Fig-30: Interoperation across contexts.
This section satisfied Reqs. D1.2-2.23-SemIOP, D1.2-3.14-PIIPolicyDisco, and D1.2-3.15-SecPreserve.
Fig-30: Interoperation across contexts.
A semantic interoperability provides different mechanisms to map ontological entities from heterogeneous entities. Castano et al. [Castano07] identify two main categories of ontology matching techniques; namely linguistic and contextual matching techniques. Linguistic techniques evaluate the similarity among ontological content (i.e. classes, roles and instances) based on their names or labels. The main characteristic of these techniques is that they evaluate the similarity between two strings of characters. For example, the edit distance counts the minimum number of changes, such as insertion, deletion and replacement of characters, required to transform one string into the other string [Levenshtein66]. Although linguistic techniques often provide highly precise mappings, these techniques tend to fail when there is little lexical overlap between the labels of ontological entities. Contextual matching techniques can remedy this problem by assuming that some of the meaning of an entity is conveyed by its context. For example, Dieng and Hug [Dieng98] calculate the similarity between two concepts based on their direct super-classes and/or direct subclasses and/or sibling classes. The semantic interoperability engine will include different algorithm of these types, and thus be able to deal with a wide range of mismatches. As a result, multiple organisations using different conceptualisation will be able to interoperate to achieve a common goal.
As shown in Fig-30, the Semantic Interoperability Engine (SIE) works at conceptual level. It can be used process the two ontologies to produce Transforms that may be stored for later use. SIE can run as a scheduled batch to update the transforms, or change in either ontology can be used to trigger SIE. Finally it may be possible to invoke SIE dynamically whenever an existing transform is not yet available.
At runtime an efficient Transformer uses the Transforms to translate data in the messages that are exchanged. TAS3 focus is on using this mechanism to transform security, trust, and privacy related attributes such as roles. However, the mechanism in itself could be used for payload data transformation as well. The transform can be done in sending or receiving end. The Transformed has to be positioned such that each PEP (which calls PDP, passing the attributes along) will have the security related attributes in its own vocabulary. In the sending end this means after authorization, in receiving end before authorization.