Annotation-based access control for collaborative information spaces

https://doi.org/10.1016/j.chb.2010.07.030Get rights and content

Abstract

Web 2.0 social platforms (e.g., Flickr, YouTube) and Collaborative Working Environments (e.g., Microsoft SharePoint, BSCW) provide Web-based collaborative information spaces which enable common users and/or professionals to work together and share their online resources. Most of these collaborative information spaces provide role-based or group-based, coarse-grained access control policies which cannot successfully cope with the requirements posed by massive and open collaboration. In this paper, we present an annotation-based access control (AnBAC) model supported by a Collaboration Vocabulary (CoVoc) as a more flexible and user-centric access control approach. Based on this, we developed two tools: Uncle-Share is a gadget that provides annotation-based access control and can be equipped with CoVoc for annotating collaborative relationships. Who-With-Whom uses CoVoc to visualize extended social networks in order to help users to select appropriate contacts to grant access to resources.

Section snippets

Background

In real-life, we share the resources we own based on social acquaintances or credits we grant to people, with whom we communicate. As an example, we may share the keys of our apartments with our parents, but not with our friends, as we give normally more (trust) credits to our family rather than friends. Access control emerges almost together with the concept of “sharing”. In brief, access control defines who can access what (Russell & Gangemi, 1991).

“Sharing” is a key concept for collaborative

Related work

There exist plenty of approaches and mechanisms for controlling access to resources, such as access control lists, role-based access control, attribute-based access control, ontology-based access control and so on. Each approach has its own advantages, disadvantages and feasibility scope. Many researchers try to combine different mechanisms of access control in order to build a more powerful mechanism and decrease the disadvantages of each mechanism. In (Kern & Walhorn, 2005), an architecture

Annotation-based access control model

Annotation is a common mechanism, which is used nowadays by social platforms for annotating shared informational resources and is based on mechanisms that allow users to describe resources with “tags”. In this way, users attach metadata in commonly shared resources (social tagging). These tags later facilitate browsing and discovery of relevant resources. Annotation and tags are important mechanisms of what has been called Web 2.0 or Social Web.

Our access control model is based on annotations

CoVoc: Collaboration Vocabulary

For annotating people and also for defining policies, we decided to create a tool to recommend/suggest terms to the users. These suggestions should come from a vocabulary. Such a vocabulary could also ensure better quality of tags by helping people to use the same tag for the same concept (e.g., collaboteWith instead of workWith, collaboratesWith, workTogether, and so on). We developed the Collaboration Vocabulary (CoVoc) for this purpose.

Ontological consideration of human relationships is not

Tools and implementation issues

To enable and evaluate our access control model, we have developed some tools that are presented in this part. Both tools (Uncle-Share and Who-With-Whom) and their documentation are accessible online (http://purl.oclc.org/projects/phd).

Comparisons and evaluation

The key point of the AnBAC model is to enable users to annotate their contacts and define access control policies by exploiting these annotations. The model enables users to annotate their resources as well, as in various social media Web sites (e.g., Flickr, del.icio.us). Before discussing how the main idea behind the AnBAC model (i.e., annotating contacts) differs from similar approaches, we need to clarify the concepts of “group” and “role”. A group is a named collection of users and

Conclusion and future work

In this paper, we presented an annotation-based access control model, a vocabulary for annotating collaborative users and supportive tools to realize the AnBAC model as well as to visualize social networks based on CoVoc terms. This approach is applicable in both Web-based collaborative information spaces like Web 2.0 social platforms and Collaborative Working Environments (CWE). Our model can be seen as an extension to role-based access control, where people are able to define their own roles

Acknowledgements

This work is partially supported by the Ecospace project: FP6-IST-5–35208 and the Lion project supported by Science Foundation Ireland under Grant No. SFI/02/CE1/I131.

References (62)

  • J. Fogel et al.

    Internet social network communities: Risk taking, trust, and privacy concerns

    Computers in Human Behavior

    (2009)
  • Alotaiby, F. T., & Chen, J. X. (2004). A Model for Team-based Access Control (TMAC 2004). ITCC’ 04. In Proceedings of...
  • “Apache CXF”. Available from...
  • Barkley, J., Beznosov, K., & Upppal, J. (1999). Supporting Relationships in Access Control Using Role Based Access...
  • Bazire, M., & Brézillon, P. (2005). Understanding Context Before Using It. In Proceedings of fivth international and...
  • Bechhofer, S., van Harmelen, F., Hendler, J., Horrocks, I., McGuinness, D. L., Patel-Schneider, P. F., & Stein, L. A....
  • T. Berners-Lee et al.

    The Semantic Web, A new form of Web content that is meaningful to computers will unleash a revolution of new possibilities

    (2001)
  • Brickley, D., & Guha, R. V. (2004). Resource Description Framework (RDF) Schema Specification. Available from...
  • “BSCW”. Available from...
  • Carminati, B., Ferrari, E., & Perego, A. (2006a). The REL-X vocabulary. OWL Vocabulary. Available from...
  • Carminati, B., Ferrari, E., & Perego, A. (2007). Private Relationships in Social Networks. In Proceedings of the 23rd...
  • Carminati, B., Ferrari, E., & Perego, A. (2009). Enforcing Access Control in Web-based Social Networks. ACM...
  • Carminati, B., Ferrari, E., & Perego, A. (2006b). Rule-Based Access Control for Social Networks. OTM Workshops (2),...
  • Davis, I., & Vitiello, E. (2005). RELATIONSHIP: A vocabulary for describing relationships between people. Available...
  • De Coi, J. L., Olmedilla, D., Bonatti, P. A., & Sauro, L. (2008). Protune: A Framework for Semantic Web Policies....
  • “del.icio.us”. Available from...
  • Demchenko, Y., Gommans, L., Tokmakoff, A., & van Buuren, R. (2006). Policy Based Access Control in Dynamic Grid-based...
  • “Facebook”. Available from...
  • Ferraiolo, D. F., & Kuhn, D. R. (1992). Role Based Access Control. In 15th national computer security...
  • “Flickr”. Available from...
  • “FOAF - The Friend of a Friend (FOAF) project”. Available from...
  • Gan, J. D., DeLong, B. K., & Schmidt, C. (2004). MeNowDocument: FOAF extension for defining often changing variables in...
  • Gates, C. E. (2007). Access Control Requirements for Web 2.0 Security and Privacy. IEEE Web 2.0 Security and Privacy...
  • Giunchiglia, F., Zhang, R., & Crispo, B. (2008). RelBAC: Relation Based Access Control. Technical Report DISI-08-040,...
  • “Google Web Toolkit”. Available from...
  • “Graph Gear - Open platform for graph visualization”. Available from...
  • Hart, M., Johnson, R., & Stent, A. (2007). More Content - Less Control: Access Control in the Web 2.0. IEEE Web 2.0...
  • Hong, D., & Shen, V. Y. (2008). Setting Access Permission through Transitive Relationship in Web-based Social Networks....
  • Horrocks, I., Patel-Schneider, P. F., Boley, H., Tabet, S., Grosof, B., & Dean, M. (2004). SWRL: A semantic web rule...
  • “iGoogle”. Available from...
  • Irvine, M. (2008). Social networking applications can pose security risks. Available from...
  • Cited by (4)

    View full text