Semantic Web technologies allow on-line resources to be semantically annotated to support more effective and intelligent online services. However, ontologies sometimes may contain sensitive information. Providing access to them requires proper control to ensure the data protection requirement. Yet, the protection should not be too restrictive to make the access management inflexible. While there has been recent work on policy-based access control, in this paper, the authors present a policy representation specifically for access control on ontology-based data and explain how issues like policy propagation and policy conflict resolution are addressed. The authors present bucket-based query rewriting algorithms for realizing the access control policies to avoid sensitive resources leakage in the context of the Semantic Web. The authors validate the correctness of the proposed mechanisms by going through some illustrative examples in detail.
A Role and Attribute Based Access Control System Using Semantic Web Technologies
