This wiki has undergone a migration to Confluence found Here
April 13th, 2010 Security Conference Call
Revision as of 14:22, 16 April 2010 by Finaversaggi (talk | contribs) (→Security and Privacy Ontology Project)
Contents
Security Working Group Meeting
Attendees
- Tabitha Albertson
- Steven Connolly
- Mike Davis Security Co-chair
- Suzanne Gonzales-Webb CBCC Co-chair
- Miles Hale
- Don Jorgenson
- Jim Kretz
- Galen Mulrooney
- Milan Petkovic
- Pat Pyette
- Ioana Singureanu
- Cliff Thompson
- Richard Thoreson CBCC Co-chair
- Serafina Versaggi
- Tony Weida
Agenda
- (05 min) Roll Call, Approve minutes 6 April 2010 & Accept Agenda
- (55 min) Security and Privacy Ontology Project
- Protégé Demonstration: RBAC Operations (Tony Weida)
- Ongoing Work
- PASS Audit
- US Realm Value Sets
Minutes
1. Action Items
Reminder: Composite Security and Privacy Domain Analysis Model ballot is now open. Please vote!
2. Resolutions
Minutes of 6 April were approved. Motion to approve by Mike Davis, seconded by Suzanne Gonzales-Webb
3. Updates/Discussion
Security and Privacy Ontology Project
- Mike attended the SOA Ontology project call on Monday, April 12 and reported that Protégé v.4.0.2 has been selected for use (the most recent and stable version of Protégé)
- Mike also reported on discussions taking place within the OASISXACML committee with respect to ontologies
- The committee approved a work item to investigate ontologioes and a follow up call took place with Jericho Systems to discuss strategies and determine how Jericho would be involved. The management of Jericho is concerned about how this work might impact their products so this needs to be resolved.
- The Security and Privacy Ontology project will be following the OASIS XACML committee activities as well as the SOA Ontology project as there are there opportunities for us to harmonize wit those efforts
- The focus of the rest of today’s meeting (which extended into the CBCC WG) for the next two hours was a presentation of the work underway by Tony Weida on developing an ontology for Role-based Access Control using Protégé. (The demonstration today was using the alpha version of Protégé v.4.1)
- Tony began with an overview of Description Logic (DL), OWL and the Protégé-OWL editor plug-in. Tony then proceeded into the RBAC ontology demonstration.
Some important concepts related to ontologies that were touched on include:
- Classes versus individuals
- Classes: when you’re dealing with a kind-of-something (concepts) and when you want to allow further precision
- Individuals: when you’re dealing with things that have an identity and can be counted (atoms), or you don’t need further precision.
- Open world assumption: Anything may be true unless it is proven false. This is in contrast to Closed-world assumption (e.g., database) where anything that cannot be found is assumed to be false.
- Necessary and Sufficient Conditions (≡): In logic, the words necessity and sufficiency refer to the implicational relationships between statements. The assertion that one statement is a necessary and sufficient condition of another means that the former statement is true if and only if the latter is true.
- Primitive classes versus Fully Defined classes
- Primitive: To be a member of a primitive class, an individual must either be directly asserted to be a member, or must be a member, by assertion or by inference, of a subclass. Primitive classes have only necessary conditions.
- Fully Defined: Defined classes have one or more necessary and sufficient conditions.
- Subsumption: Class-Superclass relationships. Each class includes its subclasses, but classes can have multiple parents.
- Disjointness: Classes are not disjoint by default; partial overlap of classes is assumed. Disjointness must be made explicit.
- No unique name assumption: different names may refer to the same entity, but OWL provides explicit constructs to express that two names denote distinct entities
- Reasoner: There are a number of Protégé-OWL plug-in reasoners that can be used with Protégé 4.0.2 using a DIG (Description Logic Implementation Group) compliant interface. Pellet and FACT++ are two open-source reasoners that can be configured to run in Protégé. A Reasoner allows Protégé to compute subsumptive relationships between classes and detect inconsistencies between classes. OWL provides the necessary expressivity to write class expressions for a reasoner to infer the polyhierarchy: universal restriction (only), existential restriction (some), number restriction (min, max, exactly), boolean operators (or, and, not), etc.