Copyright ©2001-2004 Norman Sadeh Semantic Web Technologies to Reconcile Privacy and Context Awareness Norman M. Sadeh ISRI- School of Computer Science

Copyright ©2001-2004 Norman Sadeh

Semantic Web Technologies to Reconcile Privacy and Context

Awareness

Norman M. SadehNorman M. SadehISRI- School of Computer ScienceISRI- School of Computer Science

Carnegie Mellon UniversityCarnegie Mellon UniversityPittsburgh, PA - USAPittsburgh, PA - USA


Mobility Challenge

Can no longer assume the user’s undivided Can no longer assume the user’s undivided attentionattention

Time criticalTime critical nature of many tasks nature of many tasks Limited input/outputLimited input/output functionality functionality


Context Awareness

……All this argues for:All this argues for:Higher levels of automationContext awareness…True also in fixed Internet scenarios


Sources of Contextual Information A user’s context information is distributed across a A user’s context information is distributed across a

number of disparate resourcesnumber of disparate resources CalendarCalendar Location trackingLocation tracking Address bookAddress book Buddy listsBuddy lists WeatherWeather

Available resources vary from one user to anotherAvailable resources vary from one user to another ……and over timeand over time

e.g. roaming across different networkse.g. roaming across different networks


Vision A A growing collection of context-aware agentsgrowing collection of context-aware agents that that

users can buy or subscribe tousers can buy or subscribe to

Personal resources modeled as Personal resources modeled as Semantic Web Semantic Web

servicesservices

Service profile Service profile

Each user has a Each user has a Semantic eWalletSemantic eWallet

Automated identification and access Automated identification and access of a user’s of a user’s

personal resources subject topersonal resources subject to privacy preferences privacy preferences


Semantic Web Approach Ontologies to explicitly represent and reason about:Ontologies to explicitly represent and reason about:

Personal/Contextual ResourcesPersonal/Contextual Resources Location tracking, calendar, organizational Location tracking, calendar, organizational

resources, messaging resources, preferences, etc.resources, messaging resources, preferences, etc. Contextual attributesContextual attributes

e.g. location, calendar activities, social or e.g. location, calendar activities, social or organizational context, etc.organizational context, etc.

PreferencesPreferences, incl. privacy preferences:, incl. privacy preferences: Access control preferencesAccess control preferences ““Obfuscation” rulesObfuscation” rules

Web servicesWeb services Automated service identification and accessAutomated service identification and access


Personal Resource Ontology: An Example

PersonalResource

Activity Information

Resource

LocationInformation

ResourceList of Friends

Sprint PCSLocation Tracking

CMU LocationTracking

Microsoft OutlookCalendar

IS-A

INSTANCE


MyCampus Project

MotivationMotivation:: Campus as “everyday life microcosm”Campus as “everyday life microcosm”

ObjectiveObjective:: Enhance campus life through context-aware services Enhance campus life through context-aware services

accessible over the WLANaccessible over the WLAN Methodology:Methodology:

Involve stakeholders in the designInvolve stakeholders in the designStudents and other members of the communityStudents and other members of the community

Evaluate and extrapolate to other environmentsEvaluate and extrapolate to other environmentsMobile Commerce, Mobile Enterprise, etc.Mobile Commerce, Mobile Enterprise, etc.


Overall Architecture

Wireless LAN

Wireless LAN

Calendar

Location Tracking

Internet and Intranet Semantic

Web-enabled Services

Internet and Intranet Semantic

Web-enabled Services

Task-SpecificAgents

e-Wallet

User’s Personal Environment

Social Context

Preferences

Semantic Web-enabled

Context Resources

Personal ResourceDirectory

(incl. Privacy Pref.)

Personal Resource Ontologies

Contextual Ontologies

PersonalPreference Ontologies

Service Ontologies

Semantic WebService Directory


Semantic eWallet Context-independent knowledgeContext-independent knowledge

Name, email address, context-independent preferencesName, email address, context-independent preferences Context-dependent knowledgeContext-dependent knowledge

““When driving, I don’t want to receive instant messages”When driving, I don’t want to receive instant messages” Service invocation rulesService invocation rules

Automated service identification and accessAutomated service identification and access Map contextual attributes onto different resources Map contextual attributes onto different resources

(personal and public)(personal and public) Privacy rulesPrivacy rules

Access control rulesAccess control rules ““Only my classmates can see my location”Only my classmates can see my location”

Obfuscation rulesObfuscation rules ““My classmates can only see the building I am in but My classmates can only see the building I am in but

not the actual room”not the actual room”


Location Tracking as Web Service

Location Trackingas a Web Service


e-e-

Asserting elementary needs for authorized information

Pre-check access rights

Post-checkaccess rights

Fetch usefulstatic knowledge

Application ofobfuscation rules

Query contextassertionQuery

Assertion ofauthorized knowledge

Result

Call relevant external services

Example : Example : Query from John inquiring about Mary’s locationQuery from John inquiring about Mary’s location the sender of the query is Johnthe sender of the query is John John’s query requires accessing Mary’s locationJohn’s query requires accessing Mary’s location

1.1.Is John allowed to see Mary’s location given what we know Is John allowed to see Mary’s location given what we know about the context of the query?about the context of the query?

2.2.Mary said she only allows colleagues to see her location when Mary said she only allows colleagues to see her location when she is on campusshe is on campus

3.3.John is a colleague of MaryJohn is a colleague of Mary Access location tracking functionality or Mary’s calendarAccess location tracking functionality or Mary’s calendar Is Mary on campus?Is Mary on campus? Mary is willing to disclose the building but not the room she is Mary is willing to disclose the building but not the room she is

inin Mary is in Smith HallMary is in Smith Hall


FIP

A A

CL

messages an

d O

WL

C

onten

t

JADE platform

User InteractionAgent

Directory FacilitatorAgent (FIPA)

Agent ManagementAgent (FIPA)

e-Wallet Manager Agent

Ontologist Agent

Task-Specific Agents


Directory FacilitatorAgent (FIPA)

Agent ManagementAgent (FIPA)

FIP

A A

CL

messages an

d O

WL

C

onten

tUser InteractionAgent

HTTP Request

e-Wallet Manager Agent

Ontologist Agent

Task-Specific Agents JADE platform


privacy

query

answer

Design of an e-Wallet Three-layer architecture: Three-layer architecture: security through security through

typingtyping Core knowledgeCore knowledge: User static & context-: User static & context-

sensitive knowledgesensitive knowledge Service LayerService Layer: Automatic identification : Automatic identification

and invocation of external sourcesand invocation of external sourcesof knowledge (e.g. public web services of knowledge (e.g. public web services and and personal resources)and and personal resources)

Privacy layerPrivacy layer: Enforces privacy rules: Enforces privacy rulesaccess control & obfuscation access control & obfuscation

All facts represented in OWLAll facts represented in OWL Backward chaining Backward chaining migration rulesmigration rules: privacy : privacy

rules, service rules, static migration rulesrules, service rules, static migration rules

service

CoreKnow-ledge


privacy

query

answer

e-e-

Design of an e-Wallet Three-layer architecture: Three-layer architecture: security through security through

typingtyping Core knowledgeCore knowledge: user static & context-: user static & context-

sensitive knowledgesensitive knowledge Service LayerService Layer: automatic identification : automatic identification

and invocation of personal and public and invocation of personal and public semantic web servicessemantic web services

Privacy layerPrivacy layer: enforces privacy rules: enforces privacy rules access control obfuscation rulesaccess control obfuscation rules

Asserting elementary needs for authorized information

Pre-check access rights

Post-checkaccess rights

Fetch usefulstatic knowledge

Application ofobfuscation rules

Query contextassertionQuery

Assertion ofauthorized knowledge

Result

Call relevant external services

service

CoreKnow-ledge


Implementation DetailsOWL

Meta-modelin CLIPS

OWLMeta-model

in CLIPS

Ontologyin OWL

Ontologyin OWL

Annotationin OWL

Annotationin OWL

Rulein (R)OWL

Rulein (R)OWL

Servicesin (W)OWLServices

in (W)OWL

Privacyin (S)OWL

Privacyin (S)OWL

Queryin (Q)OWL

Queryin (Q)OWL

OntologystylesheetOntologystylesheet

&

AnnotationstylesheetAnnotationstylesheet

&

Rulestylesheet

Rulestylesheet

&

Servicestylesheet

Servicestylesheet

&

Privacystylesheet

Privacystylesheet

&

Querystylesheet

Querystylesheet

&

Ontologyin CLIPSOntologyin CLIPS

Annotationin CLIPS

Annotationin CLIPS

Rulein CLIPS

Rulein CLIPS

Service rulein CLIPS

Service rulein CLIPS

Privacy rulein CLIPS

Privacy rulein CLIPS

Query rulesin CLIPS

Query rulesin CLIPS

XSLT Engine

Resultin OWLResultin OWL

JESS


Visualizing & Editing Preferences

Visualizing & editing a privacy rule


Editing Based on Existing Ontologies


Obfuscation Example User location finderUser location finder

City block level City level level


Slide Projector Agent


Empirical Evaluation Initial prototype working on Carnegie Mellon’s campusInitial prototype working on Carnegie Mellon’s campus

Restaurant concierge agent, message filtering agent, Restaurant concierge agent, message filtering agent, etc.etc.

Integration with calendar, location tracking, user Integration with calendar, location tracking, user profile, etc.profile, etc.

EvaluationEvaluation Context awareness adds valueContext awareness adds value Requires access to a broad range of resources/attributesRequires access to a broad range of resources/attributes Privacy concerns have to be addressedPrivacy concerns have to be addressed

Additional validation on context-aware enterprise and Additional validation on context-aware enterprise and DoD applicationsDoD applications


Concluding Remarks Context awareness helps overcome the limitations of mobile Context awareness helps overcome the limitations of mobile

devices and the time criticality of mobile scenariosdevices and the time criticality of mobile scenarios Context awareness makes privacy even more criticalContext awareness makes privacy even more critical Our experiments indicate that user preferences are often complexOur experiments indicate that user preferences are often complex

Incl. context-sensitive preferencesIncl. context-sensitive preferences Capturing these preferences is far from trivialCapturing these preferences is far from trivial

Default profiles, learning, dialogs, Default profiles, learning, dialogs, How far can we go?How far can we go?

Semantic Web approachSemantic Web approach Allows for policies that refer to concepts introduced in any Allows for policies that refer to concepts introduced in any

number of domain-specific ontologiesnumber of domain-specific ontologies Opportunities for reconciliation with P3P/APPELOpportunities for reconciliation with P3P/APPEL


Q&A

Source:http://www.firstmonday.org/issues/issue4_9/odlyzko/index.html

Documents

Copyright ©2001-2004 Norman Sadeh Semantic Web Technologies to Reconcile Privacy and Context Awareness Norman M. Sadeh ISRI- School of Computer Science