A Semantic e-Wallet to Reconcile

1

• A Semantic e-Wallet to Reconcile
• Privacy and Context Awareness

Fabien L. Gandon Norman M. Sadeh Mobile
Commerce Lab. Carnegie Mellon University
2
Motivations

• Pervasive Computing
• Multiple sources of contextual informatione.g.
  calendar, location tracking, organizational info,
  pref.
• Virtual Enterprise Collaboration
• Selectively sharing of information with
  prospective and actual customers and
  supplierse.g. collaborative design, supplier
  evaluation, available-to-promise/capable-to-promis
  e information, order tracking
• Rather than exposing all these resources as
  individual semantic web services, organizations
  and individuals will want to have unified
  gateways to their information e-Wallets to
  allow resource identification enforce
  confidentiality logic

3
Vision - myCampus

• Campus as everyday life microcosm
• Enhance campus life through context-aware
  services accessible over a WLAN
• Approach
• Involve stakeholders in the design
• Semantic Web and agent technologies
• A growing collection of context-aware agents
  that
• Users can pull into their own personal
  environment
• Customize themselves through automated
  identification and access of relevant contextual
  resources

4
(No Transcript)
5
Servlet
behavior
HTTP Request
session
User Interaction Agent
behavior
session
HTTP Request
session
behavior
FIPA ACL messages and OWL Content
HTTP Request
session
Tomcat server
Directory Facilitator Agent (FIPA)
HTTP Request
Agent Management Agent (FIPA)
e-Wallet Manager Agent
Ontologist Agent
Task-Specific Agents
JADE platform
6
HTTP Request
User Interaction Agent
FIPA ACL messages and OWL Content
Type Service Owner
Directory Facilitator Agent (FIPA)
Yellow Pages
Name Address
Agent Management Agent (FIPA)
White Pages
e-Wallet Manager Agent
Ontologist Agent
Task-Specific Agents
JADE platform
7
HTTP Request
User Interaction Agent
FIPA ACL messages and OWL Content
Directory Facilitator Agent (FIPA)
Agent Management Agent (FIPA)
e-Wallet Manager Agent
XSLT
edition
visualization
Ontologist Agent
download
Ontologies
Task-Specific Agents
JADE platform
8
HTTP Request
User Interaction Agent
FIPA ACL messages and OWL Content
Directory Facilitator Agent (FIPA)
Agent Management Agent (FIPA)
e-Wallet Manager Agent
Ontologist Agent
Task-Specific Agents
JADE platform
9
User Interaction Agent
FIPA ACL messages and OWL Content
Directory Facilitator Agent (FIPA)
Agent Management Agent (FIPA)
XSLT
OWL (ontologies, annotations) Rules (definitions,
services, privacy) Queries
e-Wallet Manager Agent
JESS
edition
results
Ontologist Agent
Task-Specific Agents
JADE platform
10
e-Wallet

• Each user has a semantic e-Wallet
• Automated identification and access of a users
  personal resources subject to privacy preferences
• Personal resources implemented as semantic Web
  services
• Needs for procedural knowledge i.e. rules
• Resource identification rules
• Privacy / confidentiality rules
• Access Control rulese.g. Only my colleagues can
  see my location
• Obfuscation rulese.g. My colleagues can only
  see the building I am in but not the actual room
• Note The same concept applies to virtual
  organizations and B2B scenarios

11

• Example Query from John inquiring about Marys
  location
• Step-1 The sender of the query is John.
• Step-2 The query requires finding Marys
  location.
• Step-3
• (a) Is John allowed to see Marys location
  given what we currently know?
• (b) Checking Marys privacy/confidentiality
  preferences, e.g. Only her colleagues can see
  her location and only when she is on campus.
• (c) Is John a colleague of Mary? Yes.
• Step-4 No action in this example.
• Step-5 Finding Marys location by accessing some
  location tracking functionality or looking
  in her calendar.
• Step-6 Is Mary on campus? Yes.
• Step-7 Checking Marys obfuscation rules e.g.
  Mary is only willing to disclose the
  building she is in but not the specific room.
• Step-8 Mary is in Smith Hall.

12
Design of an e-Wallet

• Three-layer architecture security through typing
• Core knowledge static dynamic knowledge of
  user
• Service Layer invoke external sourcesof
  knowledge - web services andpersonal resources
• Privacy layer enforce privacy ruleson external
  requests - access control obfuscation
• Backward chaining migration privacy rules,
  service rules, static migration rules

13
Design of an e-Wallet

• Three-layer architecture security through typing
• Core knowledge static dynamic knowledge of
  user
• Service Layer invoke external sourcesof
  knowledge - web services andpersonal resources
• Privacy layer enforce privacy ruleson external
  requests - access control obfuscation
• Backward chaining migration privacy rules,
  service rules, static migration rules

14
e-Wallet and representation needs

• Static assertional knowledge
• Users static profile OWL annotations.
• Static contextual knowledge OWL annotations.
• Dynamic assertional knowledge
• Users dynamic profile
• Rules in (R)OWL to update profile
• Result entailed facts
• Dynamic contextual knowledge
• Rules in (W)OWL to identify and invoke web
  services
• Result facts returned by the web service
• Security and privacy
• Rules in (S)OWL to grant access and obfuscate
• Result authorized facts for query solving
• Ontologies in OWL.

15
Summary on the e-Wallet implementation
OWL Meta-model in CLIPS
16
e-Wallet semantic engine

• RDF Triple model
• RDFS OWL meta-model (e.g., symmetry of
  properties)

Triple (predicate, subject, object)
(deftemplate triple "Template representing a RDF
triple" (slot predicate (default ""))
(slot subject (default "")) (slot object
(default "")) )
ltrdfsClass rdfID"SymmetricProperty"gt
ltrdfslabelgtSymmetricPropertylt/rdfslabelgt
ltrdfssubClassOf rdfresource"ObjectProperty"/gt
lt/rdfsClassgt
(triple (predicate "http//www.w3.org/2000/01/rdf
-schemasubClassOf") (subject
"http//www.w3.org/2002/07/owlSymmetricProperty")
(object "http//www.w3.org/2002/07/owlObject
Property") ) (defrule symmetry (declare
(salience 100)) (triple (predicate
"http//www.w3.org/1999/02/22-rdf-syntax-nstype")
(subject ?p) (object "http//www.w3.org/
2002/07/owlSymmetricProperty")) (triple
(predicate ?p) (subject ?x) (object ?y)) gt
(assert (triple (predicate ?p) (subject ?y)
(object ?x))) )
17
e-Wallet semantic engine

• Ontologies (e.g., declare
  person, location, etc.)
• Annotations (e.g., Mary is in
  Smith Hall, etc.)
• Available online with XSLT translation stylesheets

ltowlClass rdfID"Person"gt ltrdfssubClassOf
rdfresource"Entity" /gt lt/owlClassgt ltowlObject
Property rdfID"location"gt ltrdfsdomain
rdfresource"Entity" /gt ltrdfsrange
rdfresource"Place"/gt lt/owlObjectPropertygt
(triple (predicate "http//www.w3.org/2000/01/rdf
-schemasubClassOf") (subject
"http//sadehlab.cs.cmu.edu/mycampusPerson")
(object "http//sadehlab.cs.cmu.edu/mycampusEn
tity") ) ...
ltmcWoman rdfID"http//cs.cmu.edu/People/mary"gt
ltmclocation rdfresource"http//cmu.edu/Smith
Hall"/gt lt/mcWomangt
(triple (predicate "http//sadehlab.cs.cmu.edu/my
campuslocation") (subject "http//cs.cmu.edu/P
eople/mary") (object "http//cmu.edu/SmithHal
l") ) ...
18
e-Wallet semantic engine

• Rules (e.g., when in I am in a
  meeting I am busy)

ltrowlRule direction"forward"gt
ltrdfslabelgtMeeting means busylt/rdfslabelgt
ltrowlheadgt ltmcPerson rdfID"variableperson
"gt ltmcavailabilitygtltmcBusy
rdfID"mcBusy"/gtlt/mcavailabilitygt
lt/mcPersongt lt/rowlheadgt ltrowlbodygt
ltmcPerson rdfID"variableperson"gt
ltmcactivitygt ltmcMeeting rdfID"variablea
ctivity"/gt lt/mcactivitygt lt/mcPersongt
lt/rowlbodygt lt/rowlRulegt
(defrule Meeting-means-busy ... (triple
(predicate "http//sadehlab.cs.cmu.edu/mycampusac
tivity") (subject ?person) (object
?activity)) (triple (predicate
"http//www.w3.org/1999/02/22-rdf-syntax-nstype")
(subject ?activity) (object
"http//sadehlab.cs.cmu.edu/mycampusMeeting")
) gt ...(assert (triple (predicate
"http//sadehlab.cs.cmu.edu/mycampusavailability"
) (subject ?person)(object "http//sadehlab.cs.c
mu.edu/mycampusBusy")
19
Service rules
ltwowlServiceRule wowlsalience"50"gt
ltrdfslabelgtprovide location for IP
Addresslt/rdfslabelgt ltwowloutputgt
ltmcEntity rdfID"variableentity"gt
ltmclocation rdfresource"variablelocation"
/gt lt/mcEntitygt lt/wowloutputgt
ltwowlpreconditiongt ltmcEntity
rdfID"variableentity"gtltmcipgtvariableiplt/m
cipgt lt/mcEntitygt lt/wowlpreconditiongt
ltwowlcallgt ltwowlService wowlname"call-web-s
ervice"gt ltwowlqnamegthttp//mycampus/WiFiServ
icelt/wowlqnamegt ltwowlendpointgthttp//128.2
.68.347788lt/wowlendpointgt
ltwowlmethodgtGetLocationlt/wowlmethodgt
ltwowlipgtvariableiplt/wowlipgt
lt/wowlServicegt lt/wowlcallgt lt/wowlServiceRulegt
(defrule provide-location-for-IP-Address (declare
(salience 50)) (need-dynamic_triple
(predicate "http//sadehlab.cs.cmu.edu/mycampuslo
cation") (subject ?entity) (object
?location) ) gt
(call-web-service "qname" "http//mycampus/WiFiSer
vice" () "ip" ?ip) )
20
Privacy rules
ltsowlReadAccessRulegt ltrdfslabelgtpeople can
only know I am on or off campuslt/rdfslabelgt
ltsowltargetgt ltmcPerson rdfID"variableow
ner"gt ltmclocation rdfresource"variable
location"/gt lt/mcPersongt lt/sowltargetgt
ltsowlcheckgt ltrowlAndgt ltrowlconditiongt
ltmcE-Wallet rdfID"variablee-Wallet"gt
ltmcownergt ltmcPerson rdfID"variableo
wner"/gt lt/mcownergt lt/mcE-Walletgt
lt/rowlconditiongt ltrowlnot-conditiongt
ltqowlQuery rdfID"variablequery"gt
ltqowlsender rdfresource"variableowner" /gt
lt/qowlQuerygt lt/rowlnot-conditiongt
ltrowlconditiongt ltmcPlace
rdfID"http//www.cmu.edu"gt
ltmcinclude rdfresource"variablelocation"
/gt lt/mcPlacegt lt/rowlconditiongt
lt/rowlAndgt lt/sowlcheckgt ltsowlrevisiongt
ltmcPerson rdfID"variableowner"gt
ltmclocation rdfresource"http//www.cmu.edu"/gt
lt/mcPersongt lt/sowlrevisiongt lt/sowlReadAcce
ssRulegt
Privacy rule grant access to location when on
campus but obfuscate precision
21
Query
ltqowlQuery rdfID""gt ltqowlsender
rdfresource"http//cs.cmu.edu/john"/gt lt/qowlQu
erygt ltmcPerson rdfID"http//cs.cmu.edu/mary"gt
ltmclocation rdfresource"variablelocation"
/gt lt/mcPersongt

• Query context assertion query sent by John
• Query rule definition
• Body request for authorized triples
• Head storage pretty printing function

(triple (predicate "http//mycampus.cs.cmu.edu/QO
WLlocation") (subject "") (object
"http//cs.cmu.edu/john") ) ...
(defrule query (declare (salience 0))
(authorized_triple (predicate
"http//sadehlab.cs.cmu.edu/mycampuslocation")
(subject "http//cs.cmu.edu/mary") (object
?location)) gt (store-result location
?location) )
22
HTTP Request
User Interaction Agent
FIPA ACL messages and OWL Content
Directory Facilitator Agent (FIPA)
Agent Management Agent (FIPA)
XSLT
OWL (ontologies, annotations) Rules (definitions,
services, privacy) Queries
e-Wallet Manager Agent
JESS
edition
results
Ontologist Agent
Task-Specific Agents
JADE platform
23
Concluding remarks

• Rather than directly publishing Web services,
  individuals and organizations will often want to
  expose a unified front-end (e-Wallet) that
• Enforces automated resource identification logic
• Enforces privacy/confidentiality (access
  obfuscation)
• Implementation
• Multi-layer reasoning engine that distinguishes
  between different types of knowledge (core k.,
  service invocation k., k. sanitized following
  application of confidentiality rules)
• OWL rule extension (essentially Horn clauses
  variables) and rule editor
• Validation with students accessing context-aware
  agents on CMUs campus

24
QA
Fabien L. Gandon Norman M. Sadeh
Sourcehttp//www.firstmonday.org/issues/issue4_9/
odlyzko/index.html