Databases Reference
In-Depth Information
isolation. That is, there is no one layer that should focus on security. Security
cuts across all layers and this is a challenge.
The organization of this section is as follows. Semantic web is discussed in
section 3.2. Aspects of securing the semantic web are discussed in section 3.3.
Security issues for XML, RDF and ontologies are discussed in sections 3.4,
3.5 and 3.6 respectively. Security for rules processing is the subject of section
3.7. Privacy and trust issues are discussed in section 3.8.
3.2 Semantic Web
The World Wide Web consortium (W3C) is specifying standards for the se-
mantic web [12]. These standards include specifications for XML, RDF, and
ontologies. Tim Berners Lee proposed a technology stack for the semantic web.
Essentially the semantic web consists of layers where each layer takes advan-
tage of the technologies of the previous layer. The lowest layer is the protocol
layer and this is usually not included in the discussion of the semantic tech-
nologies. The next layer is the XML layer. XML is a document representation
language. While XML is sucient to specify syntax, the semantics such as
“the creator of document D is John” is hard to specify in XML. Therefore the
W3C developed RDF. RDF uses XML syntax. The semantic web community
then went further and came up with specification of ontologies in languages
such as OWL. Note that OWL addresses the inadequacies of RDF. In order
to reason about various policies, the semantic web community has come up
with web rules language such as SWRL (semantic web rules language) and
Rules ML (rules markup language). For an overview of the semantic we refer
to the topic by Antoniou and van Harmelen [13].
Semantic web technologies are being utilized by many applications in-
cluding web services, information integration, and knowledge management,
information sharing and digital libraries. With the use of the semantic web
technologies, the applications can understand the web pages, conduct rea-
soning and make decisions. In this chapter we are interested in one of these
applications and that is web services. In particular, our goal is to integrate
semantic web technologies with web services and security.
3.3 Securing the Semantic Web
For example, consider the lowest layer. One needs secure TCP/IP, secure
sockets, and secure HTTP. There are now security protocols for these various
lower layer protocols. One needs end-to-end security. That is, one cannot
just have secure TCP/IP built on untrusted communication layers. That is,
we need network security. The next layer is XML and XML schemas. One
needs secure XML. That is, access must be controlled to various portions
of the document for reading, browsing and modifications. There is research
on securing XML and XML schemas. The next step is securing RDF. Now
with RDF not only do we need secure XML, we also need security for the
