Effective knowledge management of highly sensitive information requires a meticulous design of access-control policies. These determine which organizational actors have access to what knowledge and under which circumstances. An effective design of such access-control policies requires not only a command of an apt representation formalism, but an in-depth understanding of the dynamic privacy needs of the organization. Acquiring these competencies is the central goal of any education or knowledge management process. We present a controlled experiment designed to examine the differences in novices’ competencies in using two ontology formalisms – Frames and OWL – while constructing access-control ontology-based policies. The two differ in the level of structuration, and the abstract thinking they require. The findings offer partial support for Bloom’s predictions. The results show that students performed relatively well in both formalisms with respect to the tasks of comprehending and implementing access-control policies. However, when it came to synthesizing new access-control policies, the students found the Frames formalism significantly simpler than the OWL where they failed miserably.
FranceF.H.R., Security of health care records in Belgium: Application in a University Hospital, International Journal of Medical Informatics73(3) (2004), 235–238.
2.
BlobelB., Authorisation and access control for electronic health record systems, International Journal of Medical Informatics73(3) (2004), 251–257.
3.
MinskyM., A framework for representing knowledge. In the Psychology of Computer Vision, New York: McGraw Hill. 1975;211–277.
4.
Web Ontology Language (OWL), http://www.w3.org/TR/2004/REC-owl-features-20040210/, last accessed on 31/7/2016.
5.
WandY., Ontology as a foundation for meta-modelling and method engineering, Journal of Information and Software Technology38 (1996), 281–287.
6.
BeimelD. and Peleg.M., Using OWL and SWRL to represent and reason with situation-based access control policies, Data and Knowledge Engineering Journal70 (2011), 596–615.
7.
SmirnovA., ShilovN. and KashevnikA., Developing a knowledge management platform for automotive build-to-order production network, Human Systems Management27(1) (2008), 15–30.
8.
HorridgeM., DrummondN., GoodwinJ., RectorA.L., StevensR. and WangH., The Manchester OWL syntax, In OWLed216 (2006).
9.
ThompsonE.L., Luxton-ReillyA.J., WhalleyJ., HuM. and RobbinsP., Bloom’s taxonomy for CS assessment, Tenth Australasian Computing Education Conference (ACE2008)78(8) (2008).
10.
HarrisonM.I., KoppelR. and Bar-LevS., Unintended consequences of information technologies in health care—an interactive sociotechnical analysis, Journal of the American Medical Informatics Association14(5) (2007), 542–549.
11.
FislerK., KrishnamurthiS., MeyerovichL.A. and TschantzM.C., Verification and change-impact analysis of access-control policies. In Proceedings of the 27th international conference on Software engineering. ACM. (2005), 196–205.
12.
GruberT., Toward principles for the design of ontologies used for knowledge sharing, Intl Journal of Human-Computer Studies43 (1995), 907–928.
13.
NoyN. and McGuinnessD., Ontology Development 101: A Guide to Creating Your First Ontology. Stanford Medical Informatics Technical Report (SMI-2001-0880). 2001.
14.
PelegM., BeimelD., DoriD. and DenekampY., Situation-based access control: Privacy management via modeling of patient data access scenarios, Journal of Biomedical Information4 (2008), 1028–1040.
15.
Web, Semantic. ‘Creating semantic web contents with protege-2000. 2001.
16.
SirinE., ParsiaB., GrauB.C., KalyanpurA. and KatzY., Pellet: A practical owl-dl reasoner, Web Semantics: Science, Services and Agents on the World Wide Web5 (2007), 51–53.
17.
ErikssonH., JessTab: Using Jess together with Protégé. http://protege.stanford.edu/conference/2003/Henrik_Eriksson_JessTabProtegeWS.pdf. 2015; last accessed on 31/7/2016.
18.
BaaderF., CalvaneseD., McGuinnessD., NardiD. and Patel-SchneiderP., The Description Logic Handbook, UK: Cambridge University Press. 2003; http://dl.kr.org/, last accessed on 31/7/2016.
19.
http://www.w3.org/TR/owl-semantics/syntax.html.
20.
SWRL: A Semantic Web Rule Language Combining OWL and RuleML. http://www.w3.org/Submission/SWRL/, last accessed on 31/7/2016.
21.
ShneidermanB. and RichardM., Syntactic/semantic interactions in programmer behavior: A model and experimental results, International Journal of Computer and Information Sciences8(3) (1979), 219–238.
22.
DaprettoM. and BookheimerS.Y., Form and content: Dissociating syntax and semantics in sentence comprehension, Neuron24(2) (1999), 427–432.
23.
RectorA., DrummondN., HorridgeM., RogersJ., KnublauchH., StevensR., WangH., et al., OWL Pizzas: Practical Experience of Teaching OWL-DL: Common Errors and Common Patterns. Proc European Conf on Knowledge Acquisition, Northampton, England: Springer-Verlag. 2004.
24.
RectorA. and StevensR., Barriers to the use of OWL in Knowledge Driven Applications. OWLED, 2008.
25.
Bloom.B.S., EnglehartM.D., FurstE.J. and HillW.H., Taxonomy of educational objectives, handbook I: Cognitive domain. New York: David McKay. 1956.
26.
AthanassiouN. and JeanneM., Critical thinking in the management classroom: Bloom’s taxonomy as a learning tool, Journal of Management Education27(5) (2003), 533–555.
27.
KrathwohlD.R., A revision of Bloom’s taxonomy: An overview, Theory into Practice41(4) (2002), 212–218.
28.
ReynaresE., CaliuscoM. and GalliM., Approaching the feasibility of SBVR as modeling language for ontology development: An exploratory Experiment, Journal of Expert Systems with Applications41 (2014), 1576–1583.
29.
SchwitterR., KaljurandK., CreganA., DolbearC. and HartG., A comparison of three controlled natural languages for OWL 1.1. 4th OWL Experiences and Directions Workshop (OWLED 2008 DC). (2008) 1–2.
30.
WangH., NoyN., RectorA., MusenA., RedmondT., RubinD., TuS., et al., Frames and OWL Side by Side, 9th Intl Protégé Conf (2006).
31.
GarcíaM.Ú. and VañóF.L., Organizational learning in a global market, Human Systems Management21(3) (2002), 169–181.
32.
MottaG.H. and FuruieS.S., A contextual role-based access control authorization model for electronic patient record, IEEE Transactions on Information Technology in Biomedicine7(3) (2003), 202–207.
33.
BeimelD. and PelegM., The context and the SitBAC models for privacy preservation - an experimental comparison of model comprehension and synthesis, IEEE Transactions on Knowledge and Data Engineering22 (2010), 1475–1488.
