Zhan Jiang,Lanfen Lin,Fei Xie

DOI: https://doi.org/10.1007/978-3-642-33068-1_19

2012-01-01

Abstract:In order to deal with the heterogeneous systems and variety of business data, business model and description of different enterprises in the interoperation process, a semantic interoperability framework for business collaboration is proposed in this paper. In the framework, a multi-facet ontology system supporting business collaboration is introduced to give unified understanding throughout interoperation process. Based on the framework, a method to extract ontologies from multi sources quickly and to realize semantic mapping based on mixed ontologies is utilized to resolve the semantic conflicts. Web service is employed to eliminate the system-level heterogeneity and is semantically enhanced to meet the requirements of service discovery. After that, the on-demand business construction is achieved through services dynamic combination. Finally, a prototype platform is developed and the feasibility of our framework was verified. Our proposed framework provides beneficial references for SMEs to realize inter-enterprise business collaboration in China.

Di Wu,Xiyuan Chen,Jian Lin,Miaoliang Zhu

DOI: https://doi.org/10.1007/11836025_19

2006-01-01

Abstract:Today, the formulation, specification, and verification of adequate data protection policies in open distributed environment appear as the main challenge to address concerning authorization Role-based access control models have attracted considerable research interest in recent years due to their innate ability to model organizational structure and their potential to reduce administrative overheads This paper proposes ontology specification to describe Role-based Access Control model and extend it with a general context expression Based on these definitions, the specification for interoperation in distributed environment is introduced The works include a definition of ontology to describe the concepts and a declaration of rules to explicit the relationship between concepts The ontology based approach can express security policy with semantic information and provide a machine interpretation for descriptions of policy in open distributed environment.

Xiyuan Chen,Yang OUYang,Miaoliang Zhu,Yan He

DOI: https://doi.org/10.1109/ICYCS.2008.407

2008-01-01

Abstract:The emerging grid infrastructure presents many challenging security issues that demand new access approach due to its inherent heterogeneity, multidomain characteristic and highly dynamic nature. In order to protect the secure sharing and coordinated use of diverse resources in distributed "virtual organizations", fine-grained access control in grid computing is therefore very necessary and important. In this paper, a semantic-aware access conrtol(SAAC) extending the RBAC with the semantic specification is proposed. Supplying semantic specification by the implementation of semantic inference engine (SIE), the administration for the applicability of users' role memberships to particular permissions is much more easy and precise. The enforcement of the SAAC model for grid application is presented. An experimental evaluation of its overheads is also described.

Zhan Jiang,Lanfen Lin,Guorong Wang,Shuai Yang

DOI: https://doi.org/10.1109/cscwd.2012.6221867

2012-01-01

Abstract:Cluster supply chain is a kind of supply chain coupling with the industrial cluster, and enterprises within this region, cooperating with others frequently, are in urgent need to promote the efficiency of business cooperation by means of system interoperation, which is now seriously impeded by the high heterogeneity of the data model and system among the enterprises. Under such circumstances, we study the requirements of enterprise interoperability for the cluster supply chain by analyzing the characteristics of cluster supply chain and the complex business relationships in it. A framework of enterprise interoperability for cluster supply chain is presented to give global description of the needs. After that, based on the framework, a three-step solution of enterprise interoperability is proposed, through realizing interoperability of each layer to support the business collaboration among the enterprises. In our solution, semantic mapping based on mixed ontologies is utilized to resolve the syntax and semantic differences, and Web service is employed to ensure interoperability and manageability. Due to the high flexibility and sematic enhancement of the service, the dynamic inter-enterprise business process is satisfied by the combination of services. Finally, a SOA-based platform is developed in accord with the proposed solution and the experimental results prove its practicability and effectiveness.

LV Yan,NI Yi-hua,GU Xin-jian,HU Heng-jie,WANG Zheng-xiao

DOI: https://doi.org/10.3785/j.issn.1008-973x.2009.08.025

2009-01-01

Abstract:A heterogeneous system interoperation framework based on multi-layer ontology was proposed to solve the problems of integrating heterogeneous systems during the business collaboration.Using the key components of business collaboration: product,activity,process as a point of departure,the framework defines a multi-layer ontology model composed of product knowledge ontology,activity ontology,and process ontology,to realize the semantic consistency of multi-components in collaboration process.Product knowledge ontology supports the product specification in activity ontology;activity ontology describes the concept,function,implementation of each procedure or action in process;and process ontology connects various activities by control construction to compose business process.The combined mapping theory and the semantic similarity semantic algorithm realize the semantic mapping and integration among different ontology libraries and achieve upper ontology.OWL-S is used to describe the release and request of Web service.The example of cloth sale showed how the business interoperation mechanism works to achieve business ordering process matching using the ontology mapping module and the semantic matching module in the prototype system.

shaomin zhang,hongbian yang,baoyi wang

DOI: https://doi.org/10.1007/978-3-642-27287-5_94

2012-01-01

Abstract:For the problems of attribute elements maintenance difficulty and heterogeneous attribute of multi-domain in ABAC model, we propose the method of using ontology to maintain access control elements and distributed attribute management, which describe the logical relationships among attributes with OWL and introduce attribute mapping technology in access control decision-making. It can reduce the complexity of attribute management and raise the security of the cross-domain access. It makes up the defects in original ABAC model, and has a good reference to research the cross-domain access control.

Bs Liao,J Gao,J Hu,Jj Chen

DOI: https://doi.org/10.1007/978-3-540-30483-8_42

2004-01-01

Abstract:The integration of web services and intelligent agents is promising for automated service discovery, negotiation, and cooperation. But due to the dynamic and heterogeneous nature of web services and agents, it is challenging to guide the behaviors of underlying agents to meet the high-level business (changeful) requirements. Traditional Policy-driven methods (Ponder, Rei, KAoS, etc) are not adaptable to direct the discovery, negotiation and cooperation of dynamic agents who may join in or leave out of a specific community or organization (virtual organization) at run time. The purpose of this paper is to model an ontology-based, policy-driven control framework that is suitable to supervise the dynamic agents according to high-level policies. On the basis of federated multi-agents infrastructure and ontologies of policies, domain concepts, and agent federations, a model of role-based policy specification framework is presented in this paper.

Yuting Zhao,Kewen Wang,Rodney Topor,Jeff Z. Pan,Fausto Giunchiglia

DOI: https://doi.org/10.1007/978-3-540-76298-0_48

2007-01-01

Abstract:Several proposals have been put forward to support distributed agent cooperation in the Semantic Web, by allowing concepts and roles in one ontology be reused in another ontology. In general, these proposals reduce the autonomy of each ontology by defining the semantics of the ontology to depend on the semantics of the other ontologies.We propose a new framework for managing autonomy in a set of cooperating ontologies (or ontology space). In this framework, each language entity (concept/role/individual) in an ontology may have its meaning assigned either locally with respect to the semantics of its own ontology, to preserve the autonomy of the ontology, or globally with respect to the semantics of any neighbouring ontology in which it is defined, thus enabling semantic cooperation between multiple ontologies.In this way, each ontology has a "subjective semantics" based on local interpretation and a "foreign semantics" based on semantic binding to neighbouring ontologies. We study the properties of these two semantics and describe the conditions under which entailment and satisfiability are preserved. We also introduce two reasoning mechanisms under this framework: "cautious reasoning" and "brave reasoning". Cautious reasoning is done with respect to a local ontology and its neighbours (those ontologies in which its entities are defined); brave reasoning is done with respect to the transitive closure of this relationship. This framework is independent of ontology languages. As a case study, for Description Logic ALCM we present two tableau-based algorithms for performing each form of reasonings and prove their correctness.

Yan Lu,Hervé Panetto,Yihua Ni,Xinjian Gu

DOI: https://doi.org/10.1080/0951192X.2012.681917

IF: 4.1

2013-01-01

International Journal of Computer Integrated Manufacturing

Abstract:Supply chain interactions are complex in general and can be viewed as a networked enterprise. In this paper, we address information system interoperability for exploring and analysing the interoperation problem in heterogeneous networked enterprise systems. We propose a common shared ontology-based framework for networked enterprise interoperability for the context of information flows in supply chain interactions. A supply chain ontology, supply chain operations reference SCOR ontology, is developed based on the SCOR model. Subsequently, by formalising the similar concepts of SCOR ontology and product ontology, ONTO-PDM, using description logic, we propose a product-centric supply chain ontology framework for facilitating the interoperation between all enterprise applications involved in an extended supply chain. A case study of a supply chain make-to-order process is used to demonstrate the feasibility of the approach.

Malik Imran-Daud

DOI: https://doi.org/10.48550/arXiv.1612.09527

2016-12-30

Cryptography and Security

Abstract:Thanks to the advent of the Internet, it is now possible to easily share vast amounts of electronic information and computer resources (which include hardware, computer services, etc.) in open distributed environments. These environments serve as a common platform for heterogeneous users (e.g., corporate, individuals etc.) by hosting customized user applications and systems, providing ubiquitous access to the shared resources and requiring less administrative efforts; as a result, they enable users and companies to increase their productivity. Unfortunately, sharing of resources in open environments has significantly increased the privacy threats to the users. Indeed, shared electronic data may be exploited by third parties, such as Data Brokers, which may aggregate, infer and redistribute (sensitive) personal features, thus potentially impairing the privacy of the individuals. A way to palliate this problem consists on controlling the access of users over the potentially sensitive resources. Specifically, access control management regulates the access to the shared resources according to the credentials of the users, the type of resource and the privacy preferences of the resource/data owners. The efficient management of access control is crucial in large and dynamic environments. Moreover, in order to propose a feasible and scalable solution, we need to get rid of manual management of rules/constraints (in which most available solutions rely) that constitutes a serious burden for the users and the administrators. Finally, access control management should be intuitive for the end users, who usually lack technical expertise, and they may find access control mechanism more difficult to understand and rigid to apply due to its complex configuration settings.

Hongbo Sun,Wenhui Fan,Weiming Shen,Tianyuan Xiao

DOI: https://doi.org/10.1016/j.jnca.2011.02.012

IF: 7.574

2012-01-01

Journal of Network and Computer Applications

Abstract:The reuse of existing systems is an important objective of High Level Architecture (HLA) based collaborative product development systems. However, in order to reuse an existing system, its interoperation interface has to be modified so as to comply with the objective and interaction representations defined in a corresponding Federation Object Model (FOM). Such modifications imply added time and effort, which diminishes the efficiency of system reuse in collaborative product development. This paper presents a heavy-weighted ontology-based construction method for interoperation models to support the reuse of subsystems in various collaborative contexts. In this method ontologies are used to specify the semantics of object classes and interaction classes in subsystems in a formal and computer readable fashion. In doing so, a Formal Concept Analysis (FCA) like construction method is introduced to establish the original interoperation ontology from scratch. An automatic transforming method from Simulation Object Model (SOM) into interoperation ontology is also described to make existing HLA based systems easy to adopt this approach. Then a consistency verification method is introduced to guarantee the consistency of the interoperation ontologies. A case study is used to demonstrate the feasibility of the proposed method. As a human-friendly modeling method, compared with existing interoperation modeling methods the proposed method is more flexible, efficient and reliable.

Yl Jiang,Bs Liao,Y Liu,J Hu

DOI: https://doi.org/10.1007/978-3-540-30483-8_2

2004-01-01

Abstract:Traditional methods for authorization within Grid computing have many shortcomings. Firstly, the enrolments of users and services into the server are done manually, which is not adaptable to the dynamic environment where the service providers and service consumers join or leave dynamically. Secondly, the authorization policy language is not expressive enough to represent more complex policies, and can't resolve the problem of semantic inconsistency between different parties who treat the same policy. This paper takes advantage of characteristics of intelligent agent such as autonomy, proactivity, and sociality, to treat with the authorization issues, including automated registrations and management of agents (service providers and service consumers), autonomous authentication and authorization based on policies, etc. On the other hand, an ontology-based content-explicit policy modeling framework is presented, which resolves the semantic inconsistency problem among different parties.

Yan Lu,Herve Panetto,Xinjian Gu

DOI: https://doi.org/10.1007/978-3-642-16961-8_40

2010-01-01

Abstract:The System-of-Systems (SoS) paradigm is widely recognized and has become quite studied since a decade, as it has potentially practical applicability in systems engineering. SoS-organized systems could make efficient use of resources from a variety of domains. In this paper, we are studying one of the typical forms of networked enterprises: the supply chain. We will apply the SoS paradigm to this kind of "so-called" system-of-networked enterprises and we will then explore and analyze the interoperation problem in heterogeneous networked enterprises systems. Focusing on information flows in supply chain, we are proposing an approach for developing a supply chain ontology for networked enterprises interoperability, based on an extension of the ONTO-PDM product ontology.

HU Luo-kai,CHEN Xu,CHAI Xin,YING Shi

DOI: https://doi.org/10.3969/j.issn.1002-137X.2012.12.026

2012-01-01

Computer Science

Abstract:A multi-ontology system based access control approach for semantic Web services was proposed.First,a bridge ontology based cross-domain multi-ontology system(CDMOS),which provides a semantic model for access control of Semantic Web Service,was presented based on the distributed description logic(DDL).Secondly,on the basis of semantic access control technology,the access control model for semantic Web service was given.Finally,this paper gave the architecture of multi-ontology system based access control approach for semantic Web service and the case study of this approach.In the access control for semantic Web service,CDMOS not only provides the semantic mapping for the semantic model of security domains,but also ensures the semantic independence among the security domains.

Yue Ni,Yushun Fan

DOI: https://doi.org/10.1109/SERVICES-2.2008.9

2008-01-01

Abstract:Web services are gaining momentum as key elements in cross-domain enterprises integration because more and more functions within intra- and inter- enterprises have been encapsulated as Web services. However, these services are typically provided and invoked by different service providers in different enterprises distributed in multi-domains, so it is inevitable to face the problem of semantic inconsistency during enterprise integrating and cooperating. In this paper, ontology is brought out to solve this problem by building reference ontologies corresponding to each domain, and then collaboration ontologies are constructed semi-automatically, whereafter OWL-S files generated from collaboration ontologies are mapped to BPEL and WSDL files respectively. By this way, the semantic information will be kept in processes and Web services, so that there is common understanding among cross-domain cooperating enterprises. The OCDEII system architecture is proposed to support such integration and interoperability and further a prototype system is implemented in Project ImportNET.

Ran Yang,Chuang Lin,Yixin Jiang,Xiaowen Chu

DOI: https://doi.org/10.1109/GLOCOM.2011.6134072

2011-01-01

Abstract:In the service-oriented computing, a single transaction initiated by a client might invoke many different services in other administrative domains. Existing models for authorizing the access assume that all services involved in collaboration are managed by the central authority, which is not always a realistic premise. In this paper, we propose a novel authorization model for dynamic service collaboration. With the authorization discovery process, the client can discover the needed authorization for service access available in other autonomous domains. With extensions to SoD relationship, the conflicts of client interests can be formalized and expressed as constraints. The authorization problems are formalized to choose the optimal access path for each task. At last, the example and experiments show the practicality and the effectiveness of our scheme.

Tao Peng,Minghua Jiang,Ming Hu

DOI: https://doi.org/10.1109/iih-msp.2008.310

2008-01-01

Abstract:In a dynamic coalition environment, organizations should be able to exercise their own local fine-grained access control policies while sharing resources with external entities. At the same time, the status of XML as a standard for storing and exchanging data in Internet and XML documents is becoming a de facto standard for storing and exchanging information. So, access control of XML documents is a key in dynamic coalition environment. In this paper, we propose an approach that exploits the semantics associated with subject and information in XML documents to facilitate automatic access control policies while resource sharing occurs among coalition members. Our approach relies on identifying the necessary attributes required by users to gain access to specific XML documents information. Specifically, it consists of extracting user attribute sets that semantically mach with the attributes of the information in XML documents. This relies on a closer examination of why a user is assigned a specific role.

Laomo Zhang,Ying Ma,Guodong Wang

DOI: https://doi.org/10.1109/BMEI.2009.5304734

2009-01-01

Abstract:Data integration based on ontology has become an effective method to cope with the heterogeneous data on the Internet. In this paper, we consider the problem of data integration and use an ontology-based framework to address this problem at a semantic level. we apply the idea of ontology as a tool for data integration. An improved data integration method is proposed by analyzing the existing data integration system. This method uses ontology web language to represent the global ontology, local ontology and the mapping rules between them. The mapping rules can be modified according to the dynamic change of data source. The method has three main stages: building the shared vocabulary, building local ontologies and defining mappings.

Sven Hartmann,Hui Ma,Panrawee Vechsamutvaree

DOI: https://doi.org/10.1007/978-3-662-54054-1_5

2016-01-01

Abstract:Web services have emerged as an open standard-based means for publishing and sharing data through the Internet. Whenever web services disclose sensitive data to service consumers, data privacy becomes a fundamental concern for service providers. In many applications, sensitive data may only be disclosed to particular users for specific purposes. That is, access to sensitive data is often restricted, and web services must be aware of these restrictions such that the required privacy of sensitive data can be guaranteed. Privacy preservation is a major challenge that has attracted much attention by researchers and practitioners. Hippocratic databases have recently emerged to protect privacy in relational database systems where the access decisions, allowed or denied, are based on privacy policies and authorization tables. In particular, the specific purpose of a data access has been considered. Ontologies has been used to represent classification hierarchies, which can be efficiently accessed via ontology query languages. In this paper, we propose an ontology-based data access model so that different levels of data access can be provided to web service users with different roles for different purposes. For this, we utilize ontologies to represent purpose hierarchies and data generalization hierarchies. For more complex service requests that require composite web services we discuss the privacy-aware composition of web services. To demonstrate the usefulness of our access control model we have implemented prototypes of financial web services, and used them to evaluate the performance of the proposed approach.

Yuqing Sun,Bin Gong,Xiangxu Meng,Zongkai Lin

DOI: https://doi.org/10.1109/cscwd.2007.4281428

2007-01-01

Abstract:In a multi-domain collaboration environment, an enterprise should authorize different access rights for sensitive information to partners according to its security policies and relationships with them, which may be changed dynamically with the development of transaction and business rules. So, it is emerging as one of the major concerns to effectively manage the authorizations while supporting flexible multi-level collaboration. In this work, we propose an active authorization model for multi-domain cooperation, which introduces the notions of business rules and context parameters to update security policies automatically and satisfy the dynamic context requirements. The algorithms of handling authorization queries and roles mapping are also presented The system architecture is discussed in detail to implement this model and support interoperation among heterogeneous platforms.