Aligning Semantic Web applications with network access controls

Access controls for Semantic Web applications are commonly considered at the level of the application-domain and do not necessarily consider the security controls of the underlying infrastructure to any great extent. Low-level network access controls such as firewalls and proxies are considered part of providing a generic network infrastructure that hosts a variety of Semantic Web applications and is independent of the application-level access control services. For example, it is unusual to include firewall policy rules in an application policy that constrain the kinds of application information different principals may access. As a consequence, an improperly configured infrastructure may unintentionally hinder the normal operation of a Semantic Web application. Simply opening a firewall for HTTP and HTTPS services does not necessarily result in a proper configuration. Taking an ontology-based approach, this paper considers how a firewall configuration should be analyzed with respect to the Semantic Web application(s) that it hosts.