What may I do with your data? What do I have to do with your data? Policies and Provenance for Data Management
Download as PPTX, PDF0 likes1,173 views
The document discusses the management of data provenance within the semantic web, emphasizing the importance of policies that define what may and must be done with data. It outlines the use of a provenance graph to track and enforce obligations, permissions, and restrictions. The authors present a formal framework for implementing these policies to ensure a structured approach to data handling and decision making.
What may I do with your data? What do I have to do with your data? Policies and Provenance for Data Management
- 1. Web Science & Technologies University of Koblenz ▪ Landau, Germany Provenance in the Semantic Web http://wegov-project.eu/index.php Christoph Ringelstein & Steffen Staab WeST Steffen Staab 1 staab@uni-koblenz.de
- 2. Web Science & Technologies University of Koblenz ▪ Landau, Germany Provenance in the Semantic Web Querying, Inferencing Policies, Obligations http://wegov-project.eu/index.php Christoph Ringelstein & Steffen Staab WeST Steffen Staab 2 staab@uni-koblenz.de
- 3. Web Science & Technologies University of Koblenz ▪ Landau, Germany What may I do with your data? What do I have to do with your data? Policies and Provenance for Data Mgmt http://wegov-project.eu/index.php Christoph Ringelstein & Steffen Staab WeST Steffen Staab 3 staab@uni-koblenz.de
- 4. Do you remember? That CIA published a list of his agents on the internet…. That Italian tax office published all tax data about citizens on its Web page… Even in a friendly environment allowing/disallowing data handling is a big issue WeST Steffen Staab 4 staab@uni-koblenz.de
- 5. Our Assumptions Semantic Web: flexible graph data • with ontologies as delicious icing - if you want icing a great infrastructure to share data all over the place distributed publishing, querying, replication,… For instance: Facebook allows me to determine what pictures to share with who, BUT it is very inflexible! Access rights management is not sufficient, we need decisions on complex `business rules‘ WeST Steffen Staab 5 staab@uni-koblenz.de
- 6. Middle Rhine Hospital discharge transfer transfer Bob Alice Jane Doe (physician) (nurse) WeST Steffen Staab 6 staab@uni-koblenz.de
- 7. Middle Rhine Hospital 1. I want to describe Jane Doe what may be done with my record 2. I want to define what must be done with my record (obligation) WeST Steffen Staab 7 staab@uni-koblenz.de
- 8. WHAT MAY BE DONE? POLICIES FOR PERMIT & DENY WITH PAPEL WeST Steffen Staab 8 staab@uni-koblenz.de
- 9. discharge transfer ? transfer Bob Alice Jane Doe (physician) (nurse) WeST Steffen Staab 9 staab@uni-koblenz.de
- 10. (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. discharge transfer ? transfer Bob Alice Jane Doe (physician) (nurse) WeST Steffen Staab 10 staab@uni-koblenz.de
- 11. (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. Provenance-aware Policies Provenance Information Semantics discharge transfer ? transfer Bob Alice Jane Doe (physician) (nurse) WeST Steffen Staab 11 staab@uni-koblenz.de
- 12. Provenance ... step (record_jd, bob, null, discharge, 5, {4}) step (record_jd, bob, alice, transfer, 6, {5,13}) ... discharge transfer Bob Alice (physician) (nurse) WeST Steffen Staab 12 staab@uni-koblenz.de
- 13. Provenance ... step (record_jd, bob, null, discharge, 5, {4}) step (record_jd, bob, alice, transfer, 6, {5,13}) ... History now s1 s2 s3 s4 s5 s6 admission examination asking examination discharge transfer permit s10 s13 prepare return share s11 s12 share analysis WeST Steffen Staab 13 staab@uni-koblenz.de
- 14. Policies ? transfer Alice Jane Doe (nurse) WeST Steffen Staab 14 staab@uni-koblenz.de
- 15. Policies Contextual Information Actor, Time, .. XACML Provenance EPAL Information XrML History, .. transfer Properties of the Data Owner, Type, .. WeST Steffen Staab 15 staab@uni-koblenz.de
- 16. Policy Rules – Permit and Deny (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member). PAPEL Syntax for Policies: permit (ID) IF Condition . deny (ID) IF Condition . WeST Steffen Staab 16 staab@uni-koblenz.de
- 17. AFTER Operator (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member). ? discharge transfer transfer Bob Alice Jane Doe (physician) (nurse) WeST Steffen Staab 17 staab@uni-koblenz.de
- 18. Evaluation of Conditions (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member). ... step (record_jd, bob, null, discharge, 5, {4}) step (record_jd, bob, alice, transfer, 6, {5,13}) ... WeST Steffen Staab 18 staab@uni-koblenz.de
- 19. Policies step (record_jd, alice, jane, transfer, 7, {6}) Alice (nurse) transfer Jane Doe ? WeST Steffen Staab 20 staab@uni-koblenz.de
- 20. Policies ... Facts: step (record_jd, bob, null, discharge, 5, {4}) step (record_jd, bob, alice, transfer, 6, {5,13}) History + Next Step + step (record_jd, alice, jane, transfer, 7, {6}) Rules: + permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER Policy Rule step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member). Query & Results: isAllowed(7). Allowed: permitted and not denied Invalid: not allowed WeST Steffen Staab 21 staab@uni-koblenz.de
- 21. Policies transfer Alice Jane Doe (nurse) WeST Steffen Staab 22 staab@uni-koblenz.de
- 22. WHAT MUST BE DONE? OBLIGATIONS WITH CARE WeST Steffen Staab 23 staab@uni-koblenz.de
- 23. Policies – Obligation (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. (P2): Staff members and the archive are permitted to transfer the record to staff members. (O1): Jane Doe demands to receive her record after her discharge. (O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge. (D1): Jane Doe is denied to transfer her record. discharge transfer transfer Jane Doe Bob Alice (physician) (nurse) WeST Steffen Staab 24 staab@uni-koblenz.de
- 24. Policies – Obligation (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. (P2): Staff members and the archive are permitted to transfer the record to staff members. (O1): Jane Doe demands to receive her record after her discharge. (O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge. (D1): Jane Doe is denied to transfer her record. Obligation 1 discharge transfer transfer Jane Doe Bob Alice (physician) (nurse) archive WeST Steffen Staab 25 staab@uni-koblenz.de
- 25. (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. (P2): Staff members and the archive are permitted to transfer the record to staff members. (O1): Jane Doe demands to receive her record after her discharge. (O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge. (D1): Jane Doe is denied to transfer her record. Obligation 1 Obligation 2 transfer transfer transfer Alice (nurse) archive Jane Doe WeST Steffen Staab 26 staab@uni-koblenz.de
- 26. (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. (P2): Staff members and the archive are permitted to transfer the record to staff members. (O1): Jane Doe demands to receive her record after her discharge. (O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge. (D1): Jane Doe is denied to transfer her record. Obligation 1 Obligation 2 transfer transfer transfer Alice (nurse) archive Jane Doe WeST Steffen Staab 27 staab@uni-koblenz.de
- 27. (P1): Staff members are permitted to transfer the record to Jane Doe after her discharge. (P2): Staff members and the archive are permitted to transfer the record to staff members. (O1): Jane Doe demands to receive her record after her discharge. (O2): A nurse has to transfer the record to the archive if she received it after the patient’s discharge. (D1): Jane Doe is denied to transfer her record. Obligation 1 Obligation 2 transfer transfer transfer Alice (nurse) archive Bob (physician) Jane Doe WeST Steffen Staab 28 staab@uni-koblenz.de
- 28. Future Execution Graph History now Future Execution Graph .. s2 s3 s4 s5 s6 examination asking examination discharge transfer .... .. s8.a .. .. .. permit s7.a s8.b s8.c s10 prepare share invalid s11 .... share allowed s12 s13 analysis WeST Steffen Staab 29 staab@uni-koblenz.de
- 29. Closing History now Future Execution Graph .. s2 s3 s4 s5 s6 examination asking examination discharge transfer .... .. s8.a .. .. .. permit s7.a s8.b s8.c s10 prepare share invalid s11 .... share allowed s12 s13 analysis closed WeST Steffen Staab 30 staab@uni-koblenz.de
- 30. The Destiny .. s2 s3 s4 s5 s6 examination asking examination discharge transfer .... .. s8.a .. .. .. permit s7.a s8.b s8.c s10 prepare share invalid s11 .... share allowed s12 s13 Destiny analysis closed WeST Steffen Staab 31 staab@uni-koblenz.de
- 31. The Destiny .. s2 s3 s4 s5 s6 examination asking examination discharge transfer .... .. s8.a .. .. .. permit s7.a s8.b s8.c s10 prepare share invalid s11 .... share allowed s12 s13 Destiny analysis closed WeST Steffen Staab staab@uni-koblenz.de 32 ?
- 32. Which next steps have a destiny? ? discharge transfer transfer Alice (nurse) archive Jane Doe WeST Steffen Staab 33 staab@uni-koblenz.de
- 33. Policies ... Input: step (record_jd, bob, null, discharge, 5, {4}) step (record_jd, bob, alice, transfer, 6, {5,13}) History + Next Step + + Policy Rules step (record_jd, alice, jane, transfer, 7, {6}) + permit (ID) IF step (record_jd, S, jane_doe, transfer, ID, _) AFTER step (record_jd, _, _, discharge, _, _) AND instance_of (S, staff_member). Translation: Axioms specifying possible steps. Axioms + Translation + Translation to colored Petri nets. Decision: Reachability of a future state where all obligations are met. WeST Steffen Staab 34 staab@uni-koblenz.de
- 34. Which next steps have a destiny? discharge transfer transfer Alice (nurse) archive Jane Doe WeST Steffen Staab 35 staab@uni-koblenz.de
- 35. Conclusion Policies with Obligations: `Business rules‘ may decide about what may/may not and must be done to your data Provenance Graph is core to store what has and will be done to data Formal underpinning of our approach makes it semantically sound and complete WeST Steffen Staab 36 staab@uni-koblenz.de
- 36. Web Science & Technologies University of Koblenz ▪ Landau, Germany Thank You! http://wegov-project.eu/index.php Key Publications Ringelstein, Christoph; Staab, Steffen (2010): PAPEL: A Language and Model for Provenance-Aware Policy Definition and Execution. In: BPM 2010 - International Conference on Business Process Management. Ringelstein, Christoph (2011): Data Provenance and Destiny in Distributed Environments. PhD-Thesis. Univ Koblenz, 2011. They also link to a few more…. WeST Steffen Staab 37 staab@uni-koblenz.de