LDAP.com - Commentary by Mark Wahl, CISA - NRL ontology for security policy (20070717)

Commentary by Mark Wahl, CISA

Organizing principles for identity systems:
NRL ontology for security policy (20070717)

The 2005 paper "Security Ontology for Annotating Resources" by A. Kim, J. Luo and M. Kang of US Naval Research Laboratory discusses ontologies expressed in OWL for representing security constraints and features. These ontologies can be used by a 'matchmaker' algorithm in a service-oriented architecture for determining whether a service requestor and provider intending to interact each have features that meet each of their peer's requirements.

An example of a requestor's feature description, that it has a X.509 certificate issued by Verisign, would be

<credential:X.509Certificate rdf:ID="X.509"> <credential:issuer rdf:resource="Verisign" /> </credential:X.509Certificate> <securityMain:SAML rdf:ID="Capability1"> <securitymain:reqCredentials rdf:resource="&credential;X.509" /> </securityMain:SAML> <agent:Agent rdf:about="#BookRequest"> <securityCapability rdf:resource="#Capability1"/> ...</agent:Agent>

and a service requiring a X.509 certificate

<securityMain:SAML rdf:ID="Requirement"> <securityMain:reqCredentials rdf:resource="&credential;X.509" /> </securityMain:SAML> <profile:Profile rdf:about="#BookSeller"> ... <securityRequirement rdf:resource="#Requirement1"/> </profile:Profile>

LDAP.comEnabling Identity Interoperability™

Commentary by Mark Wahl, CISA

Organizing principles for identity systems: NRL ontology for security policy (20070717)

LDAP.com
Enabling Identity Interoperability™

Organizing principles for identity systems:
NRL ontology for security policy (20070717)