Fine-grained filtering to provide access control for data providing services within collaborative environments

摘要

A data providing service (DPS) in service-oriented architecture is tasked only with the retrieval of data thatrnare annotated over a domain ontology. One particular motivating application of DPSs is their use withinrncollaborative environments. An important characteristic for the enterprises of such a collaborativernenvironment is the ability to employ data sharing with one another. A major concern in this situationrnis the protection of each enterprise’s privacy while still permitting data sharing. One potential solutionrnis to provide filtered data through access control. This work describes how to implement access controlrnthrough fine-grained filtering of DPS response messages; it is accomplished using a filtering ontology andrnrelations between the domain ontology of DPS and the proposed filtering ontology. Therefore, enterprisesrncan write enterprise-specific access control policies referencing a common filtering ontology defined withinrna collaborative environment, enabling access control-based data sharing within the environment. This workrnadditionally illustrates the implementation of our general solution to data providing web services, interpretedrnby an eXtensible Access Control Markup Language-based access control framework. The implementationrnis further evaluated in a case study of real world data, provided by a health research institute in London,rnCanada