Access Control and the Resource Description Framework: A Survey

Tracking #: 1280-2492

Sabrina Kirrane
Alessandra Mileo
Stefan Decker

Responsible editor: 
Bernardo Cuenca Grau

Submission type: 
Survey Article
In recent years we have seen significant advances in the technology used to both publish and consume structured data using the existing web infrastructure, commonly referred to as the Linked Data Web. However, in order to support the next generation of e-business applications on top of Linked Data suitable forms of access control need to be put in place. This paper provides an overview of the various access control models, standards and policy languages, and the different access control enforcement strategies for the Resource Description Framework (the data model underpinning the Linked Data Web). A set of access control requirements that can be used to categorise existing access control strategies is proposed and a number of challenges that still need to be overcome are identified.
Full PDF Version: 


Solicited Reviews:
Click to Expand/Collapse
Review #1
By Luca Costabello submitted on 10/Feb/2016
Review Comment:

The authors have successfully addressed all the points listed in my review.
I confirm this survey deserves to be accepted, being a valuable contribution to Linked Data researchers and practitioners.

Review #2
Anonymous submitted on 29/Mar/2016
Minor Revision
Review Comment:

The paper looks more structured and easy to read. Also the figures representing publication timelines are helpful since they provide
a syntetic description of how the different frameworks evolved.

The most of my previous issues has been fixed.
Here a few points that still need to be improved.

Specific issues

that there is already an assertion which states
that the user belongs to a given roles, as OWL is monotonic
it is not possible to removed this assertion from
the knowledge base."

Basically, you just rephrased this sentence. However, this is still confusing to me because,
first, non-monotonic extensions of OWL typically concerns preferential semantics, overriding, negation
as failure more than meta-predicates
like asserting or removing something. Furthermore, it is not clear why a framework cannot maintain the logic monotonic and deal these issues about the
dynamics of a knowledge base at a meta-level.
Why you need this at the object level? Provide a concrete example.

2.1.5 Policy specification
This part is still somewhat vague. Perhaps, some example would be helpful.

remove "which evaluates twelve different policy languages
against a set of criteria, that are deemed necessary
for ensuring security and privacy in a Semantic
Web context."

"there is a direct mapping between
permissions and prohibitions in Rei and the positive
and negative authorisations in KAoS, and also between
obligations and dispensations in Rei and the positive
and negative obligations in KAoS."
do you mean that prohibitions (resp. dispensations) in Rei corresponds to
negative authorizations (resp. negative obligations) in Kaos?