Recently, the notion of the Semantic Web has been introduced to define a machine-interpretable web targeted for automation, integration and reuse of data across different applications. Under the Semantic Web, web pages are annotated by concepts that are formally defined in ontologies along with the relationships among them. As information pertaining to different concepts has varying access control requirements, in this paper, we propose an access control model for the semantic web that is capable of specifying authorizations over concepts defined in ontologies and enforcing them upon data instances annotated by the concepts. It is important to note that semantic relationships among concepts play a key role in making access control decisions. This is because, based on the relationship, one may infer information contained in one concept node from that of the other. Therefore, we first identify the important domain-independent relationships among concepts, categorize them and propose propagation policies based on these categories of relationships. In particular, we allow propagation of authorizations based on the semantic relationships among concepts to prevent illegal inferences. We then show how concept-level security polices can be represented in an OWL-based access control language. Finally, we demonstrate how users' requests can be handled under our access control model. Our concept-level model is especially suitable for the specification and administration of access control over semantically related web data under the Semantic Web even if they conform to different DTDs or use different tag names.