We show how Semantic Web technologies can be used to build an access control system. We follow the role-based access control approach (RBAC) and extend it with contextual attributes. Our approach provides for the dynamic association of roles with users. A Description Logic (DL) reasoner is used to classify both users and resources, and verify the consistency of the access control policies. We mitigate the limited expressive power of the DL formalism by refining the output of the DL reasoner with SPARQL queries. Finally, we provide a proof-ofconcept implementation of the system written in Java.TM
Lorenzo Cirio, Isabel F. Cruz, Roberto Tamassia