digital enterprise research institute hada – an access controlled application for publishing and...

Digital Enterprise Research Institute www.deri.ie

HADA – An Access Controlled Application for Publishing and

Discovering Linked Government Data

Owen [email protected]

IESD 2012 - EKAW 2012Galway, Ireland

Tuesday 9th October 2012


Enabling Networked Knowledge

US Government’s principal agency for: Protecting the Health of all Americans Providing all essential Human Services



Promote the advancement of the Health, Safety, and Well-Being of the American People

HEALTH AND HUMAN SERVICES DOMAIN

IT PROGRAM MANAGEMENT OFFICE

HHS IT Asset Discovery ApplicationHADA



HEALTH AND HUMAN SERVICES DOMAINIT PROGRAM MANAGEMENT OFFICE




Currently, data about HHS IT Investments exists:

In different systems

In different data models

With different levels of access




HADA aims to provide intelligent:

Aggregation of this data to support information discovery

Interoperability amongst the different systems

Fine-grained Access Control

Using Semantic Web principles




WWW

Docs

Semantic Database

Public Data

EPLC and other docsDataData

Enterprise Repositories

Data Access Rules Who can see what?

Web Application

She searches for a specific IT Investment cost

IT asset information are pre-aggregated from multiple data sources Which are

stored in a database

Access rules are checked to grant or restrict access to the IT Investment Cost

If she has access, she can view the Investment cost



XML

CPIC Repositories Code, Documentation, Etc. Repositories

Content Extraction Layer

Semantic Layer

Data Layer

Instance data

Extracted instance data in XML format

System Content Extraction

DocsCode Etc.

Metadata Extraction and Manual Clarification

XML

Semantic Transformation and Synthesis

XML

XML

XML

Existing Ontologies

Semantic Model

Transformation

Presentation and

Navigation of Content Presentation Layer

EA Repositories

(e.g. FEA)

Semantic Database


Privacy Layer

Privacy Preference ManagerEnforcement

of Privacy Policies

Privacy Preferences Repositories




Publishing Linked Data using the Linked Data API

• A RESTful API over RDF graphs • Acts as a proxy over SPARQL endpoints• Easy-to-process representations of resources

Indexing and searching RDF data using SIREn

“A Lucene plugin to efficiently index and query RDF, as well as any textual document with an arbitrary amount of metadata fields”

Storing RDF data using Sesame and ARC over MySQL



Subject Predicate Object Context

HADA hasName “HHS IT Asset Discovery Application”

HEAR

HADA hasAcronym “HADA” HEAR

HADA hasCost $12345 CPIC

HADA hasIPAddress 107.20.137.210

HEAR

HADA belongsTo HHS HEAR

HADA hasLabel “Health and Human Services Asset Discovery Application”

ITDashboard

HADA hasAcronym “HADA” ITDashboard

More than one rule can be applied to each data element

Attribute based access and fine grained access




Privacy Preference Ontology

Namespace: http://vocab.deri.ie/ppo#

ppo:PrivacyPreference

rdfs:Resource

rdfs:Resource

rdf:Statement

rdf:Statement

trix:Graphtrix:Graph

void:Dataset

void:Dataset

rdfs:Resource

rdfs:Resource

ppo:appliesToStatement

ppo:appliesToNamedGraph

ppo:appliesToDataset

ppo:appliesToResource

ppo:appliesToContext

Applies ToApplies To

ppo:Conditionppo:Condition

ppo:ConditionOperator

ppo:ConditionOperator

rdfs:Resourcerdfs:Resource rdfs:Resource

rdfs:Resource rdfs:Classrdfs:Class rdfs:Classrdfs:Class rdfs:Literalrdfs:Literal rdfs:Propoertyrdfs:Propoerty

ppo:hasLogicalOperator

ppo:hasCondition

ppo:hasConditionOperator

ppo:conditionOperatorOf

ppo:hasPropertyppo:hasLiteralppo:classAsSubjectppo:resourceAsObjectppo:resourceAsSubject

wo:Weightwo:Weightppo:hasPriority

ppo:Operatorppo:Operator

ppo:classAsObject

ppo:hasChildConditionOperator

ConditionsConditions

ppo:AccessSpaceppo:AccessSpace

foaf:Agent

foaf:Agent rdfs:Literalrdfs:Literal

ppo:hasAccessQueryppo:hasAccessAgent

ppo:hasAccessSpace

Access Test QueriesAccess Test Queries

acl:Accessacl:Accessacl:Accessacl:Access

ppo:hasNoAccess ppo:hasAccess

Access Control PrivilegesAccess Control Privileges




PREFIX ppo: <http://vocab.deri.ie/ppo#> .PREFIX hada: <http://hprod.dyndns.org/> .

hada:pp1 a ppo:PrivacyPreference;

ppo:appliesToResource <http://hprod.dyndns.org/hada/Investment/90000001>;

ppo:hasAccess acl:Read;

ppo:hasAccessSpace [ ppo:hasAccessQuery "ASK {?x foaf:topic_interest

<http://hprod.dyndns.org/hada/vocab/Asset>}"].





Privacy PreferencePrivacy Preference

90000001 acl:Read

Who is interested in Asset

ppo:appliesToResource ppo:hasAccessQuery

ppo:hasAccess




Privacy Preference Manager

User


SPARQL EndpointSPARQL Endpoint

RDF Documents

Privacy Preferences Repositories

Privacy Preference Manager provides:

• Creating privacy preferences • Enforcing privacy preferences



Enforcing Privacy Policies

RDF Data Retriever & Parser

RDF Data Retriever & Parser

Privacy Preferences

Enforcer

Privacy Preferences

Enforcer

Privacy Preferences

Creator

Privacy Preferences

Creator

Privacy Preference

s

Privacy Preference

s

John

Request

Request RDF DATA

Logs In

John’s Profile


Query

PrivacyPreference

Filtered RDF Data

Query RDF DataAccess Query Result

Request John’s RDF Profile


RDF Documents



Towards Patient Controlled Privacy

Privacy PreferenceManager

Alex

Privacy PreferenceManager

John


RDF Documents

HHS is exploring to use on healthdata.gov:• Linked Data API for publishing Linked Data• Privacy Preference Framework to provide the

Patient to control third party access to his/her health data


RDF Documents

Privacy PreferencesPrivacy Preferences

Interface Interface



Links

HADA: http://hprod.dyndns.org/

Linked Data API: http://code.google.com/p/linked-data-api/

SIREn: http://siren.sindice.com/ Sesame: http://www.openrdf.org/

PPO Namespace URI: http://vocab.deri.ie/ppo# PPM Screencasts:

Creating Privacy Preferences: http://bit.ly/p0N1Vi Viewing Filtered Triples: http://bit.ly/qiAdxT

Email: [email protected]

digital enterprise research institute hada – an access controlled application for publishing and...

Documents

different data models

multiple data sourceswhich

linked data apia restful

access controlled application

rdf graphs

query rdf

metadata extraction

investment costif