Databases Reference
In-Depth Information
Now to make the semantic web secure, we need to ensure that RDF doc-
uments are secure. This would involve securing XML from a syntactic point
of view. However with RDF we also need to ensure that security is preserved
at the semantic level. The issues include the security implications of the con-
cepts resource, properties and statements. That is, how is access control en-
sured? How can statements, properties and statements be protected? How
can one provide access control at a finer grain of granularity? What are the
security properties of the container model? How can bags, lists and alterna-
tives be protected? Can we specify security policies in RDF? How can we
resolve semantic inconsistencies for the policies? How can we express security
constraints in RDF? What are the security implications of statements about
statements? How can we protect RDF schemas? These are dicult questions
and we need to start research to provide answers. XML security is just the
beginning. Securing RDF is much more challenging (see also [23]).
3.6 Security and Ontologies
Ontologies are essentially representations of various concepts in order to avoid
ambiguity. Numerous ontologies have been developed. These ontologies have
been used by agents to understand the web pages and conduct operations such
as the integration of databases. Furthermore ontologies can be represented in
languages such as RDF or special languages such as web ontology language
(OWL).
Now, ontologies have to be secure. That is, accesses to the ontologies have
to be controlled. This means that different users may have access to different
parts of the ontology. On the other hand, ontologies may be used to specify
security policies just as XML and RDF have been used to specify the policies.
3.7 Secure Query and Rules Processing for the Semantic Web
The layer above the Secure RDF layer is the Secure Query and Rules process-
ing layer. While RDF can be used to specify security policies (see, for example,
[23]), the web rules language being developed by W3C is more powerful to
specify complex policies. Furthermore, inference engines are being developed
to process and reason about the rules (e.g., the Pellet engine developed at the
University of Maryland). One could integrate ideas from the database infer-
ence controller that we have developed (see [24]) with web rules processing to
develop an inference or privacy controller for the semantic web.
The query-processing module is responsible for accessing the heteroge-
neous data and information sources on the semantic web. Researchers are
examining ways to integrate techniques from web query processing with se-
mantic web technologies to locate, query and integrate the heterogeneous data
and information sources. We need to examine the security impact of query
processing.
