Sharing and hiding online secrets. Using social relation and tag ontology in social software access control
| Published date | 22 June 2010 |
| Date | 22 June 2010 |
| DOI | https://doi.org/10.1108/14684521011054044 |
| Pages | 377-394 |
| Author | Chi‐Lun Liu |
| Subject Matter | Information & knowledge management,Library & information science |
Sharing and hiding online secrets
Using social relation and tag ontology in
social software access control
Chi-Lun Liu
Kainan University, Taoyuan County, Taiwan
Abstract
Purpose – This paper aims to manage access control tasks to satisfy the user privacy needs of online
information resources according to social relations and tags.
Design/methodology/approach – The study proposes a method for access control management in
the online social context. The proposed method includes the access control policy management
process, metadata of access control policies, the data of ontologies, tags, and social relations, and
conflict detection rules.
Findings – Online information sharing and hiding, which needs to consider social relations and
mentioned topics, is a unique context and needs a novel access control mechanism. Ontologies are
powerful and expressive enough to identify conflicts in access control policies. The paper provides a
method using ontologies to control the access control activities based on social relations and tags on
web content. The effectiveness of the method’s conflict detection rules is validated through several
scenarios.
Research limitations/implications – To make the proposed method suitable for widespread
usage, further work is required to develop an access control policy specification and conflict
detection tool. The proposed method introduces relatively novel usage scenarios, which consider
social relationships, and tags compared with existing access control methods for online information
sharing.
Practical implications – The proposed access control mechanism can be integrated into existing
web sites. Online users can use this method to share information more easily than at present.
Originality/value – The method enables flexible access control in social contexts and handles
unavoidable conflicts. It also opens the way to new access control scenarios in online social activities.
The method can be used to keep secrets hidden from selected people.
Keywords Information control, Public relations,Conflict
Paper type Research paper
Introduction
In the web era, sharing information among friends, colleagues, classmates, and
relatives is a part of daily activities for online users. Hence social software is emerging
as a widespread personal information exchange and sharing tool. There are various
forms of social software, such as blogs and bulletin boards. Blogs are a recent
mainstream form of social software (Tepper, 2003). Many online users use blogs to
communicate with one another. Unlike other kinds of software systems the
characteristics of recent social software are twofold: social relations and tags
(Counts et al., 2006). Social relations are interactive relationships among users in social
networks. Tags are labels or keywords to describe features of web content.
Keeping secrets private within groups is important in online social activities.
However there is no satisfactory access control mechanism for protecting private data
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1468-4527.htm
Sharing and
hiding online
secrets
377
Refereed article received
8 April 2009
Approved for publication
21 January 2010
Online Information Review
Vol. 34 No. 3, 2010
pp. 377-394
qEmerald Group Publishing Limited
1468-4527
DOI 10.1108/14684521011054044
in today’s web systems such as blogs (Cho et al., 2008). The goal of access control
mechanisms is to achieve confidentiality and integrity in information sharing activities
(Ferraiolo et al., 2003; Samarati and Capitani de Vimercati, 2001; He and Anto
´n, 2009).
Confidentiality means that private information is not revealed to unauthorised people.
Integrity means that unauthorised people cannot modify information. This study
focuses on confidentiality.
Specifying access control policies and analysing conflicts are two major challenges
for access control mechanisms (He and Anto
´n, 2009). Throughout this paper,
access control policies are used to assign availability of resources in a system
(Tolone et al., 2005). However there will be conflicts over the access control policies (Li
et al., 2007). Conflicts are contradictions during access control specification and
execution.
This paper proposes a new access control management methodology for online
social activities. Managing access control in the social context is different from other
contexts because the social context has unique characteristics including
interpersonal relationships and tags, which are common in social software. The
proposed methodology includes an access control management process and policy
metadata. The proposed management process shows how to specify and analyse
access control policies step by step. The proposed policy metadata reveals what
information should be considered during policy specification and execution. To
detect conflicts in the proposed process, configurable ontologies and social and tag
setting are used. An ontology is a shared conceptualisation (Gruninger and Lee,
2002) to represent a domain knowledge structure. The elements of an ontology are
concepts and semantic relationships (e.g. kind, composition, and antonym
relationships). Using ontologies is a feasible and effective strategy for conflict
detection (Liu, 2009). Social and tag setting includes users’ social relations and web
content tags. A set of rules based on ontology and social software settings are
proposed and validated by examples.
The access control mechanism in this study involves five conceptual levels. These
levels from bottom to top are: access, access control, access control management,
access control management process, and access control management policy. Access is
the most fundamental level and means offering users a convenient channel to obtain
desired information. Access control means prohibiting users from getting desired
information, unless they have the authority to do so. Access control management
involves controlling and analysing how access control works. An access control
management process offers a step-by-step workflow for access control management.
An access control management policy governs access control policies from an
administrative perspective.
An access control policy comprises the access control policy metadata and
ontological concepts in this study. Here is an example to clarify how the access control
policy metadata and ontology work together for conflict analysis in access control
policies. The policy metadata contains social relations, permissions, and tags. It is used
to express an access control policy: “My friend (social relation) can read (permission)
web content labelled with friend party (tag)”. The other access control policy is “My
friend (social relation) cannot read (permission) web content labelled with party (tag)”.
An ontology shows that party is a parent of friend party. According to the previous
two policies and the ontology, there is a conflict that should be reconciled.
OIR
34,3
378
To continue reading
Request your trial