Published Versions 2 Vol 2 (1) : 66–77 2019
Download
Ontology-based Access Control for FAIR Data
198 9 0
Abstract & Keywords
Abstract: This paper focuses on fine-grained, secure access to FAIR data, for which we propose ontology-based data access policies. These policies take into account both the FAIR aspects of the data relevant to access (such as provenance and licence), expressed as metadata, and additional metadata describing users. With this tripartite approach (data, associated metadata expressing FAIR information, and additional metadata about users), secure and controlled access to object data can be obtained. This yields a security dimension to the “A” (accessible) in FAIR, which is clearly needed in domains like security and intelligence. These domains need data to be shared under tight controls, with widely varying individual access rights. In this paper, we propose an approach called Ontology-Based Access Control (OBAC), which utilizes concepts and relations from a data set's domain ontology. We argue that ontology-based access policies contribute to data reusability and can be reconciled with privacy-aware data access policies. We illustrate our OBAC approach through a proof-of-concept and propose that OBAC to be adopted as a best practice for access management of FAIR data.
Keywords: Access control; Semantic technology; Ontology; Security; FAIR
Acknowledgements
Part of this work was supported by the Titanium Project (funded by the EC under grant agreement 740558). The work was also supported by TNO’s internal research project “ERP AI”.
[1]
T. Berners-Lee. Information management: A proposal. (1990). Available at: https://www.w3.org/History/1989/proposal.html.
[2]
T. Berners-Lee, J. Hendler, & O. Lassila. The semantic web. Scientific American 284(5) (2001), 34-43. Available at: http://www.sciam.com/article.cfm?articleID=00048144-10D2-1C70-84A9809EC588EF21.
[3]
C. Bizer, T. Heath, & T. Berners-Lee. Linked data - The story so far. International Journal on Semantic Web and Information Systems 5(3)(2009), 1-22. doi:10.4018/jswis.2009081901.
[4]
B. Mons, C. Neylon, J. Velterop, M. Dumontier, L.O.B. da Silva Santos, & M.D. Wilkinson. Cloudy, increasingly FAIR; revisiting the FAIR Data guiding principles for the European Open Science Cloud. Information Services & Use 37 (2017), 49–56. doi:10.3233/ISU-170824.
[5]
M.D. Wilkinson, M. Dumontier, Ij.J. Aalbersberg, G. Appleton, M. Axton, A. Baak, …, & B. Mons. The FAIR Guiding Principles for scientific data management and stewardship. Scientific Data 3(2016), 160018. doi: 10.1038/sdata.2016.18.
[6]
W. Safire. You are a suspect, The New York Times. (2002). Available at: https://www.nytimes.com/2002/11/14/opinion/you-are-a-suspect.html.
[7]
S. Wood. The paradox of police data. KULA: Knowledge Creation, Dissemination, and Preservation Studies 2(2018), 9. doi:10.5334/kula.34.
[8]
P. James. Dark net marketplace data (Agora 2014-2015). (2017). Available at: https://kaggle.com/philipjames11/dark-net-marketplace-drug-data-agora-20142015.
[9]
Apache Jena - Apache Jena Fuseki, Apache, 2018. Available at: https://jena.apache.org/documentation/fuseki2/.
[10]
B. Parducci, H. Lochhart, & R. Levinson (eds.) OASIS eXtensible access control Markup Language (XACML) TC. (2017). Available at: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.
[11]
AuthZForce (Community Edition) - Authzforce, 2019. Available at: https://authzforce.ow2.org/ .
[12]
E. Yuan, & J. Tong. Attributed based access control (ABAC) for Web services. In: IEEE International Conference on Web Services (ICWS’05), 2005, pp. 561-569. doi:10.1109/ICWS.2005.25.
[13]
V.C. Hu, D. Ferraiolo, R. Kuhn, A. Schnitzer, K. Sandlin, R. Miller, & K. Scarfone. Guide to attribute based access control (ABAC) definition and considerations, National Institute of Standards and Technology, 2014. doi:10.6028/NIST.SP.800-162; bibtex:hu_NIST14.
[14]
T. Priebe, W. Dobmeier, & N. Kamprath. Supporting attribute-based access control with ontologies. In: First International Conference on Availability, Reliability and Security (ARES’06), 2006, pp. 465 – 472. doi:10.1109/ARES.2006.127.
[15]
H. Shen. A semantic-aware attribute-based access control model for Web services. In: A. Hua, & S.-L. Chang (eds.) Algorithms and Architectures for Parallel Processing. Berlin: Springer, 2009, pp. 693–703.
[16]
N.K. Sharma, & A. Joshi. Representing attribute based access control policies in OWL. In: 2016 IEEE Tenth International Conference on Semantic Computing (ICSC), 2016, pp. 333–336. doi:10.1109/ICSC.2016.16.
[17]
A. Padia, T. Finin, & A. Joshi. Attribute-based fine grained access control for triple stores. In: 3rd Society, Privacy and the Semantic Web - Policy and Technology Workshop, 14th International Semantic Web Conference, 2015. Available at: https://ebiquity.umbc.edu/paper/abstract/id/706/Attribute-based-Fine-Grained-Access-Control-for-Triple-Stores.
[18]
M. Console, & M. Lenzerini. Data quality in ontology-based data access: The case of consistency. In: Twenty-Eighth AAAI Conference on Artificial Intelligence, 2014, pp. 1020-1026. Available at: https://www.aaai.org/ocs/index.php/AAAI/AAAI14/paper/view/8552 .
[19]
P. Holub, F. Kohlmayer, F. Prasser, M.Th. Mayrhofer, I. Schlünder, G.M. Martin,… & J.-E. Litton. Enhancing reuse of data and biological material in medical research: From FAIR to FAIR-Health. Biopreservation and Biobanking 16(2)(2018), 97–105. doi:10.1089/bio.2017.0110.
[20]
M. Corpas, N.V. Kovalevskaya, A. McMurray, & F.G.G. Nielsen. A FAIR guide for data providers to maximise sharing of human genomic data. PLOS Computational Biology 14 (2018), e1005873. doi:10.1371/journal.pcbi.1005873.
[21]
I. Singh, M. Kuscuoglu, D.M. Harkins, G. Sutton, D.E. Fouts, & K.E. Nelson. OMeta: An ontology-based, data-driven metadata tracking system. BMC Bioinformatics 20(2019), 8. doi:10.1186/s12859-018-2580-9.
[22]
A. Landi, M. Thompson, V. Giannuzzi, F. Bonifazi, I. Labastida, L.O. Bonino da Silva Santos & M. Roos. The “A” of FAIR – as open as possible, as closed as necessary. Data Intelligence 2(2020), 47–55. doi: 10.1162/dint_a_00027.
[23]
I. Labastida & T. Margoni. Licensing FAIR data for reuse. Data Intelligence 2(2020), 199–207. doi: 10.1162/dint_a_00042.
Article and author information
Cite As
C. Brewster, B. Nouwt, S. Raaijmakers & J. Verhoosel. Ontology-based access control for FAIR data. Data Intelligence 2(2020), 66–77. doi: 10.1162/dint_a_00029
Christopher Brewster
The authors worked collaboratively on the structure and outline of the paper. S. Rraaijmakers and C. Brewster (Christopher.Brewster@tno.nl) worked on the introduction, conclusions and related work and were responsible for overall editing.
christopher.brewster@tno.nl
Christopher Brewster is a Senior Scientist in the Data Science group at TNO, and Professor of Emerging Technologies at the Institute for Data Science, Maastricht University, The Netherlands. His PhD was in ontology learning from text from the University of Sheffield. His main research interests are the application of semantic technologies and more generally artificial intelligence (AI) to supply chains and the agri-food sector, and the ethical and social implications of the widespread use of data science and AI.
0000-0001-6594-9178
Barry Nouwt
The authors worked collaboratively on the structure and outline of the paper. B. Nouwt (barry.nouwt@tno.nl) and J. Verhoosel (jack.verhoosel@tno.nl) developed the OBAC core ideas, while B. Nouwt implemented the approach and provided the PoC description.
Barry Nouwt (MSc) is a medior Scientist in semantic technology at TNO within the Data Science department. He obtained a BSc degree in Computer Science from the Saxion University of Applied Sciences and an MSc degree in Artificial Intelligence at Utrecht University in 2008. Until 2015, he worked with SemLab B.V. on commercial applications of natural language processing (NLP) and Semantics, primarily in the Financial and Government domain. At TNO, Barry’s research activities center around ontologies, model-driven development and semantic reasoning with a focus on increasing the value of formalized domain knowledge.
0000-0002-9527-6039
Stephan Raaijmakers
The authors worked collaboratively on the structure and outline of the paper. S. Rraaijmakers (stephan.raaijmakers@tno.nl) initiated the paper and made the initial connection of OBAC with the security domain. S. Rraaijmakers and C. Brewster (Christopher.Brewster@tno.nl) worked on the introduction, conclusions and related work and were responsible for overall editing.
Stephan Raaijmakers is specialized in machine learning-based natural language processing. He received his PhD on information geometry for kernel machines from Tilburg University in 2009. At TNO, he works on a variety of artificial intelligence-related topics, including explainable deep learning. Recently, he has been appointed as professor in Communicative AI at Leiden University.
0000-0003-2984-6889
Jack Verhoosel
The authors worked collaboratively on the structure and outline of the paper. B. Nouwt (barry.nouwt@tno.nl) and J. Verhoosel (jack.verhoosel@tno.nl) developed the OBAC core ideas, while B. Nouwt implemented the approach and provided the PoC description.
Jack Verhoosel is a Senior Scientist at TNO and is part of the Data Science department within TNO. His group focuses on semantic interoperability, i.e., the efficient and effective use of information technology (IT) for the cooperation and information sharing between organizations. He specializes in semantic technology, artificial intelligence (AI) reasoning and data analytics. Research topics include (1) knowledge modelling in ontologies, (2) semantic Web and reasoning technology for data integration and (3) data analytics technology for big data applications. He applies his knowledge in various industry sectors, among others agriculture, industry, defence and the electronic government domain.
0000-0002-0121-636X
Publication records
Published: None (Versions2
References
Data Intelligence