A scenario of the rights protection use case is extended from [Hu, 2007], and shown as Figure 4, where a license agreement for content usage is signed between a DRM server Charlie and two DRM clients, Alice and Bob to facilitate the content usage rights for a server and privacy and fair use rights for each client.
A license agreement in different expressions are shown as follows:
1. Natural Language (NL):
A DRM content distributor server, Charlie, makes a license agreement with two content con-sumer clients, Alice and Bob. After each paying thirty dollars and receiving acknowledgement from Charlie, Alice and Bob are each given personal usage rights and may display an eBook, , TheSemanticWebPrimer, up to five times in each client’s side DRM controller box. They may each print it only once. The total number of actions, either displays or prints, done by Alice and Bob together, may be at most ten. The usage rights validity period is from 2008/05/07/00 : 00 to 2008/06/06/24 : 00.
However, if either Alice or Bob uses this eBook for teaching and research, then the usage rights constraint may be relaxed for fair use to comply with the Copyright law. In this case, a maximum of 25 consecutive pages of each eBook can be printed and an unrestricted number of pages can be displayed for an unlimited number of times with unlimited validity period. Fair use is not allowed if the usage purposes are not successfully verified. Furthermore, to protect the privacy rights of Alice and Bob, we allow each one to specify usage options for respective profiles and digital traces
Figure 4: A scenario of rights protection as a license agreement between a license server, Charlie, and two clients Alice, and Bob, to enforce the respective semantics-enabled rights protection web policies
before the DRM server can collect them. In this case, Alice only allows her DRM client’s controller to disclose her personal profile and online digital trace to a server for DRM control purposes but for no other purposes. On the other hand, Bob allows his DRM client’s controller to disclose his personal profile and online digital trace to a server, for DRM control as well as non-DRM control purposes, such as marketing and statistics.
2. Human readable abstract syntax:
agreement
between Charlie and {Alice,Bob}
about The Semantic Web Primer with inSequence[prePay[30.00], attribution[Charlie]]
Access control applied to a client for DRM in a client:
clientUsagePurpose:
case Non-FairUse{personal}:
|==> not[and[Time < 2008/05/07/00:00, Time > 2008/06/06/24:00]]
|==> with usageCount[10] ==>
and[forEachMember[{Alice,Bob};displayCount[5]]
==> display,
forEachMember[{Alice,Bob};printCount[1]]
==> print]
case FairUse{teaching,research}:
|==> forEachMember[{Alice,Bob}] ==> display
|==> forEachMember[{Alice,Bob};
not [and [printPage# > endPage#, printPage# < startPage#]]
|==> forEachMember[{Alice,Bob};
printPageCount[25]]
|==> forEachMember[{Alice,Bob}] ==> print
Access control applied to a server for privacy protection in a client:
serverUsagePurpose:
case DRMControl{DRMControl}:
|==> forEachMember[{Alice, Bob}, clientAllowPurpose[DRMControl]]
|==> forEachMember[{Alice,Bob},
profileDiscloseAllowed[personalProfile]==> disclose]
|==> forEachMember[{Alice,Bob},
traceDiscloseAllowed[digitalTrace]==> disclose]
case Non-DRMControl{Marketing,Statistics}:
|==> forEachMember[{Bob},
clientAllowPurpose[Non-DRMControl]]
|==> forEachMember[{Bob},
profileDiscloseAllowed[personalProfile]==> disclose]
|==> forEachMember[{Bob},
traceDiscloseAllowed[digitalTrace]==> disclose]
3. First Order Logic (FOL):
• Access control applied to a client for DRM in a client:
∀x((x = Alice ∨ x = Bob) ⇒
(∃t1∃t2(t1 < t2∧ P aid(30, t1) ∧ Attributed(Charlie, t2))
⇒ ∃y((y = teaching ∨ y = research) ∧ HasClientU sageP urpose(x, y))
⇒ Permitted(x, display, eBook))
⇒ ∀p∃sp∃ep
((hasP rintP age#(eBook, pg) ≥ startP age#(eBook, sp)
∧hasP rintP age#(eBook, pg) ≤ endP age#(eBook, ep)
⇒ hasP rintP ageCount(eBook, sub(ep, sp)) ≤ 25
⇒ Permitted(x, display, eBook))
⇒ ∃y((y = personal) ∧ hasClientU sageP urpose(x, y))
⇒ ∀t(hasU sageDateT ime(t) ≥ 2008/05/07/00 : 00
∧ hasU sageDateT ime(t) ≤ 2008/06/06/24 : 00)
⇒ hasDisplayCount(Alice, id1) + hasDisplayCount(Alice, id2) + hasP rintCount(Bob, id1) + hasP rintCount(Bob, id2) < 10
⇒ (hasDisplayCount(Alice, id1) < 5 ∧hasDisplayCount(Bob, id1) < 5
⇒ Permitted(x, display, eBook))
⇒ hasP rintCount(Alice, id2) < 1 ∧ hasP rintCount(Bob, id2) < 1
⇒ Permitted(x, print, eBook))))
• Access control applied to a server for privacy protection in a client:
∀x((x = Alice) ⇒
⇒ ∃p∃y∃f ∃d((p = DRM − control) ∧ y = Charlie)
⇒ serverU sageP urpose(p) ∧ personalP rof ile(f )
⇒ clientAllowP urpose(x, p) ∧ serverRequestP urpose(y, p)
⇒ P rof ileDiscloseAllowed(f, p)
⇒ Permitted(y, disclose, f )
⇒ T raceDiscloseAllowed(d, p)
⇒ Permitted(y, disclose, d))
∀x((x = Bob) ⇒
⇒ ∃p∃y∃f ∃d((p = DRM − control ∨ p = M arketing ∨ p = Statistics) ∧ y = Charlie)
⇒ serverU sageP urpose(p) ∧ personalP rof ile(f )
⇒ clientAllowP urpose(x, p) ∧ serverRequestP urpose(y, p)
⇒ P rof ileDiscloseAllowed(f, p)
⇒ Permitted(y, disclose, f )
⇒ T raceDiscloseAllowed(d, p)
⇒ Permitted(y, disclose, d))
7.1 Semantic web policies as O + R for a license
Three types of ontology are proposed to describe the concepts of data user, data type, and data usage purpose. In the data user ontology (see Figure 5), DRM − Client class is the set of content users for a client c ∈ DRM − Client class asks for content usage rights and a server s ∈ DRM − server class through enforcing DRM web policies in a client side’s DRM controller box to make its decision. On the other hand, a server s ∈ DRM − Server class who asks for customer data usage rights and the permission granting is also enforced by privacy protection web policies in a DRM controller box.
The data usage purpose ontology (see Figure 6) provides the classification concepts of data usage purpose for a DRM client and a DRM server. The Client − Usage − Purpose class provides data usage purposes for a DRM client to indicate whether it asks for a fair use or a not-fair use (such as a personal use) data usage. The Server − Usage − Purpose class constrains a DRM server so that it can only disclose data satisfied previous client’s opt-in purposes, such as DRM control or marketing,.
In the data type ontology (see Figure 7), the Digital − Content class provides the classification concepts of digital media content for users and Customer − Data class provides the classification concepts of client data for a selected server to access. In a client’s DRM controller box, most of the vocabularies used for describing the concepts of data user and data type ontologies for semantic DRM web policies are imported directly from the DRM server’s access control ontologies. The data usage purpose ontology
Figure 5: The data user ontology for the concepts of DRM client and DRM server taxonomy
Figure 6: The data usage purpose ontology for the concepts of client’s usage purposes and server’s usage purposes taxonomy
(see Figure 6) is the exception, where the concepts for describing data usage to achieve the fair use and privacy protection purposes are outside the DRM’s O + R representations (see Figure 3) 3.
7.2 Properties for data usage purposes
Properties in the data usage purpose ontology in Figure 6 for a DRM client’s to constraint the fair use and privacy protection purposes are shown as follows:
• HasClientUsagePurpose v HasUsagePurpose
• HasServerUsagePurpose v HasUsagePurpose
• T v ∀ HasUsagePurpose.Data − User4
• T v ∀ HasUsagePurpose−.Usage − Purpose5
• T v ∀ HasClientUsagePurpose.DRM − Client
3The first capital character in the predicates is a marker to indicate that they are directly created in the datalog rule.
4The Data − User class is defined as the domain of property HasUsagePurpose, as are as the following specifications.
5The Usage − Purpose class is defined as the range of property HasUsagePurpose, as are the following specifications.
Figure 7: The data type ontology for the concepts of digital content and customer data taxonomy
• T v ∀ HasClientUsagePurpose−.Client − Usage − Purpose
• T v ∀ HasServerUsagePurpose.DRM − Server
• T v ∀ HasServerUsagePurpose−.Server − Usage − Purpose
• T v ∀ HasResourceFairUse.Digital − Content
• T v ∀ HasResourceFairUse−.Client − Usage − Purpose
The domain class and range class of a property HasUsagePurpose and its sub-properties, such as HasClientUsagePurpose and HasServerUsagePurpose are imported from the data user and the data usage purpose ontologies. The datalog rules specified for the DRM control and privacy protection policies reuse these imported predicates to ensure all of the permission for information disclosure are satisfied.
7.3 O+R Representations
The O + R representations for a DRM server, Charlie, and a DRM client, Alice are shown as the following sections. The given ontology modules are shown as TBox axioms, ABox instances; the rule modules are shown as rules and facts. The enforcement of unifying semantic privacy protection web policies for the DRM system are explicitly demonstrated:
Let Π = (Γ, ∆) are the O + R knowledge representations of semantics-enabled web policies for privacy protection in the DRM system, where Γ = O = (axioms, instances), ∆ = R = (rules, facts).
• At the DRM license server Charlie’s site:
– Γ = O, ontology module at the Charlie site:
*Axioms in the ontology module for DRM:
hasDisplayRights v hasUsageRights hasPrintRights v hasUsageRights eBook v Digital − Content
DRM − Client v Data − User DRM − Server v Data − User Print − Count v Usage − Count Display − Count v Usage − Count hasDisplayRights v hasUsageRights hasPrintRights v hasUsageRights T v ∀ hasUsageCount.Data − User6
T v ∀ hasUsageCount−.Digital − Content T v ∀ hasDisplayCount.Data − User
T v ∀ hasDisplayCount−.Digital − Content T v ∀ hasPrintCount.Data − User
T v ∀ hasPrintCount−.Digital − Content T v ∀ hasUsageDateTime.Data − User
T v ∀ hasUsageDateTime−.Digital − Content
*Facts in the ontology module for DRM:
DRM − Client(Alice) DRM − Client(Bob) DRM − Server(Charlie), Teacher(Alice)
Researcher(Bob)
eBook(TheSemanticWebPrimer)
hasDisplayRights(Alice, TheSemanticWebPrimer)
*Axioms in the ontology module for privacy protection:
Personal − Profile v Customer − Data Digital − Trace v Customer − Data DRM − Trace v Digital − Trace Online − DRM − Trace v DRM − Trace T v ∀ ClientAllowPurpose.DRM − Client
T v ∀ ClientAllowPurpose−.Server − Usage − Purpose T v ∀ ServerRequestPurpose.DRM − Server
T v ∀ ServerRequestPurpose−.Server − Usage − Purpose T v ∀ ProfileDiscloseAllowed.Personal − Profile
T v ∀ ProfileDiscloseAllowed−.Server − Usage − Purpose
6In OWL − DL, maxCardinalityQ is shown as 6nP.C, where n is an integer number, P is a property and C is a class. So 65hasUsageCount.Usage − Count(?r, ?uc) indicates that a particular resource r, such as eBook is bound to a variable ?r, and the current usage count uc is bound to a variable ?uc with maximum number 5.
T v ∀ TraceDiscloseAllowed.Digital − Trace
T v ∀ TraceDiscloseAllowed−.Server − Usage − Purpose
*Facts in the ontology module for privacy protection:
Personal − Profile(AliceProfile) Personal − Profile(BobProfile) DRM − Trace(AliceDRMTrace) DRM − Trace(BobDRMTrace)
Server − Usage − Purpose(DRM − Control) Server − Usage − Purpose(Marketing) ClientAllowPurpose(Alice, DRM − Control) ClientAllowPurpose(Bob, DRM − Control) ClientAllowPurpose(Bob, Marketing)
ProfileDiscloseAllowed(AliceProfile, DRM − Control) TraceDiscloseAllowed(AliceDRMTrace, DRM − Control) ProfileDiscloseAllowed(BobProfile, Marketing) TraceDiscloseAllowed(BobDRMTrace, DRM − Control) ProfileDiscloseAllowed(BobProfile, DRM − Control) TraceDiscloseAllowed(BobDRMTrace, Marketing) – ∆ = R rule module at the Charlie site:
*Rules in the rule module for DRM:
hasDisplayRights(?x, ?r) ∧ hasSelldRights(?x, ?r)
=⇒ hasDisplaySelldRights(?x, ?r) ← (c1)
hasDisplaySelldRights(?x, ?r) ∧ delegateg(?x, ?y) ∧ hasPrepaid(?y, ?a)
=⇒ hasDisplayRights(?y, ?r) ← (c2)
· · · ·
*Rules in the rule module of privacy protection:
DRM − Client(?x) ∧ DRM − Server(?y) ∧ Server − Usage − Purpose(?p)
∧Personal − Profile(?f) ∧ ClientAllowPurpose(?x, ?p)
∧ServerRequestPurpose(?y, ?p) ∧ ProfileDiscloseAllowed(?f, ?p)
=⇒ PermittedCharlie(Disclose, ?f)) ← (c3)
DRM − Client(?x) ∧ DRM − Server(?y) ∧ Server − Usage − Purpose(?p)
∧Digital − Trace(?d) ∧ ClientAllowPurpose(?x, ?p)
∧ServerRequestPurpose(?y, ?p) ∧ TraceDiscloseAllowed(?d, ?p)
=⇒ PermittedCharlie(Disclose, ?d) ← (c4)
Rules (c1) and (c2) are Datalog − Safe DRM control rules, where all of the variables appearing in each rule’s head also appear in the rule’s body. Moreover, all of the predicates in these rules
are imported from DRM ontologies. More detailed descriptions can refer to [Hu, 2007]. Rules (c3) and (c4) are privacy protection rules that satisfy the DL − Safe conditions, where all of the rule variables occur at least in one of the datalog predicates in each rule’s body. When server Charlie requests a DRM controller box in Alice’s site to enforce privacy protection policies for disclosing Alice’s profile or a digital trace under the purpose of DRM control, it will be permitted, i.e., the following facts will be derived by rules (c3) and (c4):
PermittedCharlie(Disclose, AliceProfile) PermittedCharlie(Disclose, AliceDRMTrace)
Similarly, when server Charlie asks for disclosure of Bob’s profile or digital trace for DRM control purpose, it is also permitted. However, when server Charlie asks for the disclosure of Alice’s profile and digital trace for marketing purposes, it will not be permitted. In fact, we cannot ex-plicitly obtain the following two facts from rules (c3) and (c4):
PermittedCharlie(Disclose, AliceProfile) PermittedCharlie(disclose, AliceDRMTrace)
The fact is that Alice does not explicitly allow her profile and DRM digital trace to be shown as facts for marketing purposes in the ontologies module. Therefore server Charlie cannot obtain a positive permission from rules (c3) and (c4).
• At content consumer client Alice’s site:
– Γ = O, the ontology module at the Alice site:
Most of the axioms and facts for privacy protection in the ontology module in an Alice DRM controller box are the same as the results we have shown at server Charlie’s site except for fair use access control policies shown as the following:
*Facts in the ontology module for DRM:
Teacher(Alice), Researcher(Alice) HasClientUsagePurpose(Alice, Teaching) HasClientUsagePurpose(Alice, Research) HasResourceFairUse(TheSemanticWebPrimer)
≥3 HasStartPage#(TheSemanticWebPrimer, 20)
≤24HasEndPage#(TheSemanticWebPrimer, 20)
≤25HasPrintPageCount(TheSemanticWebPrimer, 17)
– ∆ = R, rules in the rule module for DRM to enforce fair use right:
*Rules in the rule module for DRM to enforce fair use:
Teacher(?x) ∧ DRM − Client(?x) ∧ Client − Usage − Purpose(Teaching)
=⇒ HasFairUseAllowed(?x, Teaching) ← (a1)
Researcher(?x) ∧ DRM − Client(?x) ∧ Client − Usage − Purpose(Research)
=⇒ HasFairUseAllowed(?x, Research) ← (a2)
hasDisplayRights(?x, ?r) ∧ eBook(?r) ∧ HasFairUseAllowed(?x, ?p)
∧HasClientUsagePurpose(?x, ?p) ∧ HasResourceFairUse(?r, ?p)
=⇒ PermittedAlice(Display, ?r, ?p) ← (a3)
hasDisplayRights(?x, ?r) ∧ eBook(?r) ∧ HasFairUseAllowed(?x, ?p)
∧HasClientUsagePurpose(?x, ?p)∧ ≥spHasStartPage#(?r, ?pg)
∧ ≤epHasEndPage#(?r, ?pg)∧ ≤25HasPrintPageCount(?r, ?c)
∧HasResourceFairUse(?r, ?p) =⇒ PermittedAlice(Print, ?r, ?p) ← (a4) hasDisplayRights(?x, ?r)∧ <10hasUsageCount.Usage − Count(?r, ?uc)
∧ <5hasDisplayCount.Display − Count(?r, ?dc)
∧ ≥2008/05/07/00:00hasUsageDateTime.Usage − DateTime(?r, ?ut)
∧ ≤2008/06/06:24:00hasUsageDateTime.Usage − DateTime(?r, ?ut)
=⇒ PermittedAlice(Display, ?r) ← (a5)
hasPrintRights(?x, ?r)∧ <10hasUsageCount.Usage − Count(?r, ?uc)
∧ <1hasPrintCount.Print − Count(?r, ?pc)
∧ ≥2008/05/07/00:00hasUsageDateTime.Usage − DateTime(?r, ?ut)
∧ ≤2008/06/06:24:00hasUsageDateTime.Usage − DateTime(?r, ?ut)
=⇒ PermittedAlice(Print, ?r) ← (a6)
*Facts in the rule module for DRM to enforce fair use right:
HasFairUseAllowed(Alice, Teaching) ← derived by (a1) HasFairUseAllowed(Alice, Research) ← derived by (a2)
The DRM system derives fair use rights of teaching and research for Alice by using rules (a1) and (a2) if Alice can provide her teacher or researcher’s digital certificate to the Charlie server and this certificate is verified successfully by a trusted third party (TTP) to endorse this fair use right. In this case, a maximum of 25 consecutive pages of TheSemanticWebPrimer eBook can be printed and an unrestricted number of pages can be displayed for an unlimited number of times when Alice asks for a request and is derived by (a3) and (a4) rules.
In another case, when Alice asks for content usage rights for TheSemanticWebPrimer of the eBook by using her personal digital certificate, a non-fair use right of this eBook for Alice is derived by the rules (a5) and (a6). All of the rules in (a1)-(a6) are DL − Safe because they satisfy the conditions that all of the variables occurred within the datalog predicate, i.e., the non-DL predicate of the rule’s body.
The DL − Safe conditions ensure a decidable computation time for each permission decision of a request.
8 Conclusions
RELs, such as ODRL and P3P, provide an information model and vocabularies for designing a license agreement through the integration of web protection policies from both client and server. However, we sometimes face a semantic ambiguity problem when we use REL-based web protection policies to represent and enforce the access rights of data use. In this chapter, we proposed a unifying semantic model of REL to unambiguously express and enforce fair use and privacy protection rights for digital content users. This formal semantic model of REL is based on the homogeneous (or tight) integration of ontologies and rules, i.e., SWRL-based O + R from the semantic web. A real-life scenario was given to demonstrate how to ensure the DRM server’s content usage rights and a DRM client’s fair use and privacy protection rights. This rights protection scenario, we believe, cannot be easily achieved by other semantic models, such as FOL, DL, and LP.
Appendix
This research was partially supported by the NSC of Taiwan under Grant No. NSC 98-2221-E-004-009.
References
[Anderson, 2006] Anderson, A. H. (2006). A comparison of two privacy policy languages: EPAL and XACML. In Pro-ceedings of the 3rd ACM Workshop on Secure Web Services (SWS’06) (pp. 53–60).: ACM.
[Ant´on et al., 2007] Ant´on, I. A. et al. (2007). A roadmap for comprehensive online for privacy policy management. Comm.
of the ACM, 50(7), 109–116.
[Antoniou et al., 2007] Antoniou, G. et al. (2007). Rule-based policy specification. In T. Yu & S. Jajodia (Eds.), Secure Data Management in Decentralized Systems (pp. 169–216). Springer.
[Arnab & Hutchison, 2005] Arnab, A. & Hutchison, A. (2005). Fair usage contracts for DRM. In DRM ’05: Proceedings of the 5th ACM workshop on Digital rights management (pp. 1–7).: ACM.
[Berstel et al., 2007] Berstel, B. et al. (2007). Reactive rules on the web. In Reasoning Web 2007, Third International Summer School, LNCS4636 Dresden, Germany: Springer.
[Boley et al., 2007] Boley, H. et al. (2007). Rule interchange on the web. In Reasoning Web 2007, Third International Summer School, LNCS 4636 Dresden, Germany: Springer.
[Bonatti et al., 2006] Bonatti, A. P. et al. (2006). Semantic web policies - a discussion of requirements and research issues.
In 3rd Eurpoean Semantic Web Conference (ESWC 2006) Budva, Montenergro.
[Cohen, 2003] Cohen, E. J. (2003). DRM and privacy. Commun. ACM, 46(4), 47–49.
[ContentGuard, 2002] ContentGuard, I. (2002). XrML: The digital rights language for trusted content and services. Tech-nical report, ContentGuard Inc. http://www.xrml.org/index.asp.
[Cranor et al., 2002] Cranor, L. et al. (2002). The platform for privacy preferences (P3P) 1.0 (p3p 1.0) specification.
http://www.w3.org/P3P/.
[Donini et al., 1998] Donini, M. F. et al. (1998). AL-log: Integrating datalog and description logics. Journal of Intelligent Information Systems, 10(3), 227–252.
[Eiter & Ianni, 2008] Eiter, T. & Ianni, G. (2008). Rules and ontologies for the semantics web. In Reasoning Web 2008, LNCS 5224 (pp. 1–53).: Springer.
[Erickson, 2003] Erickson, S. J. (2003). Fair use, DRM, and trusted computing. Commun. ACM, 46(4), 34–39.
[Feigenbaum et al., 2002] Feigenbaum, J. et al. (2002). Privacy engineering for digital rights management systems. In Digital Rights Management (DRM) Workshop 2002, volume 2320 of LNCS 2320 (pp. 76–105).: Springer.
[Garcia et al., 2005] Garcia, R., Gallego, I., & Delgado, J. (2005). Formalising ODRL semantics using web ontologies. In 2nd International ODRL Workshop Lisbon, Portugal. http://odrl.net/workshop2005/.
[Grau et al., 2008] Grau, C. B. et al. (2008). OWL 2: The next step for OWL. Web Semantics: Science, Services and Agents on the World Wide Web 3, (pp. 309–322).
[Grosof et al., 2003] Grosof, N. B. et al. (2003). Description logic programs: Combining logic programs with description logic. In World Wide Web 2003 (pp. 48–65). Budapest, Hungary.
[Guth & Iannella, 2005a] Guth, S. & Iannella, R. (2005a). ODRL V2.0 - Requirements. Working draft, The ODRL Initiative. http://odrl.net/2.0/v2req.html.
[Guth & Iannella, 2005b] Guth, S. & Iannella, R. (2005b). Open Digital Rights Language (ODRL) Version 2. Odrl initiative working draft, The ODRL Initiative. http://odrl.net/2.0/v2req.html.
[Guth & Iannella, 2007] Guth, S. & Iannella, R. (2007). ODRL V2.0 - Model Semantics. Working draft, The ODRL Initiative. http://odrl.net/2.0/v2req.html.
[Halpern, 2008] Halpern, Y. J. V. W. (2008). A formal foundation for XrML. Journal of the ACM, 55(1), 1–42.
[Hitzler et al., 2010] Hitzler, P. et al. (2010). Foundations of Semantic Web Technologies. CRC Press.
[Horrocks et al., 2005] Horrocks, I. et al. (2005). OWL rules: A proposal and prototype implementation. Web Semantics:
Science, Services and Agents on the World Wide Web 3, (1), 23–40.
[Hu, 2007] Hu, Y. J. (2007). Semantic-driven enforcement of rights delegation policies via the combination of rules and on-tologies. In Workshop on Privacy Enforcement and Accountability with Semantics in conjunction with ISWC+ASWC’07.
[Hu et al., 2008] Hu, Y. J., Guo, H. Y., & Lin, G. D. (2008). Semantic enforcement of privacy protection policies via the combination of ontologies and rules. In IEEE International Conference on Sensor Networks, Ubiquitous, and Trustworthy Computing (SUTC 2008) Taichung, Taiwan.
[Jajodia et al., 2001] Jajodia, S. et al. (2001). Flexible support for multiple access control policies. ACM Trans. on Database Systems, 26(2), 214–260.
[Karjoth & Schunter, 2002] Karjoth, G. & Schunter, M. (2002). A privacy policy model for enterprises. In 15th IEEE Computer Security Foundations Workshop (CSFW): IEEE.
[Li et al., 2006] Li, N., Yu, T., & Ant´on, A. I. (2006). A semantics-approach to privacy languages. Computer Systems and Engineering (CSSE), 21(5).
[Motik et al., 2004] Motik, B., Sattler, U., & Studer, R. (2004). Query answering for OWL-DL with rules. In 3rd Inter-national Semantic Web Conference (ISWC) 2004, LNCS 3298 (pp. 549–563).: Springer.
[Park & Sandhu, 2004] Park, J. & Sandhu, R. T. (2004). The UCONABCusage control model. ACM Trans. on Information and System Security, 7(1), 128–174.
[Patel-Schneider & Sim´eon, 2002] Patel-Schneider, F. P. & Sim´eon, J. (2002). Building the semantic web on XML. In ISWC 2002, LNCS2342 (pp. 147–161).: Springer.
[Pucella & Weissman, 2006] Pucella, R. & Weissman, V. (2006). A Formal Foundation for ODRL. arXiv:cs/0601085v1, Cornell University. http://arxiv.org/abs/cs/0601085.
[Rosati, 2006] Rosati, R. (2006). Integrating ontologies and rules: Semantic and computional issues. In Reasoning Web 2006, LNCS 4126 (pp. 128–151).
[Tonti et al., 2003] Tonti, G. et al. (2003). Semantic web languages for policy representation and reasoning: A comparison of KAoS, Rei, and Ponder. In 2nd International Semantic Web Conference (ISWC) 2003, LNCS 2870 (pp. 419–437).:
Springer.
[Vimercati et al., 2007] Vimercati, S. D. C. d. et al. (2007). Access control policies and languages in open environments.
In T. Yu & S. Jajodia (Eds.), Secure Data Management in Decentralized Systems (pp. 21–58). Springer.
[Yu et al., 2004] Yu, T., N. Li, A., & Ant´on, I. (2004). A formal semantics for P3P. In ACM Workshop on Secure Web Services Fairfax, VA, USA. http://citeseer.ist.psu.edu/750176.html.