Where are your Manners? Sharing Best Community Practices in the Web 2.0

The Web 2.0 fosters the creation of communities by offering users a wide array of social software tools. While the success of these tools is based on their ability to support different interaction patterns among users by imposing as few limitations as possible, the communities they support are not free of rules (just think about the posting rules in a community forum or the editing rules in a thematic wiki). In this paper we propose a framework for the sharing of best community practices in the form of a (potentially rule-based) annotation layer that can be integrated with existing Web 2.0 community tools (with specific focus on wikis). This solution is characterized by minimal intrusiveness and plays nicely within the open spirit of the Web 2.0 by providing users with behavioral hints rather than by enforcing the strict adherence to a set of rules.Comment: ACM symposium on Applied Computing, Honolulu : \'Etats-Unis d'Am\'erique (2009

Introduction to the special issue on the International Web Rule Symposia 2012–2014

The annual International Web Rule Symposium (RuleML) is an international conference on research, applications, languages, and standards for rule technologies. It has evolved from an annual series of international workshops since 2002, international conferences in 2005 and 2006, and international symposia since 2007. It is the flagship event of the Rule Markup and Modeling Initiative (RuleML, http://ruleml.org), a nonprofit umbrella organization of several technical groups from academia, industry, and government working on rule technology and its applications. RuleML is the leading conference to build bridges between academia and industry in the field of rules and its applications, especially as part of the semantic technology stack. It is devoted to rule-based programming and rule-based systems including production rules systems, logic programming rule engines, and business rules engines/business rules management systems; Semantic Web rule languages and rule standards (e.g., RuleML, SWRL, RIF, PRR, SBVR, DMN, CL, Prolog); rule-based event processing languages and technologies; and research on inference rules, transformation rules, decision rules, production rules, and ECA rules

Verifying the Interplay of Authorization Policies and Workflow in Service-Oriented Architectures (Full version)

A widespread design approach in distributed applications based on the service-oriented paradigm, such as web-services, consists of clearly separating the enforcement of authorization policies and the workflow of the applications, so that the interplay between the policy level and the workflow level is abstracted away. While such an approach is attractive because it is quite simple and permits one to reason about crucial properties of the policies under consideration, it does not provide the right level of abstraction to specify and reason about the way the workflow may interfere with the policies, and vice versa. For example, the creation of a certificate as a side effect of a workflow operation may enable a policy rule to fire and grant access to a certain resource; without executing the operation, the policy rule should remain inactive. Similarly, policy queries may be used as guards for workflow transitions. In this paper, we present a two-level formal verification framework to overcome these problems and formally reason about the interplay of authorization policies and workflow in service-oriented architectures. This allows us to define and investigate some verification problems for SO applications and give sufficient conditions for their decidability.Comment: 16 pages, 4 figures, full version of paper at Symposium on Secure Computing (SecureCom09

Cornell Feline Health Center Annual Report 2008

Topics in this Annual Report include: Mission; Contents: Letter from the Director (Fred Scott); 2008-2009 Feline Health Studies; Honor Roll Donors; Honoring Dr. James R. Richards, Jr.; James R. Richards Jr. Memorial Lectures, Cat Writers' Association Awards Presented; Resources for Cat People: Dr. Louis J. Camuti Memorial Feline Consultation and Diagnotic Service; 20th Annual Fred Scott Feline Symposium; Feline Health Center Scholarship (Lisa Brazzle); Publications; Jessie D. and Denny W. Spiedel Scholarship in Feline Medicine (Samantha Collins, Amelia Knieper, Amanda Parkins, Melissa Turner); Videos on the Web Site; Cats Rule T-Shirt; Bequests and Special Gifts: Mother of Feline Medicine Leaves Bequest for Feline Health Center (Jean Holzworth), Feline Clinical Fellow (Kelly R. Hume), Hogan Bequest, Clara L. D. Jeffery Trust Gift, Cynthia and Sholly Kagan Gift; Financial Overview; Feline Health Center Staff; Elizabeth's Wish List; Opportunities for Suppor

Dynamic deployment of context-aware access control policies for constrained security devices

Securing the access to a server, guaranteeing a certain level of protection over an encrypted communication channel, executing particular counter measures when attacks are detected are examples of security requirements. Such requirements are identi ed based on organizational purposes and expectations in terms of resource access and availability and also on system vulnerabilities and threats. All these requirements belong to the so-called security policy. Deploying the policy means enforcing, i.e., con guring, those security components and mechanisms so that the system behavior be nally the one speci ed by the policy. The deployment issue becomes more di cult as the growing organizational requirements and expectations generally leave behind the integration of new security functionalities in the information system: the information system will not always embed the necessary security functionalities for the proper deployment of contextual security requirements. To overcome this issue, our solution is based on a central entity approach which takes in charge unmanaged contextual requirements and dynamically redeploys the policy when context changes are detected by this central entity. We also present an improvement over the OrBAC (Organization-Based Access Control) model. Up to now, a controller based on a contextual OrBAC policy is passive, in the sense that it assumes policy evaluation triggered by access requests. Therefore, it does not allow reasoning about policy state evolution when actions occur. The modi cations introduced by our work overcome this limitation and provide a proactive version of the model by integrating concepts from action speci cation languages

Integrating heterogeneous web service styles with flexible semantic web services groundings

Semantic web services are touted as a means to integrate web services inside and outside the enterprise, but while current semantic web service frameworks— including OWL-S [1], SA-WSDL, and WSMO 1 [2]—assume a homogeneous ecosystem of SOAP services and XML serialisations, growing numbers of real services are implemented using XML-RPC and RESTful interfaces, and non-XML serialisations like JSON. 2 Semantic services platforms based on OWL-S and WSMO use XML mapping languages to translate between an XML serialisation of the ontology data and the on-the-wire messages exchanged with the web service, a process referred to as grounding. This XML mapping approach suffers from two problems: it cannot address the growing number of non-SOAP, non-XML services being deployed on the Web, and it requires the modeller creating the semantic web service descriptions to work with the serialisation of the service ontology and a syntactic mapping language, in addition to the knowledge representation language used for representing the semantic service ontologies and descriptions. Our approach draws the service’s interface into the ontology: we defin