiny in Distributed Environments. PhD-Thesis. Univ Koblenz, 2011.
They also link to a few more….