Conclusion and Future Prospects

There are several challenges for us to elaborate the se-mantic web core technologies on modeling of privacy pro-tection’s policy representation and enforcement. At this moment, we are not quite sure which ontologies+rules com-bination will be the most appropriate one under certain in-formation usage purposes and conditions [9] [19] [23] [24].

In summary, we express and enforce all profile informa-tion and digital traces with associated disclosure policies using a specific ontologies+rules combination on Web 3.0, e.g., DL + log. This information modeling structure and access mechanism will be quite different from Web 1.0 and Web 2.0, where profile information will be defined as re-lational database tables in the deep web, and digital traces

and collected as an unstructured weblog. On the Web 3.0 information cyberspace, we might face all personal profile information as well as associated digital traces are modeled as a ontologies+rules combination with semantic query as the only feasible access mechanism; then the challenge for semantic representation and enforcement of privacy protec-tion policies just begins.

References

[1] A. H. Anderson. A comparison of two privacy policy lan-guages: Epal and xacml. In Proceedings of the 3rd ACM Workshop on Secure Web Services (SWS’06), pages 53–60.

ACM, 2006.

[2] I. A. Ant´on et al. A roadmap for comprehensive online for privacy policy management. Comm. of the ACM, 50(7):109–

116, July 2007.

[3] G. Antoniou et al. Rule-based policy specification. In T. Yu and S. Jajodia, editors, Secure Data Management in Decen-tralized Systems, pages 169–216. Springer, 2007.

[4] M. Blaze, J. Figenebaum, and M. Strauss. Compliance checking in the policymaker trust management system. In Proc. of the Financial Cryptography, LNCS 1465, pages 254–274. Springer, 1998.

[5] A. P. Bonatti, S. D. C. di Vimercati, and P. Smarati. An algebra for composing access control policies. ACM Trans.

on Information and Systems Security, 5(1):1–35, February 2002.

[6] A. P. Bonatti et al. Semantic web policies - a discussion of requirements and research issues. In 3rd European Semantic Web Conference (ESWC 2006), Budva, Montenergro, June 2006.

[7] L. Cranor et al. The platform for privacy pref-erences (p3p) 1.0 (p3p 1.0) specification, 2002.

http://www.w3.org/P3P/.

[8] L. Cranor, M. Langheinrich, and M. Marchiori. A p3p preference exchange language 1.0 (appel 1.0), 2002.

http://www.w3.org/TR/P3P-preferences/.

[9] M. F. Donini et al. AL-log: Integrating datalog and de-scription logics. Journal of Intelligent Information Systems, 10(3):227–252, 1998.

[10] S. Fischer-H¨ubner. IT-Security and Privacy - Design and Use of Privacy-Enhancing Security Mechanisms. LNCS 1958. Springer, 2001.

[11] N. B. Grosof et al. Description logic programs: Combining logic programs with description logic. In World Wide Web 2003, pages 48–65, Budapest, Hungary, 2003.

[12] I. Horrocks et al. Swrl: A semantic web rule language combing owl and ruleml, 2004.

http://www.w3.org/Submission/SWRL/.

[13] S. Jajodia et al. Flexible support for multiple access control policies. ACM Trans. on Database Systems, 26(2):214–260, June 2001.

[14] L. Kagal, T. Finin, and A. Joshi. A policy based approach to security for the semantic web. In International Semantic Web Conference (ISWC) 2003, LNCS 2870, pages 402–418, 2003.

enterprises. In 15th IEEE Computer Security Foundations Workshop (CSFW). IEEE, June 2002.

[16] G. Karjoth, M. Schunter, and M. Waidner. Platform for enterprise privacy practices: Privacy-enabled management of customer data. In 2nd Workshop on Privacy Enhancing Technologies (PET), LNCS. Springer, 2002.

[17] N. Li, T. Yu, and A. I. Ant´on. A semantics-approach to privacy languages. Computer Systems and Engineering (CSSE), 21(5), Sep. 2006.

[18] J. Maluszynski. Hybrid integration of rules and dl-based on-tologies. In J. Maluszynski, editor, Combining Rules and Ontologies. A survey, pages 55–72. EU FP6 Network of Ex-cellence (NoE), Feb. 2005. REWERSE.

[19] B. Motik et al. Can owl and logic programming live together happily ever after? In 5th International Semantic Web Con-ference (ISWC) 2006, LNCS 4273, Athens, GA, USA, Nov.

2006.

[20] B. Motik, U. Sattler, and R. Studer. Query answering for owl-dl with rules. In 3rd International Semantic Web Conference (ISWC) 2004, LNCS 3298, pages 549–563.

Springer, 2004.

[21] J. Park and R. T. Sandhu. The uconABC usage control model. ACM Trans. on Information and System Security, 7(1):128–174, 2004.

[22] R. Rosati. On the decidability and complexity of integrating ontologies and rules. Web Semantics: Science, Services and Agents on the World Wide Web 3, pages 61–73, 2005.

[23] R. Rosati. DL+log: Tight integration of description logics and disjunctive datalog. In Proc. of the 10th International Conference on Principles of Knowledge Representation and Reasoning (KR), 2006.

[24] R. Rosati. Integrating ontologies and rules: Semantic and computational issues. In Reasoning Web 2006, LNCS 4126, pages 128–151, 2006.

[25] G. Tonti et al. Semantic web languages for policy represen-tation and reasoning: A comparison of kaos, rei, and pon-der. In 2nd International Semantic Web Conference (ISWC) 2003, LNCS 2870, pages 419–437, 2003.

[26] S. D. C. d. Vimercati et al. Access control policies and lan-guages in open environments. In T. Yu and S. Jajodia, ed-itors, Secure Data Management in Decentralized Systems, pages 21–58. Springer, 2007.

[27] D. J. Weitzner et al. Creating a policy-aware web: Discre-tionary, rule-based access for the world wide web. In E. Fer-rari and B. Thuraisingham, editors, Web and Information Se-curity, pages 1–31. Idea Group Inc., 2006.

[28] Y. C. T. Woo and S. S. Lam. Authorization in distributed systems: a new approach. Journal of Computer Security, 2(2-3):107–136, 1993.

[29] T. Yu, A. N. Li, and I. Ant´on. A formal se-mantics for p3p. In ACM Workshop on Se-cure Web Services, Fairfax, VA, USA, Oct. 2004.

http://citeseer.ist.psu.edu/750176.html.

Web＂, The International RuleML Symposium on Rule Interchange and Applications (RuleML 2009), Las Vegas, Neveda, USA, Nov. 5-7, 2009, Springer-Verlag, LNCS 5858.

Yuh-Jong Hu¹, Ching-Long Yeh², and Wolfgang Laun³

1 Emerging Network Technology (ENT) Lab.

Department of Computer Science National Chengchi University, Taipei, Taiwan

hu AT cs.nccu.edu.tw

2 Department of Computer Science Engineering Tatung University, Taipei, Taiwan

chingyeh AT cse.ttu.edu.tw

3 Thales Rail Signalling Solutions GmbH, Austria

wolfgang.laun AT gmail.com

Abstract. The RuleML Challenge started in 2007 with the objective of inspiring the issues of implementation for management, integration, in-teroperation and interchange of rules in an open distributed environment, such as the Web. Rules are usually classified as three types: deductive rules, normative rules, and reactive rules. The reactive rules are further classified as ECA rules and production rules. The study of combina-tion rule and ontology is traced back to an earlier active rule system for relational and object-oriented (OO) databases. Recently, this issue has become one of the most important research problems in the Semantic Web. Once we consider a computer executable policy as a declarative set of rules and ontologies that guides the behavior of entities within a system, we have a flexible way to implement real world policies with-out rewriting the computer code, as we did before. Fortunately, we have de facto rule markup languages, such as RuleML or RIF to achieve the portability and interchange of rules for different rule systems. Otherwise, executing real-life rule-based applications on the Web is almost impos-sible. Several commercial or open source rule engines are available for the rule-based applications. However, we still need a standard rule lan-guage and benchmark for not only to compare the rule systems but also to measure the progress in the field. Finally, a number of real-life rule-based use cases will be investigated to demonstrate the applicability of current rule systems on the Web.

1 Introduction

The RuleML Challenge competitions started in 2007⁴, so the RuleML-2009 Chal-lenge will be the third year for the rule system competition. We offer participants the chance to demonstrate their commercial and open source tools, use cases, and applications for rule related technologies. For the past two RuleML Challenge

4 RuleML-2007 Challenge, http://2007.ruleml.org/index-Dateien/Page787.htm

competitions, only a minimum set of requirements was given for evaluating the submitted demo systems. The criteria were that declarative rules should have to play a central role in the application, and that the demo systems should preferably be embedded into a Web-based or distributed environment, etc. The Challenge winners were selected and 1st and 2nd places were awarded with pres-tigious prizes.

The RuleML-2009 Challenge follows similar processes and the evaluation cri-teria are the same as in the previous two events. But we consider inviting more participants to submit their rule related systems in this year. In the RuleML-2009 Challenge, we organize events as two tracks, one is by invitation, to demonstrate a commercial or open source environment for its rule systems, and the other is open to general public for a real system competition. In addition to the demo systems with reports submitted to the RuleML Challenge website⁵, it is also possible to submit demo papers describing research and technical details, and the selected papers will be published in additional special Challenge proceed-ings, such as CEURS. A final selection of revised papers from the Challenge proceedings will be resubmitted to a special issue of a journal for publishing.

In this RuleML Challenge survey paper, we point out the possible research and implementation challenges for rule systems on the Web that are related to the Challenge competition events in the forthcoming years.

1.1 Challenges for Rule Systems

Rules as human understandable policies are everywhere in our daily life to im-pose human behaviors. For example, before you take a flight, you need to read airline check-in and boarding time rules in the policy statement of your booking itinerary receipt. If you violate any rule you might miss your plane. Related situations in this scenario of using rules are early-bird conference registration, special discount hotel reservation, payment and refund policies, etc. These rules as policies are represented as human understandable natural language. However, we still need to transform these natural language policies into computer pro-gramming rules for computer system understanding and automatic execution.

Sometimes, not all of the rules imposed on a human are necessarily and possi-bly represented as software programs to accomplish automatic execution in our computer systems. Usually, these rules restrict only human behavior, without di-rect connection with any software system. For example, we have law for privacy protection and digital rights management but not all of privacy rights and dig-ital rights for human are required to be represented and evaluated in computer systems.

There are several challenges while implementing rule systems on the Web.

Rules should be allowed to cope with the data model, such as RDB/OO-DB, or a knowledge base, such as an ontology, to permit query and modification ser-vices on the data models. Policies imposed on human behavior are declared in some policy language by the combination of rules and an ontology (or database),

5 http://ruleml-challenge.cs.nccu.edu.tw

and these policies can be automatically interpreted and executed by a computer.

There should be a standard language and framework for rule systems to enable rule interchange services on the Web. A certain number of use cases are easily represented and executed by rule and ontology reasoning engines with rule in-terchange and ontology merging standards to ensure rule interoperability and ontology compatibility.

In the early computer development stage, imperative programming languages such as C and Java were used to represent rules and execute them on a com-puter system. But these rules are inflexible and not easy to maintain when they are distributed on the Web and require interchange and integration between rule systems. Moreover, imperative programming languages are not appropriate to express concepts of human policies as computerized rules. Recently, people use declarative programming to specify the rules and execute them automati-cally, where XML is used as a standard syntax representation for interchange of declarative rules, such as RuleML [1], RIF [2], etc.

Even though an XML-based standard rule language and framework provides rule interchange service, pure XML cannot specify a well-defined semantics for rules. So people in the standard rule community constructed a logic foundation behind rule languages and their framework, to preserve the integrity of syntax and semantics of rules interchange for various rule systems. Similarly, OMG SBVR intends to define the vocabulary and rules for documenting semantics of business vocabulary, facts, and rules, as well as an XMI schema for interchange of business vocabularies and rules among organizations and between software tools⁶

In this paper, we first introduce the classification of rules, then, in section 2, we address the issue of rules, and databases and ontologies . In section 3, the current status of a declarative policy as the combination of ontology and rules will be introduced. In addition, Semantic Web Service (SWS) processes also require a declarative policy to express and execute Web Service rules to control information sharing and service execution. In section 4, we examine current different rule management systems and engines. In section 5, we investigate different rule interchange languages. In section 6, we look into the use cases that are possibly represented and executed by the rule systems. Finally, we conclude this study in section 7.