13:56:37 RRSAgent has joined #decision-xg 13:56:37 logging to http://www.w3.org/2010/10/28-decision-xg-irc 13:57:22 Meeting: decision-xg 13:57:35 Chair: Jeff Waters and Don McGarry 13:57:52 Agenda: http://www.w3.org/2005/Incubator/decision/wiki/Decision_Mtg_16_Agenda 13:58:01 Scribe: Jeff Waters 13:58:16 ScribeNick:jeffw 13:59:53 Don has joined #decision-xg 14:01:47 jeffw: We will have guests today to help us learn about security ontologies from 3 sigma research 14:01:57 jeffw: Welcome to all. 14:07:20 jeffw: Jim Dike, Aaron Wheeler and Michael Winburn are joining us from 3 sigma research 14:07:50 michael: I'll probably turn it over to jim dike for some background 14:08:14 jimdike: we've tended to focus on ontologies related to security domain, how to model and represent entities that are significant in that area 14:08:53 jimdike: what entities are relevant for security and dissemination of information, there are analogies to government work and all of the constraints and restrictions in that environment, but also in the commercial world 14:09:26 jimdike: so we settled on some simple concepts of defining a person and characteristics that are needed for defining a person with respect to handling info that needs to be secure 14:10:07 jimdike: What I mean by "secure" is bound by what types of access that person needs to have and what kind of characteristics describe the groups that define sets of restrictions, then they can be applied to the info 14:10:49 jimdike: but we've also applied them to transport media. Initially, it was thought they might be limited to specialized and private networks, but with the explosion of vpn, the concept of what info should go out on what vpn complicates 14:11:23 jimdike: people, media and transport mechanisms, how to represent all of that consistently and how to determine if something really should go from A to B 14:11:37 jimdike: it's a simple model but can get complicated as you scale it. 14:12:32 jimdike: in a commercial setting, these might represent business relationships, departments, for example a finance group, a contracts group, an engineering group a research development group that are only interested in some info and not others 14:13:09 jimdike: groups of persons, groups of data items and groups of transport mechanisms, so we ended up settling on and researching how to apply ontologies and reasoners to that 14:13:43 jimdike: reasoners to determine consistency and validity of those relationships, and to identify the case where we would want to transport and where there are inconsistencies and contradictions 14:14:20 jimdike: that's where we really start to see some interesting things. It's the things you don't immediately see that are interesting. Using ontologies and reasoners, we use OWL and OWL DL to represent the ontology. 14:14:59 jimdike: Then with reasoners, you can see those relationships not immediately evident. We're itnerested in ensuring some info doesn't go where it shouldn't go. 14:19:16 jeffw: it seems like this is a nice generic model which can apply not just to traditional classification, but also for things like passing information from one city to another that borders on a county or state with different policies 14:19:56 jimdike: yes, often you have aggregations of data items, some might be more public, some might be more sensitive, but when you begin to aggregate pieces of info from multiple sources, so in business world, 14:20:39 jimdike: say you have a coaltiion of businesses working together with different disclosure agreements, so say two are more open so the info is "public" but for another entity it might be more closed 14:21:44 jimdike: how do you disseminate different portions of data items, and can the aggregate go to everyone or only pieces of the aggregate go to everyone, from a more simple to a more complex or complex to individual, ifyou model it properly, you can go in both directions 14:22:45 jimdike: you might have an aggregate of business info that wants to go out, as a whole, you might say too sensitive, so it doesn't go out, but then again internally organizations don't think of how to divide it up and go to different partners 14:23:20 jimdike: so we've looked at that in our models. 14:23:26 jeffw: what reasoner do you use? 14:23:38 jimdike: we try against multiple reasoners 14:25:01 jimdike: we treat them like black boxes, there are slight differences and we'll test against multiple reasoners, so we want it to be robust, we constrain the testbed to pellet, fact++, we use protege and they have a new one 14:26:01 jimdike: there also is an engine JENA that has a reasoner that they have. We tend to restrict ourselves to OWL DL versus OWL Full to ensure the models are deterministic. 14:26:48 jimdike: open world v. closed world, but for some things you want them to be deterministic 14:29:59 michaelWinburn: we can internally talk about what we can share 14:30:38 jimdike: it's fair to say that it's part of our current work to define that line between what can be public and what is proprietary, we aren't the only ones who can define a security ontology 14:31:55 jimdike: we want to define that line, then people can drop into it, the ontology itself is an open data standard, then reasoning and things behind it would be internal or proprietary, but to represent decisions in a way that would allow individual vendors to solve interesting problems, we could think about that 14:33:54 jimdike: we could think of a representation that is good for semantic uses 14:38:29 jeffw: it seems like a public standard and then proprietary uses would be great, I think that might be a business model, you are certainly welcome to join w3c and participate or participate as an invited expert 14:38:35 jimdike: yes we would be interested 14:38:49 jeffw: Would Don, Eva, Piotr like to ask a few questions? 14:39:19 Don: yes, I appreciate you presenting this in a public forum and these folks have some expertise in ontologies, and we can follow up in private as well 14:40:03 eblomqvi: Yes, thanks, even if some info is public when you aggregate different types of information, the orginal data is partially public, partially not, these are important problems and interesting to hear people are working on this 14:40:25 jimdike: We've been working in this area for 5 years now? 14:40:51 pitor_nowara: this could be a good use case in my opinion 14:42:28 jeffw: it seems like the mathematical foundation is a strong support for the reasoning that is a selling factor for your approach, is that correct? 14:43:14 jimdike: I mentioned before that we made a decision to stay with OWL DL, I have been to at least one conference where there was an academic discussion about how OWL DL is insufficient to represent the cases where real decisions can be made 14:44:06 jimdike: what you are doing they say is throwing the baby out with the bathwater, but we found out that there is a medium ground, you can define models and use reasoners to a certain point and then you add processing on top, you can get some desired results 14:44:51 jimdike: the model is good for the purpose it is built for and that is good enough, to say that it has to handle the complete domain is not a good approach. That's an important lesson we learned. 14:45:25 Jeff - Need to run to another meeting 14:45:29 thanks for putting this together 14:45:37 and fostering a great discussion 14:46:00 jimdike Nick Drummond with Univ of Manchester in UK said this stuff is hard, ontology modeling is not for the faint of heart, keep in mind the intent and constrain yourself to that. 14:46:59 jimdike: for security people, the concern is is it deterministic, how do you prove this is true in the complex case and that takes a little more time, we're still in process of how to communicate that to a lay person 14:48:02 jimdike: it can add assistance to their process of verification, it can help speed up the work of that person 14:48:50 jeffw: do you have anything you can point to as a reference? 14:48:59 jimdike: we can get back with you on that. 14:51:37 jeffw: any update on paper or modeling problems? 14:53:06 eblomqvi: just a week and a half away, we present it as a poster, I did send it to the authors, and we need to check the format and any inputs you have. I wanted to ask if we can have some graphics and I was thinking about the prototype system, is there anything more we can show on the poster, some diagram or structure or something, that would be nice to have 14:53:31 jeffw: we don't have any diagram for the prototype right? 14:56:38 eblomqvi: any flow diagram or user interface diagram 14:57:27 jeffw: Piotr, any update on criteria model? 14:58:38 piotr_nowara: I was doing more examples, but I'll let you know when I finish that stage of my testing, I would like to share my model, perhaps on ontologydesignpatterns.org website. 14:58:56 piotr_nowara: I don't know if it's good enough 14:59:48 eblomqvi: yes, ontologydesignpatterns would be a good place and don't worry about if it's not the final version, idea of the portal is something that people can contribute to and comment on, it's like wikipedia, you can add to it even if not sure 15:00:46 eblomqvi: we hope to increase discussion activity on the portal and at least people can see it and people can contact you directly, so please publish it on the portal 15:03:55 jeffw: We're out of time for today. I'd like to thank Michael, Jim and Aaron for participating today and educating us on their approach to developing an ontology to model security for information exchange. We will definitely follow-up. 15:06:14 jeffw: Also thanks to Eva, Piotr and Don for calling in. Our next meeting will be in two weeks and you are all welcome to participate. We'll look forward to developing our decision model and applying it to our various use cases. Thanks. 15:08:07 rrsagent, set log public 15:08:17 rrsagent, draft minutes 15:08:17 I have made the request to generate http://www.w3.org/2010/10/28-decision-xg-minutes.html jeffw 15:08:56 zakim, bye 15:08:56 Zakim has left #decision-xg 15:09:01 rrsagent, bye 15:09:01 I see no action items