Tuesday, 5/22/2007
10:30 AM - 11:30 AM
Level: Technical - Advanced

The Semantic Web offers great potential for unprecedented collaboration and sharing of data. However, as the Semantic Web moves deeper into corporations and government agencies, it is necessary to protect data from unauthorized use and disclosure. Access control to semantic information may be enabled through collecting, managing and storing metadata about each triple in persistence stores, so that provenance, security, and other contextual information can be associated with each subject-predicate-object relationship. In the U.S. Government, for example, each object or relationship in a persistence store may have a security classification, where access to the relationship itself needs to be controlled. Providing this level of access control is not without its challenges. This presentation focuses on how to secure this level of semantic information during storage, query, and exchange. Typical security problems such as Access Control and Policy Enforcement are discussed, and several strategies are presented for tackling these issues. Areas covered include trade-offs between Object-level security and Triple-level security and techniques to implement both. Triple level security alternatives of reification, quads, quints, n-tuples, and other methodologies are discussed in detail. Finally, we cover the security implementation specifics relating to RDF/XML interchange, RDF databases, and query of RDF data.

Eric Monk is a Principal Architect at McDonald Bradley, where he leads the Data Interoperability Core Competency focusing on interoperability solutions using Semantic Technologies. He has been working with semantic technologies for four years, with a heavy emphasis on the storage and retrieval of RDF/OWL data. He participated in the Semantic Web Challenge (part of the International Semantic Web Conference 2006) with the SIGNS project: a semantic web application built on top of a secure triple store.

Kevin T. Smith is the Technical Director of Information Assurance at McDonald Bradley, where he leads the SOA & Semantics Security Team (S3T) focusing on securing web services and semantic data integration initiatives for multiple projects. He is the author of many information security articles in industry magazines such as SOA/Web Services Journal, and has authored several technology books, including "The Semantic Web" (Wiley, 2003), "Professional Portal Development with Open Source Tools" (Wrox, 2004), and "More Java Pitfalls" (Wiley, 2003). Kevin has led web services security workshops and has spoken at numerous industry conferences, such as the RSA Security Conference, JavaOne, Net-Centric Warfare, the Object Management Group, the Association for Enterprise Integration, and ApacheCon.