2010 Third International Conference on Communication Theory, Reliability, and Quality of Service Toward User-centric Privacy-aware User Profile Ontology for Future Services Zahid Iqbal, Josef Noll, Sarfraz Alam, Mohammad M. R. Chowdhury University Graduate Center, UNIK Kjeller, Norway {zahid, josef, sarfraz, mohammad}@unik.no propose a semantically enhanced user-centric personalization approach where everything is under perceived control of user and assented to user defined policies. The core of our approach is a semantic enhance user-centric user profile (UCUP) that captures all the user related information. Additionally, user creates their user profiles on various social network sites where they explicitly provide preferences and interests and even though this information is accessible by third parties but traditional service provider’s side personalization approach does not consider information available on social network sites for personalization. Our proposed user-centric personalization approach is not only capable of creating user profile semiautomatically, but also enhances user profile from different user’s social network sites. The paper makes the following contributions: • We propose privacy-aware user centered personalization approach that can be utilized in different usage scenarios regardless of domain. • We describe profile enhancement procedure from social network sites and refinement procedure to incorporate not only new preferences but also confine it to the most operable preferences. • We characterize the design options available and present our implementation of user-centric personalization process through rule based reasoning (RBR). The rest of the paper is organized as follows. Section II discusses related work. Section III provides the detail of usercentric personalization process. Section IV outlines profile and privacy enhancement mechanism. Section V presents implementation detail of proposed user-centric privacy personalization approach. We discuss the objectives achieved by our design and some of the key open issues in Section VI. Abstract—Personalization is one of the key features of the future Internet. However, the success of personalized services mostly relies on user profiles. Therefore, a generic, shareable, and reusable user profile is crucial for service providers for the uptake of personalized services. This paper proposes a usercentric personalization approach. The core of this approach is a user-centric user profile where user is in the center and experience perceived control over his information. We use Ontology Web Language (OWL-DL) to formally represent user relevant information in ontology. We present profile and privacy enhancement mechanism to increase profile applicability and user privacy respectively. The paper also offers a policy based approach to ensure authorized access of user profiles among third parties. Furthermore, we formally represent authorization policies by exploiting Semantic Web Rule Language (SWRL) and evaluate policies by employing Semantic Query Enhanced Web Rule Language (SQWRL). Index Terms—User Profile, Semantic Web, Social Network, Personalization, Policy, Privacy I. I NTRODUCTION In current Web 2.0 paradigm, many websites entail user profiles, where user explicitly or implicitly describe their preferences and interests to procure services pertinent to their preferences. People are facing information overabundance problem with the convergence of Web technologies, Telco and Media. The reason is that all service providers who deliver personalized services are not retaining one generic user profile that can be shared, reused and accessed to deliver personalized services. Moreover, user profile is maintained on service provider’s side and user does not know how and with whom his profile is shared. This can lead to the dilemma of information misuse and privacy breach. Therefore, user-centric user profile with perceived user control is highly demanding that can be accessed by service providers as well as friends. ETSI user profile guideline [4], 3GPP GUP specification [3] and MAGNET Project profile specification [2] among others are first initiatives towards standardization of user profile structure. Having a generic profile and standardized profile structure will only solve reusability and applicability issues. However, other issues such as privacy, profile enhancement and refinement still research issues to be solved. Traditionally, personalization is performed on the service provider’s side where service provider keeps track of user each and every action/interaction. The main reason behind this usage logging is to provide more personalized services but it could be possible to misuse this information. Therefore, we 978-0-7695-4070-2/10 $26.00 © 2010 IEEE DOI 10.1109/CTRQ.2010.49 II. R ELATED W ORK Many research initiatives dealing with the personalization propose using user profile. Current state of art user profile has just focus on linking people with things and activities [1] and only basic aspects of user [5](such as demographics, abilities to the psychological and physiological human features like personality, emotional state, mental state and nutrition, etc.). They are not well suited for context-aware personalized services. Today, even more international standardization bodies and industry forums are working on issues related to user profiles and personalization. The Generic User Profile (GUP) 249 specification [3] is one of the 3GPP initiatives to provide personalized services delivery within the operators domain. The GUP aggregates user related information (such as user description, user services, user devices etc.) to provide personalized service delivery in a standardized manner. GUP defines a global schema of the user profile in XML. GUP is based on XML so it cannot provide any intended meaning to associated data and only constrain the structure of GUP profile. Similarly, ETSI has published a comprehensive user profile guide [4] and suggests that details of user and their personal requirements are included in a user profile in such a way that the system may use them to deliver the required behaviors and information in a profile. However, ETSI is focused on user profile structure and management only from telco perspective. Some research works use OWL to develop user profile. For instance SPICE project [6] proposes a Mobile Ontology, which comprises of one core ontology and various sub ontologies such as services, context, profile and presence sub ontologies. All these sub ontologies are linked to the core ontology. The profile ontology contains the user information particularly situation-dependent preferences and the structure. Likewise in [7], authors propose user profile ontology and present technique for creation and discovery of user profile. However, these works lack in terms of expressivity as these are heavily dependent on FOAF vocabulary. MAGNET Beyond [8] is a well known IST-FP6 project that addresses the personalized service delivery in the context of personal area network. It captures the user’s information and preferences in an ontology using OWL. The MAGNET Beyond user profile ontology is created by asking questions through generic template. The MAGNET Beyond user profile provides the concept of person, role and identity where person’s role together with their identities link various parts of user profile. MAGNET Beyond ontology is specifically targeted for personal area environment scenarios. Some of the prior works have considered expressing social network sites related preferences in user profile [9]. However, these preferences are only limited to how a person’s friend or category of friend can reach him in a specific situation and how Services (e.g., vibrate, ring, voice message) can inform or notify him from a mobile phone. Few research works [10][11] consider enhancement of user profile information from social network sites. However, none of aforementioned works address how to select the most operable preferences and confine the user profile to those preferences. The profile setup gets user social network sites membership information from user basic profile, allowing profile setup to retrieve more information about user’s preferences, groups and friends. In turns, this leads to implicit user feedback, where user information is collected without any intervention of user. B. User profiling The core function of user profiling component is to capture all the necessary information from profile setup, context watcher and to represent that information in ontology (i.e., UCUP). User profile also links to other user profile, which is distributed on several sites and devices. For instance, user profile may link user private profile containing sensitive information, and store in user’s mobile device. C. Context watcher Context watcher detects the user’s current physical location, time, current activity from multiple context sources. User profiling component captures this context information in form of ontology, which later can be utilized with the combination of user’s preferences or group of preferences for personalization. D. Match making The match making component behaves like a black box, which receives user preferences, context information from user profile and services offer from service providers. Based on these inputs a matching algorithm (i.e., rule based reasoning) will provide the best match, resulting in a personalized list of services. E. List of services The List of Services displays available matched services, which are filtered out from the match making component. This prevents user from extensive search and navigation operation on directly provided list of services from different service providers. Therefore, the match making component acts as a barrier and does not allow service providers to bypass it and obviates user from information overabundance. F. Usage monitoring The usage monitoring component continuously monitors the user’s selected list of services and establishes the service usage history. In this manner, usage monitor will update the user profile according to user’s service usage and actions. The main objective behind the monitoring component is to ensure the automatic learning of the user profile concerning the user’s preferences and service usage. III. U SER -C ENTRIC P ERSONALIZATION P ROCESS The overall personalization process including components is depicted in figure 1. The process supports various components involvement for creation and management of user profile, suggestion of personalized services, and log of user’s actions/interactions to ensure automatic learning process IV. P ROFILE AND P RIVACY E NHANCED (PA PE) M ECHANISM A. Profile setup Profile setup creates a basic user profile with explicit user feedback. The basic user profile contains demographic information including social network sites membership IDs of user. Having described personalization process, in this section we will outline the detail of profile and privacy enhancement mechanism. 250 Figure 1. User-centric personalization process A. Profile Enhancement that user information is only disclosed to authorize parties. By virtue of authorization polices, third parties can only access parts of federated user profile where user has already accorded access. Hence, it will facilitate more fine grained access control towards user profile information, which in turns will increase user privacy. Before delving into details of authorization polices here we will briefly introduce two options available to specify authorization polices. Our proposed user-centric user profile approach is capable enough to enhance the user profile through social networks. Facebook is one of the most popular social network sites between people of all ages and background. People describe their interest, build friendships and relationships and share contents. Facebook contains profile feature where user can provide all their relevant information. Currently, Facebook requires Basic Information, Personal Information, Contact Information, Education and Work Information. All these information can be utilized by different service providers in different domains. For instance, Personal information mostly contains the information about Favorite Music, Favorite TV Shows, Favorite Movie, Favorite Books and Favorite Quotations. In addition to that, Facebook also has provisioning to get information about user Activities and Interests. In our proposed personalization process, profile setup component will interact with Facebook by using Facebook APIs [12] in order to access personal and social information about user. Later, profile setup will map this information with our UCUP ontology to unify the data and enhance the user profile with newly captured information from the Facebook. We propose a generation base algorithm that restrict the user profile to the most operable preferences. The algorithm has three generations: (i)baby, (ii) young, and (iii) old. It also assigns a status value to each preference based on user specified time limit. The algorithm treats inactive preferences as garbage and collect them under old generation. We use reasoning capabilities to ascertain the generation of each user preferences defined in user profile. • • B. Privacy Enhancement Distributed nature of UCUP is enforced to provide a way for maintaining user defined authorization policies, ensuring Semantic Web Rule Language (SWRL) [13]: is a combination of RuleML and OWL-DL [14]. In SWRL, rules are expressed in terms of OWL concepts i.e., classes, properties, individuals and literals. Rules are written in the form of Horn clauses antecedent (body) and consequent (head) where implication combines both the antecedent and consequent together. SWRL expressivity can be expanded with built-ins that provide traditional operations for comparison, mathematical transformation and URI construction. SRWL also enhances the expressivity by taking OWL expression (i.e., restrictions) in the antecedent or consequent of a rule but at the cost of undecidability. However, the undecidability issue can be resolved with DL-Safe rules [15]. The DL-Safe rule binds only known instances in ontology to rule variables. This restriction is sufficient to make SWRL rules decidable. JENA: rules are based on XSB [16] logic programming system. Jena rules have their own syntax for describing rules in a forward chaining mode, backward chaining mode or a hybrid of both modes. The chaining mode can be specified by changing the arrow direction in the rule syntax. Similar to SWRL, Jena rules provide builtins operators to perform various calculation and string manipulations. Since SWRL is defacto standard for expressing rules in semantic web and it is independent of specifying chaining 251 mode of rules therefore in this paper we selected SWRL to describe authorization polices. The parts of the proposed UCUP are distributed over devices and network storages. The profile can be stored in parts in network storage and distributed over the devices controlled by the user himself. This distributed nature will ensure both user profile security and privacy. There is a synchronization mechanism between the devices and networks in order to maintain a consistent UCUP. The proposed distributed UCUP profile works in a federated environment because certain operations relevant to the UCUP and the exchange of information should follow an agreed-upon standard. The federated environment ensures the interoperability and unambiguity. However the details of the distributed UCUP and the federated environment are beyond the scope of this paper. refine our TrustType class definition and restrict its range to aforementioned three options. T rustT ype ≡ Direct ∪ Reputation ∪ History Further, we define different datatype properties to establish link between objects and data value. Similarly we use object properties to establish link between objects of different classes by assigning domain and range of each property. This domain and range assignment does not act as constrains but rather assists reasoned to infer the class of objects. Some of UCUP object properties are listed in table I. B. Realization of policies We employ SWRL for representing policies because SWRL is a platform independent rule language that understands the OWL-DL semantics. The definitions of the policies are as follows. Definition 1: If Sabina is in Shopping Mall only service providers can have access to public profile. V. U SER C ENTRIC U SER P ROFILE (UCUP) O NTOLOGY This section outlines the underlying formalism and implementation detail of the ontology proposed in this paper. A. Realization of UCUP Ontology P erson (?SABIN A) ∧ The proposed user-centric user profile is formal representation of various user related information. We use OWL-DL to develop the UCUP ontology. While designing UCUP we followed different ontology design patterns and in this paper we used description login syntax for formal definitions of different UCUP concepts. The UCUP comprises of both defined (i.e., contain at least one set of necessary and sufficient conditions) and primitive (i.e., contain only necessary conditions) classes. Figure 2 illustrates the core concepts of UCUP. The UCUP also contains the concept of Trust and TrustedParties that later will use for policy evaluation to accord access to different types of user profiles. In this regard, we define ThirdParties class as union of ServiceProviders and Friends class, and then subsume it to TrustedParties. The definition is as follows: P ublicP rof ile (?pubP rof ile) ∧ hasContectInf o (?pubP rof ile, ?context) ∧ hasLocation (?context, ?SHOP P IN GM ALL) ∧ ServiceP rovider (?sp) −→ canAccess (?sp, ?pubP rof ile) Definition 2: Sabina social network friend with trust level greater than 90% can access only social profile. P erson (?SABIN A) ∧ SocialP rof ile (?soP rof ile) ∧ hasSocialF riends (?soP rof ile, ?snf ) ∧ hasT rustV alue (?snf, ?tv) ∧ swrlb : greaterT hen (?tv, 0.9) T hirdP arties ≡ ServiceP roviders ∪ F riends −→ canAccess (?snf, ?soP rof ile) T rustedP arties ⊑ and T hirdP arties ∋ hasT rust.T rust Definition 3: Service provider with trust level greater than 90% can have access to ”credit card info” from private profile. We anticipate trust as multi-context and multi-type relative concept that depends upon different factors. The definition of trust is: T rust ⊑ and owl : T hing ∋ hasT rustT ype.T rustT ype and and and ∋ hasT rustV alue.T rustV alue ∋ inContext.T rustContext ∋ f orT ime.T imeSlot and ∋ hasDirection.T rustDirection P erson (?SABIN A) ∧ P rivateP rof ile (?priP rof ile) ∧ SensitiveInf o (?sInf o) ∧ hasInf o (?priP rof ile, ?sInf o) ∧ T rustedP arties (?tp) ∧ hasT rustV alue (?tp, ?tv) ∧ swrlb : greaterT hen (?tv, 0.9) −→ canAccess (?tp, ?priP rof ile) Note that, in this paper the focus is on formally represent the policies using SWRL and evaluate them using RBR. However, policy enforcement is beyond the scope of this paper and will appear in our future publication. The type of trust is based on how initially trust is established. There are three options (a) direct, (b) reputation, and (c) History. We use value partition design pattern to 252 Figure 2. UCUP Ontology Core Concepts Table I L IST OF PROPERTIES WITH THEIR DOMAIN AND RANGE Property hasTrust hasTrustDirection inContext hasTrustType canAccess hasInfo hasType Domain Trust Trust Trust Trust ServiceProviders, SocialNetworkFriends Profile Profile Range Person TrustDirection TrustContext TrustType Profile ProfileInfo ProfileType inconsumable preferences are either removed from user profile or do not consider them for personalization. Currently, user assigns time limit on status of the preferences. These time limits are static and need to be adjusted dynamically according to service consumption and service usage history. User-centric user profile is distributed in nature and we proposed to store different parts of user profiles on different devices and network. For instance, sensitive information can be stored in SIM card, other part of information can be stored in personal devices and some other parts can be stored in network. In case if part of user profile is compromised, the distributed nature of user profile prevents compromise of other parts of user profile. In addition, user can link various part of user profile to various applications/services or vice versa. While our explorations address many of the design challenges in realizing the benefits of Semantic Web technology in user profile modeling , but we did not discuss policy enforcement, synchronization of distributed hosted profiles and management framework for the user profile. VI. D ISCUSSION We described the personalization process and proposed mechanism for profile and privacy enhancement. Privacy about user related information is enhanced by applying authorization polices on various parts and types of user profile. We defined these authorization polices using SWRL thus, enabling reasoning on top of user profile. We have shown that how rule based reasoning can be applied to evaluate the authorization polices. Furthermore, we defined trust as unidirectional relationship including trust type. This will also assist user during policy definition stage. For instance, user can define policies that only directly known third parties can access user business information. Our proposed profile enhancement mechanism is accomplished by capturing user related information from social network sites. For instance, currently profile setup captures the user related information from Facebook through Facebook APIs. This mechanism does not require the intervention of user in order to collect information. Therefore, the user profile creation mechanism is semi-automatic. Likewise, other social network sites such as MySpace and twitter can also be used in the enhancement mechanism but then concept mapping mechanism will be required. However, this issue can be resolved by having a common vocabulary. We anticipated that user profile grows over time and user preferences changes due to any significant event or emotion occurrence. Therefore, user profile must be kept compact and VII. C ONCLUSION In this paper, we have described the significance of usercentric profile that aggregate information about user from heterogeneous sources. Social Network sites encourage people to publish and share contents among their friends but this information are not well utilized by service providers for personalization. We have proposed a semantic enhance user 253 profile that can leverage the personalization process. The process of creating and enhancing of user profile can be performed by retrieving information from various social network sites to make user-centric profile more dynamic and flexible. This enhancement can lead to information overabundence problem. However, our proposed refinement algorithm alleviates the information overabundence problem by restricting user profile to the most operable preferences. The distributed nature of user profile makes it accessible by third parties but in turn it will raise privacy concern of user about its information. Our policy based approach restrict access to various part of user profile and hence, mitigate the user privacy concerns. Our ongoing and future work includes development of user profile management system. The development of an algorithm to capture the trust among social network friends based on their relationship is also subject to future work. ACKNOWLEDGMENT This work is in parts supported by the ITEA WellCom Project and Norwegian Research Council. R EFERENCES [1] FOAF Project, http://www.foaf-project.org/ [accessed on March 29, 2010] [2] MAGNET Project, http://www.telecom.ece.ntua.gr/magnet/index.html [accessed on March 29, 2010] [3] 3GPP TS 29.240, ”3GPP Generic User Profile, Stage 3, Release 6”, http: //www.3gpp.org/ftp/Specs/html-info/29240.htm [accessed on March 29, 2010] [4] Human factors (HF); User profile management, ETSI Guide EG 202 325 v1.1.1, http://webapp.etsi.org/action/PU/20051018/eg 202325v010101p. pdf [accessed on March 29, 2010] [5] D. Heckmann, E. Schwarzkopf, J. Mori, D. Dengler, A. Kroner, ”The user model and context ontology GUMO revisited for future Web 2.0 Extensions”, Contexts and Ontologies: Representation and Reasoning, pp.37-46 [6] IST FP6 Spice project, http://www.ist-spice.org/ [accessed on March 29, 2010] [7] R. Gosh, M. Dekhil, ”Discovering User Profiles”, Proceedings of the 18th international conference on World wide web, 2009 [8] IST-027396 Magnet Beyond, ”The role of user profiles in PN services and context awareness” , http://magnet.aau.dk/, [accessed on March 29, 2010] [9] J. Stan, E. Egyed-Zsigmond, A. Joly, P. Maret, ”A user profile ontology for situation-aware social networking” , 3rd Workshop on Artificial Intelligence Techniques for Ambient Intelligence, 2008 [10] X. Ding, Y. Li, Y. Zhao, ”A framework of user model based on Semisupervised techniques”, Proceedings of the IEEE International Conference on e-Business Engineering, 2008 [11] R. Y. Shtykh, Q. Jin, ”Enhancing IR with User-Centric Integrated Approach of Interest Change Driven Layered Profiling and User Contributions”, Proceedings of the 21st International Conference on Advanced Information Networking and Applications Workshop, 2007 [12] Facebook API, http://developers.facebook.com/ [accessed on March 29, 2010] [13] Semantic Web Rule Language, http://www.w3.org/Submission/SWRL/ [accessed on March 29, 2010] [14] Ontology Web Language, http://www.w3.org/TR/owl-guide/ [accessed on March 29, 2010] [15] B. Motika, U. Sattlerb, R. Studera, ”Query Answering for OWL-DL with Rules”, in Web Semantics: Science, Services and Agents on the World Wide Web journal. Volume 3, Issue 1, July 2005, Pages 41-60 [16] XSB, http://xsb.sourceforge.net/ [accessed on March 29, 2010] [17] J. Golbeck and U. Kuter, ”The Ripple Effect: Change in Trust and its impact over a social network”, Computing with Social Trust, Springer 2008 254