Name: Abdelghani Chibani

Institution: Paris XII/Paris-Est University

 

Abdelghani CHIBANI was awarded a PhD in Computer Science from Paris XII University and an MSc in Computer Science from EDITE joint doctoral school between Paris 6 University and SupTelecom Paris School “École Nationale Supérieure des Télécommunications (ENST) ». After 9 years as research engineer and senior consultant in SOA, identity and access management systems at Atos Origin, CityPassenger and BULL/Evidian, he is now an associate Professor “Maître de conferences” at the Paris XII/Paris-Est University.  

For 6 years, Abdelghani research interests in Computer Science concern the use of Ontology Knowledge Engineering and Modelling techniques to build a semantic middleware for context aware and secure Ubiquitous computing (ubicomp) systems.  He gained an extensive collaboration with different European companies, in the field of security and ubiquitous computing, (Citypassenger, Bull/Evidian, Thales 3DS, Gemalto and Alcatel), through different European and national funded projects (FP6 IST C@R, ITEA Expeshare, Exoticus, Sembysem and Mulitpol). Actually, Abdelghani is focusing his research work on semantic management of services and users, in particular tackling to issues related to identity and access management across multi domain ubicomp environments. This work is funded by the MULTIPOL European consortium where Abdelghani is managing the Work package 5. In this latter, he target to build a new semantic framework using a new ontology language on top RBAC and XACML.  This work is then related to the Liberty Alliance, OASIS and W3C activities, in particular those concerning ontology languages and reasoning tools like RDF-S, OWL, SWRL and Drools.

 

 

Abstract

 

This presentation concerns a work in progress to build a semantic interoperability platform that gives users, of independently-administered security domains, with the ability to access IT resources located in another domain, from their origin domain, with sufficient and appropriate security level and access rights. The interoperability between domains will take effect at runtime, when live authorization decisions are taken, and also in an out-of-band mode, in order to compare the semantics and objectives of the security policy of each domain. In the out-of-band mode, our project, will give the IT administrators and security policy managers the ability to compose new and optimized security policies (rules and constraints) to manage access authorization for foreign trusted users in machine translated and understandable semantic annotations, without violating the local security policy.

 

In fact policy languages such Ponder, XACML or WS-Policy offer restricted structures for expressing security policies. They mainly lack semantic expressiveness and multi domain interoperability support. Therefore it is too difficult to compose consortium security policies using different naming entities related to resources, roles, identities, rights, prohibitions and permissions.

 

The targeted policy language will provide a rich semantic describe of a consortium security policy agreement (called also coalition or partnership). Our work takes into account existent semantic policy languages like Rei and KOAS. It goes further by adding to RBAC and XACML constructs that allow conflict detection and resolution on the meta-policy specification layer.

 

On the mean term this language will allow us to propose an extension to liberty alliance recommendations to build an exchangeable personal Wallet that encapsulates semantic description and processing rules of user personal profile, situation and security/privacy preferences. The wallet will be interoperable and its content is machine understandable to guarantee the authentication and protection of users privacy when their personal information are exchanged between independent service providers and organizations.