Martin Knechtel

SAP Research | SAP

With the rise of well-equipped mobile devices in the last years, there is an increasing interest in location based services (LBS). Current LBS mostly cover outdoor scenarios. Indoor LBS just begin to emerge due to technical boundaries. Especially generic indoor navigation assistants for smartphones are still missing or require an extensive infrastr...

The Internet of Things (IoT) concept attracts considerable interest from the academia and industry. This paper provides a set of proof-of-concept prototype descriptions, based on such IoT exploitation, which aim at gathering real-time data along the manufacturing processes that enables a responsive production management and maintenance, including e...

In one embodiment the present invention includes a computer-implemented method for generating constraints for use in an access control system. In one embodiment, roles, document types, and permissions are stored in a 3-D model, such as a matrix or table. The 3-D model is converted to 2-D models, where users are inserted for roles and documents are...

This chapter deals with technical aspects of how USDL service descriptions can be read from and written to different representations for use by humans and tools. A combination of techniques for representing and exchanging USDL have been drawn from Model-Driven Engineering and Semantic Web technologies. The USDL language's structural definition is s...

Recent research has shown that annotations are useful for representing access restrictions to the axioms of an ontology and their implicit consequences. Previous work focused on computing a consequence’s access restriction efficiently from the restrictions of its implying axioms. However, a security administrator might not be satisfied since the in...

The framework developed in this paper can deal with scenarios where selected sub-ontologies of a large ontology are offered as views to users, based on contexts like the access rights of a user, the trust level required by the application, or the level of detail requested by the user. Instead of materializing a large number of different sub-ontolog...

Durch die zahlreichen Möglichkeiten des Webs 2.0 werden täglich Unmengen von Informationen in Unternehmen auf Basis interner und externer Quellen generiert. Dies erschwert die Suche nach der richtigen Information erheblich, man ist nicht mehr imstande das Richtige zu finden oder Relevantes von Irrelevantem zu unterscheiden. Mit den Anstrengungen de...

Role-based access control is a standard mechanism in information systems. Based on the role a user has, certain information is kept from the user even if requested. For ontologies representing knowledge, deciding what can be told to a user without revealing secrets is more difficult as the user might be able to infer secret knowledge using logical...

Recent research has shown that annotations are useful for representing access restrictions to the axioms of an ontology and their implicit consequences. Previous work focused on assigning a label, representing its access level, to each consequence from a given ontology. However, a security administrator might not be satisfied with the access level...

The framework developed in this paper can deal with scenarios where selected sub-ontologies of a large ontology are offered as views to users, based on criteria like the user’s access right, the trust level required by the application, or the level of detail requested by the user. Instead of materializing a large number of different sub-ontologies,...

This section gives a description of the overall research problem tackled in the context of the Ph.D. thesis and its relevance to the Internet of Services area. To employ ontologies in commercial applications, there are some requirements to be met. The use case here is semantic management of resources. An ontology can define vocabulary to describe c...

Role Based Access Control (RBAC) is a methodology for providing users in an IT system specific permissions like write or read to users. It abstracts from specific users and binds permissions to user roles. Similarly, one can abstract from specific documents and bind permission to document types. In this paper, we apply Description Logics (DLs) to f...

In order to access large information pools efficiently data has to be structured and categorized. Recently, applying ontolo- gies to formalize information has become an established ap- proach. In particular, ontology-based search and navigation are promising solutions which are capable to significantly improve state of the art systems (e.g. full-te...

The diversity of today's mobile technology also entails multiple interaction channels offered per device. This chapter surveys the basics of multimodal interactions in a mobility context and introduces a number of concepts for platform support. Synchronization approaches for input fusion and output fission, as well as a concept for device federatio...

Access control is crucial also for the Semantic Web. Technologies and Standards from the Semantic Web Community itself provide powerful means to model access control definitions and automatically reason about them. We extend Hierarchical Role Based Access Control by a class hierarchy of the accessed objects and give it the name RBAC-CH. We present...

Role Based Access Control (RBAC) [1] is a standardized model to indirectly assign permissions to users by user roles. We follow the proposal of Chae and Shiri [2] to additionally introduce a hierarchy of object classes in addition to the hierarchy of user roles along which permissions are inherited. This makes sense, since e.g. in file systems the

In the last decade Model-Driven Software Development (MDSD) has become an established software engineering discipline. The new approach dramatically changed the entire software development lifecycle. However, the documentation process was not adapted and stuck with the old paradigms. In this paper, we propose a model-driven documentation system whi...

Consider an ontology T where every axiom is labeled with an el- ement of a lattice (L,�). Then every elementof L determines a sub-ontology T`, which consists of the axioms of T whose labels are greater or equal to `. These labels may be interpreted as required ac- cess rights, in which case Tis the sub-ontology that a user with access rightis allow...