Databases Reference
In-Depth Information
interpretations and semantics. For example, under certain contexts, portions
of the document may be unclassified while under certain other contexts the
document may be classified [14, 15].
Once XML and RDF have been secured the next step is to examine secu-
rity for ontologies and inter-operation. That is, ontologies may have security
levels attached to them. Certain parts of the ontologies could be secret while
certain other parts may be unclassified. The challenge is how does one use
these ontologies for secure information integration? Researchers have done
some work on the secure interoperability of databases. We need to revisit this
research and then determine what else needs to be done so that the informa-
tion on the web can be managed, integrated and exchanged securely. Logic,
proof and trust are at the highest layers of the semantic web. That is, how
can we trust the information that the web gives us?
We also need to examine the inference problem for the semantic web.
Inference is the process of posing queries and deducing new information. It
becomes a problem when the deduced information is something the user is
unauthorized to know. With the semantic web, and especially with data min-
ing tools, one can make all kinds of inferences. Recently there has been some
research on controlling unauthorized inferences on the semantic web. We need
to continue with such research (see, for example, [16, 17]).
Security should not be an afterthought. We have often heard that one
needs to insert security into the system right from the beginning. Similarly
security cannot be an afterthought for the semantic web. However, we cannot
also make the system inecient if we must guarantee one hundred percent
security at all times. What is needed is a flexible security policy. During some
situations we may need one hundred percent security while during some other
situations say thirty percent security (whatever that means) may be sucient.
3.4 XML Security
Various research efforts have been reported on XML security (see for example,
[18]). We briefly discuss some of the key points. The main challenge is whether
to give access to entire XML documents or parts of the documents. Bertino et
al. have developed authorization models for XML. They have focused on access
control policies as well as on dissemination policies. They also considered
push and pull architectures. They specified the policies in XML. The policy
specification contains information about which users can access which portions
of the documents. In [18] algorithms for access control as well as computing
views of the results are presented. In addition, architectures for securing XML
documents are also discussed. In [19] the authors go further and describe how
XML documents may be published on the web. The idea is for owners to
publish documents, subjects to request access to the documents and untrusted
publishers to give the subjects the views of the documents they are authorized
to see.
