SemTech 2008 Talks; and Some Thoughts about OWL-based Policy Management
by Kendall Clark
So we talked about 5 or 6 SemTech 2008 proposals based on our products, services, and technology bits. The guys convinced me that of those 6 ideas, there were 4 actual, strong proposals:
- A Pellet tutorial
- A talk about Pronto, our probabilistic reasoner integrated with Pellet
- A talk about XACML-DL, our XACML policy analyzer
- A talk about JSpace, our Linked Data browser
I thought we had a very small chance for (1)-(3), but a better than 50% chance for (4); my reasons were based on what typically shows up at SemTech, the interests of the organizers (in my view), and past talks that have been accepted.
Hence, I was a bit surprised when we got notifications today that (1) and (3) were accepted; (4) was not accepted; and we haven’t heard back on (2), though I’m assuming that it won’t be accepted.
(Update: Actually, the talk on Pronto was accepted, they just sent notification quite late. This is interesting because while we think, long term, there is commercial utility here, it really is quite a complex subject. One thing I realized in watching Pavel do this work over the summer is how surprising valid probabilistic reasoning can be.)
The Pellet talk is called “What to do with an OWL Reasoner”, and we’re hopeful there will be people who attend SemTech for whom that’s an interesting question. I was very surprised that the talk on XACML-DL got in, not because it’s not an interesting bit of tech, since it is, but more because we haven’t said much, if anything publicly about it yet. It has no buzz whatever.
We think policy management may be the big win for OWL in the enterprise space; but it’s still very much a dark horse.
Just as a précis: our XACML-DL analyzer, based on Pellet, for a near arbitrary set of XACML policies, can:- perform formal policy verification and deep testing (think HTTP unit testing, only way sexier);
- perform policy change analysis;
- detect policy redundancy;
- perform policy repair, debugging, and explanation;
- support policy federation (disjointness checking, etc);
- perform policy set optimization.
I’ve recently started saying, to explain the commercial appeal of policy management generally, that every IT solution creates, eventually, a new round of IT problems, and XACML is a perfect example of that. So you’ve moved from procedural and imperative ACL code all over yr enterprise to declarative, orthogonal ACL decision points using XACML. That’s potentially a huge win in programmer productivity, in security quality, and in compliance. But now that you’ve got a few thousand XML files describing yr ACL policies, how the hell are you going to manage them? Are they game-able? Are they coherent? Are there redundancies and, thus, inefficiences?
Who knows and how does one go about finding out?
Those are precisely the kinds of management services for domain-specific policies that OWL is well-suited for, and there lots and lots of such policy languages out there in the world.