Summary. The Semantic Web aims at enabling sophisticated and autonomic machine to machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the Semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate an automatic access to sensitive information. Policy-based access control provides sophisticated means in order to support protecting sensitive resources and information disclosure. However, the term policy is often overloaded. A general definition might be “a statement that defines the behaviour of a system”. However, such a general definition encompasses different notions, including security policies, trust management

Distributed Peer-to-Peer and Grid infrastructure require distributed access control mechanisms. These mechanisms can be implemented in distributed trust management infrastructures and usually require reasoning on more than one peer, as soon as authority is delegated or requests involve several authorities. Building on previous work of the authors which formalized such a distributed trust management infrastructure based on distributed logic programs, we describe in this paper how reasoning can be implemented as distributed logic evaluation and how loops during this evaluation can be handled with. Our solution is based on a loop tolerant distributed tabling algorithm which includes in the process protection of sensitive policies and generation of proofs without increasing the complexity of the system.

Recent efforts in the area of Web policy languages show concerns on how to better represent both context and rules of a domain to deal with large number of resources and users. Interaction between domains with different business rules is also another questionable issue in this same area. Web rule languages have been recently introduced as a means to facilitate interaction between parties with dissimilar policies and business rules. Efforts have been placed to further review the possibility of the proposed solutions and extend them to work with other Web technologies. In this paper, we introduce REWERSE Rule Markup Language (R2ML) as a Web rule language that can be employed to make concepts, policies, and elements of a domain digestible by another domain through the use of vocabularies, rules, and annotations. We also show how R2ML elements can model the concepts and elements of different policy languages and assist systems with diverse policies with their interactions. 1.

Summary. The Semantic Web aims at enabling sophisticated and autonomic machine to machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the Semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate an automatic access to sensitive information. Policy-based access control provide sophisticated means in order to support protecting sensitive resources and information disclosure. This chapter provides an introduction to policy-based security and privacy protection, by analyzing several existing policy languages. Furthermore, it shows how these languages can be used in a number of Semantic Web scenarios. 1

Abstract. Recently, there has been an increased amount of attention dedicated to WS-Policy- it has become a W3C submission and a working group was formed to standardize the specification. In our previous work, we provided a mapping of WS-Policy to OWL-DL. In this paper, we continue that work by analyzing the operation of policy intersection (determining whether two web service policies are compatible). We show how this operation motivates the use of a non-monotonic extension of OWL in the form of OWL default rules. We discuss our prototype implementation of an OWL defaults reasoner based on Baader and Hollunder’s terminological defaults. 1

Abstract. Service-Oriented Architectures (SOAs) suggest that IT systems should be developed from coarse-grained, loosely coupled, business-aligned components, so called services. One way towards loose coupling is to refrain from hard-coding policies in the system and to represent them explicitly. Semantic Web Services (SWS) add semantics to Web services (main realization of SOAs). However, SWS research currently ignores most of the work done on Web service policies, therefore in this paper we present a proposal for combining WSMO, a major SWS framework, and WS-Policy Framework, a set of specifications with heavy industrial backing. The resulting combination is aimed at serving as the basis of applying the logical reasoning capabilities that have been developed (or are being developed) for WSMO to WS-Policy, and the basis for integrating WSMO in the WS-Policy framework. 1

I declare and assure that I have written this Master-Thesis by myself, without any help from other persons. Further, I declare and assure that I have only used the sources and resources that are listed in the last chapter.

Summary. The semantic Web aims to enable sophisticated and autonomic machineto-machine interactions without human intervention, by providing machines not only with data but also with its meaning (semantics). In this setting, traditional security mechanisms are not suitable anymore. For example, identity-based access control assumes that parties are known in advance. Then, a machine first determines the identity of the requester in order to either grant or deny access, depending on its associated information (e.g., by looking up its set of permissions). In the semantic Web, any two strangers can interact with each other automatically and therefore this assumption does not hold. Hence, a semantically enriched process is required in order to regulate automatic access to sensitive information. Policy-based access control provides sophisticated means to support the protection of sensitive resources and information disclosure. This chapter provides an introduction to policy-based security and privacy protection by analyzing several existing policy languages. Furthermore, it shows how these languages can be used in a number of semantic Web scenarios.