We describe a shared ontology called SOUPA -- Standard Ontology for Ubiquitous and Pervasive Applications. SOUPA is designed to model and support pervasive computing applications. This ontology is expressed using the Web Ontology Language OWL and includes modular component vocabularies to represent intelligent agents with associated beliefs, desires, and intentions, time, space, events, user profiles, actions, and policies for security and privacy. We discuss how SOUPA can be extended and used to support the applications of CoBrA, a broker-centric agent architecture for building smart meeting rooms, and MoGATU, a peer-to-peer data management for pervasive environments. 1.

Semantic Web Services enable the dynamic discovery of services based on a formal, explicit specification of the requester needs. The actual Web Services that will be used to satisfy the requester's goal are selected at run-time and, therefore, they are not known beforehand. As a consequence, determining whether the selected services can be trusted becomes an essential issue. In this paper, we propose the use of the Peertrust language to decide if trust can be established between the requester and the service provider. We add modelling elements to the Web Service Modeling Ontology (WSMO) in order to include trust information in the description of Semantic Web Services. In this scenario, we discuss different registry architectures and their implications for the matchmaking process. In addition, we present a matching algorithm for the trust policies introduced.

Abstract. This paper describes SOUPA (Standard Ontology for Ubiquitous and Pervasive Applications) and the use of this ontology in building the Context Broker Architecture (CoBrA). CoBrA is a new agent architecture for supporting pervasive context-aware systems in a smart space environment. The SOUPA ontology is expressed using the Web Ontology Language OWL and includes modular component vocabularies to represent intelligent agents with associated beliefs, desire, and intentions, time, space, events, user profiles, actions, and policies for security and privacy. Central to CoBrA is an intelligent broker agent that exploits ontologies to support knowledge sharing, context reasoning, and user privacy protection. We also describe two prototype systems that we have developed to demonstrate the feasibility and the use of CoBrA. 1.

Web services are expected to be the key technology in enabling the next installment of the Web in the form of the Service Web. In this paradigm shift, Web services would be treated as first-class objects that can be manipulated much like data is now manipulated using a database management system. Hitherto, Web services have largely been driven by standards. However, there is a strong impetus for defining a solid and integrated foundation that would facilitate the kind of innovations witnessed in other fields, such as databases. This survey focuses on investigating the different research problems, solutions, and directions to deploying Web services that are managed by an integrated Web Service Management System (WSMS). The survey identifies the key features of a WSMS and conducts a comparative study on how current research approaches and projects fit in.

Abstract. The aim of this paper is to provide a general ontology that allows the specification of trust requirements in the Semantic Web Services environment. Both client and Web Service can semantically describe their trust policies in two directions: first, each can expose their own guarantees to the environment, such as, security certification, execution parameters etc.; secondly, each can declare their trust preferences about other communication partners, by selecting (or creating) ‘trust match criteria’. A reasoning module can evaluate trust promises and chosen criteria, in order to select a set of Web Services that fit with all trust requirements. We see the trust-based selection problem of Semantic Web Services as a classification task. The class of selected Semantic Web Services (SWSs) will represent the set of all SWSs that fit both client and Web Service exposed trust requirements. We strongly believe that trust perception changes in different contexts, and strictly depends on the goal that the requester would like to achieve. For this reason, in our ontology we emphasize first class entities “goal”, “Web Service ” and “user”, and the relations occurring among them. Our approach implies a centralized trust-based broker, i.e. an agent able to reason on trust requirements and to mediate between goal and Web Service semantic descriptions. We adopt IRS-III as our prototypical trust-based broker. 1

Abstract. Annotation with security-related metadata enables discovery of resources that meet security requirements. This paper presents the NRL Security Ontology, which complements existing ontologies in other domains that focus on annotation of functional aspects of resources. Types of security information that could be described include mechanisms, protocols, objectives, algorithms, and credentials in various levels of detail and specificity. The NRL Security Ontology is more comprehensive and better organized than existing security ontologies. It is capable of representing more types of security statements and can be applied to any electronic resource. The class hierarchy of the ontology makes it both easy to use and intuitive to extend. We applied this ontology to a Service Oriented Architecture to annotate security aspects of Web service descriptions and queries. A refined matching algorithm was developed to perform requirement-capability matchmaking that takes into account not only the ontology concepts, but also the properties of the concepts. 1

Summary. The Semantic Web aims at enabling sophisticated and autonomic machine to machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the Semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate an automatic access to sensitive information. Policy-based access control provides sophisticated means in order to support protecting sensitive resources and information disclosure. However, the term policy is often overloaded. A general definition might be “a statement that defines the behaviour of a system”. However, such a general definition encompasses different notions, including security policies, trust management

Web service providers specify access control policies to restrict access to their Web services. It turned out, that since the Web is an open, distributed and dynamic environment, in which a central controlling instance cannot be assumed, capability based access control is most suitable for this purpose. However, since practically every participant can certify capabilities defined in his/her own terminology, determining the semantics of certified capabilities and the trustworthiness of certification authorities are two major challenges in such a setting. In this paper, we show, (1) how certification authorities and their certification policies can be modeled semantically (2) how Web service providers can specify and check the consistency of their access control policies and (3) how end users can check automatically, whether they have access to a Web service.

A Web service is a software system designed to support interoperable application-to-application interactions over the Internet. Recently, there has been a growing interest in Web service composition, and some languages (e.g., WSBPEL and BPML) for modeling the composition have been proposed. In this paper, we focus on security constraints of Web service composition with semantic Web support, which have not been deeply investigated so far. Based on our prior work, we present a method for modeling security constraints and a brokered architecture, which exploits the REI reasoner, to build composite Web services according to the specified security constraints.

Simplifying the discovery of web services on one hand and protecting them from misuse on the other hand has initiated several lines of research in the area of policyaware semantic web services. However, the diversity of approaches, ontologies and languages chosen for defining Semantic Web services and policies has made the research area cluttered. It is now ambiguous how different registries and agents with different policy languages and Semantic Web service ontologies would share their information. In this paper we try to solve the problem of exchanging information between the registries by defining an interchange framework to transform business rules and concepts from one language to another using a third intermediary language called R2ML. The expressivity of the new framework exempts any service provider or service requester from the difficulties it may encounter during the process of transformation from one business rule language to the other. It also guarantees that information loss during transformation would be minimal. 1.