Gaining access to sensitive resources on the Web usually involves an explicit registration step, where the client has to provide a predetermined set of information to the server. The registration process yields a login/password combination, a cookie, or something similar that can be used to access the sensitive resources. In this paper we show how an explicit registration step can be avoided on the Semantic Web by using appropriate semantic annotations, rule-oriented access control policies, and automated trust negotiation. After presenting the PeerTrust language for policies and trust negotiation, we describe our implementation of implicit registration and authentication that runs under the Java-based MINERVA Prolog engine. The implementation includes a PeerTrust policy applet and evaluator, facilities to import local metadata, policies and credentials, and secure communication channels between all parties.

Trust is an important tool in human life, as it enables people to cope with the uncertainty caused by the free will of others. Uncertainty and uncontrollability are also issues in computer-assisted collaboration and electronic commerce in particular. A computational model of trust and its implementation can alleviate this problem. This survey

Researchers have recently begun to develop and investigate policy languages to describe trust and security requirements on the Semantic Web. Such policies will be one component of a run-time system that can negotiate to establish trust on the Semantic Web. In this paper, we show how to express different kinds of access control policies and control their use at run time using PeerTrust, a new approach to trust establishment. We show how to use distributed logic programs as the basis for PeerTrust’s simple yet expressive policy and trust negotiation language, built upon the rule layer of the Semantic Web layer cake. We describe the PeerTrust language based upon distributed logic programs, and compare it to other approaches to implementing policies and trust negotiation. Through examples, we show how PeerTrust can be used to support delegation, policy protection and negotiation strategies in the ELENA distributed eLearning environment. Finally, we discuss related work and identify areas for further research.

Grids support dynamically evolving collections of resources and users, usually spanning multiple administrative domains. The dynamic and crossorganizational aspects of Grids introduce challenging management and policy issues for controlling access to Grid resources. In this paper we show how to extend the Grid Security Infrastructure to provide better support for the dynamic and cross-organizational aspects of Grid activities, by adding facilities for dynamic establishment of trust between parties. We present the PeerTrust language for access control policies, which is based on guarded distributed logic programs, and show how to use PeerTrust to model common Grid trust needs.

Semantic Web Services enable the dynamic discovery of services based on a formal, explicit specification of the requester needs. The actual Web Services that will be used to satisfy the requester's goal are selected at run-time and, therefore, they are not known beforehand. As a consequence, determining whether the selected services can be trusted becomes an essential issue. In this paper, we propose the use of the Peertrust language to decide if trust can be established between the requester and the service provider. We add modelling elements to the Web Service Modeling Ontology (WSMO) in order to include trust information in the description of Semantic Web Services. In this scenario, we discuss different registry architectures and their implications for the matchmaking process. In addition, we present a matching algorithm for the trust policies introduced.

Abstract. Policies are being increasingly used for controlling the behavior of complex multi-agent systems. The use of policies allows administrators to regulate agent behavior without changing source code or requiring the consent or cooperation of the agents being governed. However, policy-based control can sometimes encounter difficulties when applied to agents that act in pervasive environments characterized by frequent and unpredictable changes. In such cases, we cannot always specify policies a priori to handle any operative run time situation, but instead require continuous adjustments to allow agents to behave in a contextually appropriate manner. To address these issues, some policy approaches for governing agents in pervasive environments specify policies in a way that is both context-based and semantically-rich. Two approaches have been used in recent research: an ontology-based approach that relies heavily on the expressive features of Description Logic (DL) languages, and a rule-based approach that encodes policies as Logic Programming (LP) rules. The aim of this paper is to analyze the emerging directions for the specification of semantically-rich context-based policies, highlighting their advantages and drawbacks. Based on our analysis we describe a hybrid approach that exploits the expressive capabilities of both DL and LP approaches. 1.

Abstract. Wireless connectivity and widespread diffusion of portable devices offer novel opportunities for users to share resources anywhere and anytime, and to form ad-hoc coalitions. Resource access control is crucial to leverage these ad-hoc collaborations. In pervasive scenarios, however, collaborating entities cannot be predetermined and resource availability frequently varies, even unpredictably, due to user/device mobility, thus complicating resource access control. Access control policies cannot be defined based on entity’s identities/roles, as in traditional access control solutions, or be specified a priori to face any operative run time condition, but require continuous adjustments to adapt to the current situation. To address these issues, this paper advocates the adoption of novel access control policy models that follow two main design guidelines: context-awareness to control resource access on the basis of context visibility and to enable dynamic adaptation of policies depending on context changes, and semantic technologies for context/policy specification to allow high-level description and reasoning about context and policies. The paper also describes the design of a semantic context-aware policy model that adopts ontologies and rules to express context and context-aware access control policies and supports policy adaptation. 1

This paper summarizes our efforts to develop capabilities for policy and contract management for Semantic Web Services applications. KAoS services and tools allow for the specification, management, analyzes, disclosure and enforcement of policies represented in OWL. We discuss three current Semantic Web Services applications as examples of the kinds of roles that a policy management framework can play: as an authorization service in grid computing environments, as a distributed policy specification and enforcement capability for a semantic matchmaker, and as a verification tool for services composition and contract management.

Policy Based Management (PBM) is a research topic that has been driven by the tremendous complexity inherent in the administration and management of present-day networking and telecommunications systems and services. The increasingly diverse organisational forms of modern industry represent a significant component of this complexity. Internet communities offer extreme examples of organisational diversity, since they often lack any central authority and many subsections operate with almost complete autonomy. This paper argues that PBM systems offer great potential in this domain due to the complexity of management arrangements. However, since these communities lack any single trusted administrative hierarchy, a centralised solution to policy engineering and management is not possible. This paper proposes an approach to modelling communities for PBM systems. This approach focuses on the concept of communities within a hierarchy of authority as the fundamental unit of organisational analysis. As such, the model reflects the distribution of authority in the real-world community, the resulting policies reflect the community's operational needs and contracts between the various groups and individuals that make up the community. Policy conflicts are used to identify organisational conflicts that must be resolved. In order to illustrate and validate these concepts, the paper presents a conceptual architecture and case study based on the secure management of an open publishing network. 1.

Abstract. Several research groups have grappled with the problem of characterizing and developing practical approaches for implementing adjustable autonomy and mixed-initiative interaction in deployed systems. However, each group takes a little different approach and uses variations of the same terminology in a somewhat different fashion. In this chapter, we will describe some common dimensions in order to better understand these important but ill-characterized topics. We will also sketch the approach to implementation we are developing in the context of our research on policygoverned autonomous systems. 1