A two-level approach to ontology-based access control in pervasive personal servers

A new trend in pervasive personal server hosting is to enable
the integration of a user's social spheres. Ideally, the design of access
control to private data should be flexible and independent from the target
host. Personal data should also remain independent from environmental
constraints, e.g., in order to support easy migration to new deployment
landscapes. Such information interoperability can be achieved by
ontology-based personal information sphere management. In the digital.me
project, personal data is modelled using an ontology-based approach. In
this paper we address the design and first implementation of the
digital.me userware access control engine. Here, we introduce a two-level
access control design in order to decouple the ontology based-semantic
core from the hosting web container, while ensuring that personal data and
the associated ontology-based access rights remain flexibly decoupled from
the underlying environment.