2010 Third International Conference on Communication Theory, Reliability, and Quality of Service
Toward User-centric Privacy-aware User Profile
Ontology for Future Services
Zahid Iqbal, Josef Noll, Sarfraz Alam, Mohammad M. R. Chowdhury
University Graduate Center, UNIK
Kjeller, Norway
{zahid, josef, sarfraz, mohammad}@unik.no
propose a semantically enhanced user-centric personalization
approach where everything is under perceived control of user
and assented to user defined policies. The core of our approach
is a semantic enhance user-centric user profile (UCUP) that
captures all the user related information. Additionally, user
creates their user profiles on various social network sites
where they explicitly provide preferences and interests and
even though this information is accessible by third parties
but traditional service provider’s side personalization approach
does not consider information available on social network sites
for personalization. Our proposed user-centric personalization
approach is not only capable of creating user profile semiautomatically, but also enhances user profile from different
user’s social network sites. The paper makes the following
contributions:
• We propose privacy-aware user centered personalization
approach that can be utilized in different usage scenarios
regardless of domain.
• We describe profile enhancement procedure from social
network sites and refinement procedure to incorporate
not only new preferences but also confine it to the most
operable preferences.
• We characterize the design options available and present
our implementation of user-centric personalization process through rule based reasoning (RBR).
The rest of the paper is organized as follows. Section II
discusses related work. Section III provides the detail of usercentric personalization process. Section IV outlines profile
and privacy enhancement mechanism. Section V presents
implementation detail of proposed user-centric privacy personalization approach. We discuss the objectives achieved by
our design and some of the key open issues in Section VI.
Abstract—Personalization is one of the key features of the
future Internet. However, the success of personalized services
mostly relies on user profiles. Therefore, a generic, shareable,
and reusable user profile is crucial for service providers for the
uptake of personalized services. This paper proposes a usercentric personalization approach. The core of this approach
is a user-centric user profile where user is in the center and
experience perceived control over his information. We use Ontology Web Language (OWL-DL) to formally represent user
relevant information in ontology. We present profile and privacy
enhancement mechanism to increase profile applicability and
user privacy respectively. The paper also offers a policy based
approach to ensure authorized access of user profiles among
third parties. Furthermore, we formally represent authorization
policies by exploiting Semantic Web Rule Language (SWRL) and
evaluate policies by employing Semantic Query Enhanced Web
Rule Language (SQWRL).
Index Terms—User Profile, Semantic Web, Social Network,
Personalization, Policy, Privacy
I. I NTRODUCTION
In current Web 2.0 paradigm, many websites entail user
profiles, where user explicitly or implicitly describe their
preferences and interests to procure services pertinent to their
preferences. People are facing information overabundance
problem with the convergence of Web technologies, Telco
and Media. The reason is that all service providers who
deliver personalized services are not retaining one generic
user profile that can be shared, reused and accessed to deliver
personalized services. Moreover, user profile is maintained on
service provider’s side and user does not know how and with
whom his profile is shared. This can lead to the dilemma of
information misuse and privacy breach. Therefore, user-centric
user profile with perceived user control is highly demanding
that can be accessed by service providers as well as friends.
ETSI user profile guideline [4], 3GPP GUP specification [3]
and MAGNET Project profile specification [2] among others
are first initiatives towards standardization of user profile
structure. Having a generic profile and standardized profile
structure will only solve reusability and applicability issues.
However, other issues such as privacy, profile enhancement
and refinement still research issues to be solved.
Traditionally, personalization is performed on the service
provider’s side where service provider keeps track of user
each and every action/interaction. The main reason behind this
usage logging is to provide more personalized services but it
could be possible to misuse this information. Therefore, we
978-0-7695-4070-2/10 $26.00 © 2010 IEEE
DOI 10.1109/CTRQ.2010.49
II. R ELATED W ORK
Many research initiatives dealing with the personalization
propose using user profile. Current state of art user profile
has just focus on linking people with things and activities
[1] and only basic aspects of user [5](such as demographics,
abilities to the psychological and physiological human features
like personality, emotional state, mental state and nutrition,
etc.). They are not well suited for context-aware personalized
services.
Today, even more international standardization bodies and
industry forums are working on issues related to user profiles and personalization. The Generic User Profile (GUP)
249
specification [3] is one of the 3GPP initiatives to provide
personalized services delivery within the operators domain.
The GUP aggregates user related information (such as user
description, user services, user devices etc.) to provide personalized service delivery in a standardized manner. GUP defines
a global schema of the user profile in XML. GUP is based on
XML so it cannot provide any intended meaning to associated
data and only constrain the structure of GUP profile. Similarly,
ETSI has published a comprehensive user profile guide [4] and
suggests that details of user and their personal requirements
are included in a user profile in such a way that the system may
use them to deliver the required behaviors and information in
a profile. However, ETSI is focused on user profile structure
and management only from telco perspective.
Some research works use OWL to develop user profile. For
instance SPICE project [6] proposes a Mobile Ontology, which
comprises of one core ontology and various sub ontologies
such as services, context, profile and presence sub ontologies.
All these sub ontologies are linked to the core ontology.
The profile ontology contains the user information particularly
situation-dependent preferences and the structure. Likewise
in [7], authors propose user profile ontology and present
technique for creation and discovery of user profile. However,
these works lack in terms of expressivity as these are heavily
dependent on FOAF vocabulary.
MAGNET Beyond [8] is a well known IST-FP6 project
that addresses the personalized service delivery in the context
of personal area network. It captures the user’s information
and preferences in an ontology using OWL. The MAGNET
Beyond user profile ontology is created by asking questions
through generic template. The MAGNET Beyond user profile provides the concept of person, role and identity where
person’s role together with their identities link various parts
of user profile. MAGNET Beyond ontology is specifically
targeted for personal area environment scenarios.
Some of the prior works have considered expressing social
network sites related preferences in user profile [9]. However,
these preferences are only limited to how a person’s friend or
category of friend can reach him in a specific situation and
how Services (e.g., vibrate, ring, voice message) can inform
or notify him from a mobile phone.
Few research works [10][11] consider enhancement of user
profile information from social network sites. However, none
of aforementioned works address how to select the most
operable preferences and confine the user profile to those
preferences.
The profile setup gets user social network sites membership
information from user basic profile, allowing profile setup to
retrieve more information about user’s preferences, groups and
friends. In turns, this leads to implicit user feedback, where
user information is collected without any intervention of user.
B. User profiling
The core function of user profiling component is to capture all the necessary information from profile setup, context
watcher and to represent that information in ontology (i.e.,
UCUP). User profile also links to other user profile, which
is distributed on several sites and devices. For instance, user
profile may link user private profile containing sensitive information, and store in user’s mobile device.
C. Context watcher
Context watcher detects the user’s current physical location,
time, current activity from multiple context sources. User profiling component captures this context information in form of
ontology, which later can be utilized with the combination of
user’s preferences or group of preferences for personalization.
D. Match making
The match making component behaves like a black box,
which receives user preferences, context information from user
profile and services offer from service providers. Based on
these inputs a matching algorithm (i.e., rule based reasoning)
will provide the best match, resulting in a personalized list of
services.
E. List of services
The List of Services displays available matched services,
which are filtered out from the match making component. This
prevents user from extensive search and navigation operation
on directly provided list of services from different service
providers. Therefore, the match making component acts as a
barrier and does not allow service providers to bypass it and
obviates user from information overabundance.
F. Usage monitoring
The usage monitoring component continuously monitors the
user’s selected list of services and establishes the service usage
history. In this manner, usage monitor will update the user
profile according to user’s service usage and actions. The main
objective behind the monitoring component is to ensure the
automatic learning of the user profile concerning the user’s
preferences and service usage.
III. U SER -C ENTRIC P ERSONALIZATION P ROCESS
The overall personalization process including components
is depicted in figure 1. The process supports various components involvement for creation and management of user
profile, suggestion of personalized services, and log of user’s
actions/interactions to ensure automatic learning process
IV. P ROFILE AND P RIVACY E NHANCED (PA PE)
M ECHANISM
A. Profile setup
Profile setup creates a basic user profile with explicit user
feedback. The basic user profile contains demographic information including social network sites membership IDs of user.
Having described personalization process, in this section
we will outline the detail of profile and privacy enhancement
mechanism.
250
Figure 1.
User-centric personalization process
A. Profile Enhancement
that user information is only disclosed to authorize parties.
By virtue of authorization polices, third parties can only
access parts of federated user profile where user has already
accorded access. Hence, it will facilitate more fine grained
access control towards user profile information, which in
turns will increase user privacy. Before delving into details
of authorization polices here we will briefly introduce two
options available to specify authorization polices.
Our proposed user-centric user profile approach is capable
enough to enhance the user profile through social networks.
Facebook is one of the most popular social network sites between people of all ages and background. People describe their
interest, build friendships and relationships and share contents.
Facebook contains profile feature where user can provide
all their relevant information. Currently, Facebook requires
Basic Information, Personal Information, Contact Information,
Education and Work Information. All these information can be
utilized by different service providers in different domains. For
instance, Personal information mostly contains the information
about Favorite Music, Favorite TV Shows, Favorite Movie,
Favorite Books and Favorite Quotations. In addition to that,
Facebook also has provisioning to get information about
user Activities and Interests. In our proposed personalization
process, profile setup component will interact with Facebook
by using Facebook APIs [12] in order to access personal and
social information about user. Later, profile setup will map
this information with our UCUP ontology to unify the data
and enhance the user profile with newly captured information
from the Facebook.
We propose a generation base algorithm that restrict the
user profile to the most operable preferences. The algorithm
has three generations: (i)baby, (ii) young, and (iii) old. It
also assigns a status value to each preference based on user
specified time limit. The algorithm treats inactive preferences
as garbage and collect them under old generation. We use
reasoning capabilities to ascertain the generation of each user
preferences defined in user profile.
•
•
B. Privacy Enhancement
Distributed nature of UCUP is enforced to provide a way
for maintaining user defined authorization policies, ensuring
Semantic Web Rule Language (SWRL) [13]: is a combination of RuleML and OWL-DL [14]. In SWRL, rules
are expressed in terms of OWL concepts i.e., classes,
properties, individuals and literals. Rules are written
in the form of Horn clauses antecedent (body) and
consequent (head) where implication combines both the
antecedent and consequent together. SWRL expressivity
can be expanded with built-ins that provide traditional
operations for comparison, mathematical transformation
and URI construction. SRWL also enhances the expressivity by taking OWL expression (i.e., restrictions) in the
antecedent or consequent of a rule but at the cost of
undecidability. However, the undecidability issue can be
resolved with DL-Safe rules [15]. The DL-Safe rule binds
only known instances in ontology to rule variables. This
restriction is sufficient to make SWRL rules decidable.
JENA: rules are based on XSB [16] logic programming
system. Jena rules have their own syntax for describing
rules in a forward chaining mode, backward chaining
mode or a hybrid of both modes. The chaining mode
can be specified by changing the arrow direction in the
rule syntax. Similar to SWRL, Jena rules provide builtins operators to perform various calculation and string
manipulations.
Since SWRL is defacto standard for expressing rules in
semantic web and it is independent of specifying chaining
251
mode of rules therefore in this paper we selected SWRL to
describe authorization polices.
The parts of the proposed UCUP are distributed over devices
and network storages. The profile can be stored in parts in
network storage and distributed over the devices controlled by
the user himself. This distributed nature will ensure both user
profile security and privacy. There is a synchronization mechanism between the devices and networks in order to maintain
a consistent UCUP. The proposed distributed UCUP profile
works in a federated environment because certain operations
relevant to the UCUP and the exchange of information should
follow an agreed-upon standard. The federated environment
ensures the interoperability and unambiguity. However the
details of the distributed UCUP and the federated environment
are beyond the scope of this paper.
refine our TrustType class definition and restrict its range to
aforementioned three options.
T rustT ype
≡ Direct ∪ Reputation ∪ History
Further, we define different datatype properties to establish
link between objects and data value. Similarly we use object
properties to establish link between objects of different classes
by assigning domain and range of each property. This domain
and range assignment does not act as constrains but rather
assists reasoned to infer the class of objects. Some of UCUP
object properties are listed in table I.
B. Realization of policies
We employ SWRL for representing policies because SWRL
is a platform independent rule language that understands the
OWL-DL semantics. The definitions of the policies are as
follows.
Definition 1: If Sabina is in Shopping Mall only service
providers can have access to public profile.
V. U SER C ENTRIC U SER P ROFILE (UCUP) O NTOLOGY
This section outlines the underlying formalism and implementation detail of the ontology proposed in this paper.
A. Realization of UCUP Ontology
P erson (?SABIN A) ∧
The proposed user-centric user profile is formal representation of various user related information. We use OWL-DL to
develop the UCUP ontology. While designing UCUP we followed different ontology design patterns and in this paper we
used description login syntax for formal definitions of different
UCUP concepts. The UCUP comprises of both defined (i.e.,
contain at least one set of necessary and sufficient conditions)
and primitive (i.e., contain only necessary conditions) classes.
Figure 2 illustrates the core concepts of UCUP. The UCUP
also contains the concept of Trust and TrustedParties that later
will use for policy evaluation to accord access to different
types of user profiles. In this regard, we define ThirdParties
class as union of ServiceProviders and Friends class, and then
subsume it to TrustedParties. The definition is as follows:
P ublicP rof ile (?pubP rof ile) ∧
hasContectInf o (?pubP rof ile, ?context) ∧
hasLocation (?context, ?SHOP P IN GM ALL) ∧
ServiceP rovider (?sp)
−→ canAccess (?sp, ?pubP rof ile)
Definition 2: Sabina social network friend with trust level
greater than 90% can access only social profile.
P erson (?SABIN A) ∧
SocialP rof ile (?soP rof ile) ∧
hasSocialF riends (?soP rof ile, ?snf ) ∧
hasT rustV alue (?snf, ?tv) ∧
swrlb : greaterT hen (?tv, 0.9)
T hirdP arties ≡ ServiceP roviders ∪ F riends
−→ canAccess (?snf, ?soP rof ile)
T rustedP arties
⊑
and
T hirdP arties
∋ hasT rust.T rust
Definition 3: Service provider with trust level greater than
90% can have access to ”credit card info” from private profile.
We anticipate trust as multi-context and multi-type relative
concept that depends upon different factors. The definition of
trust is:
T rust
⊑
and
owl : T hing
∋ hasT rustT ype.T rustT ype
and
and
and
∋ hasT rustV alue.T rustV alue
∋ inContext.T rustContext
∋ f orT ime.T imeSlot
and
∋ hasDirection.T rustDirection
P erson (?SABIN A) ∧
P rivateP rof ile (?priP rof ile) ∧
SensitiveInf o (?sInf o) ∧
hasInf o (?priP rof ile, ?sInf o) ∧
T rustedP arties (?tp) ∧
hasT rustV alue (?tp, ?tv) ∧
swrlb : greaterT hen (?tv, 0.9)
−→ canAccess (?tp, ?priP rof ile)
Note that, in this paper the focus is on formally represent the
policies using SWRL and evaluate them using RBR. However,
policy enforcement is beyond the scope of this paper and will
appear in our future publication.
The type of trust is based on how initially trust is established. There are three options (a) direct, (b) reputation,
and (c) History. We use value partition design pattern to
252
Figure 2.
UCUP Ontology Core Concepts
Table I
L IST OF PROPERTIES WITH THEIR DOMAIN AND RANGE
Property
hasTrust
hasTrustDirection
inContext
hasTrustType
canAccess
hasInfo
hasType
Domain
Trust
Trust
Trust
Trust
ServiceProviders, SocialNetworkFriends
Profile
Profile
Range
Person
TrustDirection
TrustContext
TrustType
Profile
ProfileInfo
ProfileType
inconsumable preferences are either removed from user profile
or do not consider them for personalization. Currently, user
assigns time limit on status of the preferences. These time
limits are static and need to be adjusted dynamically according
to service consumption and service usage history.
User-centric user profile is distributed in nature and we
proposed to store different parts of user profiles on different
devices and network. For instance, sensitive information can
be stored in SIM card, other part of information can be stored
in personal devices and some other parts can be stored in
network. In case if part of user profile is compromised, the
distributed nature of user profile prevents compromise of other
parts of user profile. In addition, user can link various part of
user profile to various applications/services or vice versa.
While our explorations address many of the design challenges in realizing the benefits of Semantic Web technology
in user profile modeling , but we did not discuss policy
enforcement, synchronization of distributed hosted profiles and
management framework for the user profile.
VI. D ISCUSSION
We described the personalization process and proposed
mechanism for profile and privacy enhancement.
Privacy about user related information is enhanced by applying authorization polices on various parts and types of user
profile. We defined these authorization polices using SWRL
thus, enabling reasoning on top of user profile. We have shown
that how rule based reasoning can be applied to evaluate
the authorization polices. Furthermore, we defined trust as
unidirectional relationship including trust type. This will also
assist user during policy definition stage. For instance, user
can define policies that only directly known third parties can
access user business information.
Our proposed profile enhancement mechanism is accomplished by capturing user related information from social
network sites. For instance, currently profile setup captures
the user related information from Facebook through Facebook
APIs. This mechanism does not require the intervention of
user in order to collect information. Therefore, the user profile
creation mechanism is semi-automatic. Likewise, other social
network sites such as MySpace and twitter can also be used
in the enhancement mechanism but then concept mapping
mechanism will be required. However, this issue can be
resolved by having a common vocabulary.
We anticipated that user profile grows over time and user
preferences changes due to any significant event or emotion
occurrence. Therefore, user profile must be kept compact and
VII. C ONCLUSION
In this paper, we have described the significance of usercentric profile that aggregate information about user from
heterogeneous sources. Social Network sites encourage people
to publish and share contents among their friends but this
information are not well utilized by service providers for
personalization. We have proposed a semantic enhance user
253
profile that can leverage the personalization process. The process of creating and enhancing of user profile can be performed
by retrieving information from various social network sites
to make user-centric profile more dynamic and flexible. This
enhancement can lead to information overabundence problem.
However, our proposed refinement algorithm alleviates the
information overabundence problem by restricting user profile
to the most operable preferences. The distributed nature of
user profile makes it accessible by third parties but in turn it
will raise privacy concern of user about its information. Our
policy based approach restrict access to various part of user
profile and hence, mitigate the user privacy concerns.
Our ongoing and future work includes development of user
profile management system. The development of an algorithm
to capture the trust among social network friends based on
their relationship is also subject to future work.
ACKNOWLEDGMENT
This work is in parts supported by the ITEA WellCom
Project and Norwegian Research Council.
R EFERENCES
[1] FOAF Project, http://www.foaf-project.org/ [accessed on March 29, 2010]
[2] MAGNET Project, http://www.telecom.ece.ntua.gr/magnet/index.html
[accessed on March 29, 2010]
[3] 3GPP TS 29.240, ”3GPP Generic User Profile, Stage 3, Release 6”, http:
//www.3gpp.org/ftp/Specs/html-info/29240.htm [accessed on March 29,
2010]
[4] Human factors (HF); User profile management, ETSI Guide EG 202 325
v1.1.1, http://webapp.etsi.org/action/PU/20051018/eg 202325v010101p.
pdf [accessed on March 29, 2010]
[5] D. Heckmann, E. Schwarzkopf, J. Mori, D. Dengler, A. Kroner, ”The
user model and context ontology GUMO revisited for future Web 2.0
Extensions”, Contexts and Ontologies: Representation and Reasoning,
pp.37-46
[6] IST FP6 Spice project, http://www.ist-spice.org/ [accessed on March 29,
2010]
[7] R. Gosh, M. Dekhil, ”Discovering User Profiles”, Proceedings of the 18th
international conference on World wide web, 2009
[8] IST-027396 Magnet Beyond, ”The role of user profiles in PN services
and context awareness” , http://magnet.aau.dk/, [accessed on March 29,
2010]
[9] J. Stan, E. Egyed-Zsigmond, A. Joly, P. Maret, ”A user profile ontology
for situation-aware social networking” , 3rd Workshop on Artificial
Intelligence Techniques for Ambient Intelligence, 2008
[10] X. Ding, Y. Li, Y. Zhao, ”A framework of user model based on Semisupervised techniques”, Proceedings of the IEEE International Conference
on e-Business Engineering, 2008
[11] R. Y. Shtykh, Q. Jin, ”Enhancing IR with User-Centric Integrated
Approach of Interest Change Driven Layered Profiling and User Contributions”, Proceedings of the 21st International Conference on Advanced
Information Networking and Applications Workshop, 2007
[12] Facebook API, http://developers.facebook.com/ [accessed on March 29,
2010]
[13] Semantic Web Rule Language, http://www.w3.org/Submission/SWRL/
[accessed on March 29, 2010]
[14] Ontology Web Language, http://www.w3.org/TR/owl-guide/ [accessed
on March 29, 2010]
[15] B. Motika, U. Sattlerb, R. Studera, ”Query Answering for OWL-DL with
Rules”, in Web Semantics: Science, Services and Agents on the World
Wide Web journal. Volume 3, Issue 1, July 2005, Pages 41-60
[16] XSB, http://xsb.sourceforge.net/ [accessed on March 29, 2010]
[17] J. Golbeck and U. Kuter, ”The Ripple Effect: Change in Trust and its
impact over a social network”, Computing with Social Trust, Springer
2008
254