Privon'2014 - How To Publish Privately

GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb [email protected]

How to Publish Privately October 20, 2014 @ Riva Del Garda, Italy Presented at Privacy Online Workshop (PrivOn’2014) Collocated with the 13th International Semantic Web Conference (ISWC’2014)

Outline

October 20, 2014 @ Riva Del Garda, Italy 1

•  Background and Overview •  Objectives •  Proposal •  Test bed •  Related Work •  Conclusions •  Future Work

Outline


•  Background and Overview •  Objectives •  Proposal •  Test bed •  Related Work •  Conclusions •  Future Work

Background & Overview (i) •  Web domains •  Social Networks •  User Identities •  Accountability •  Architecture Overview


upload

FOAF Profile: http://foafserver.com/profiles/johndoe.rdf#me

Background & Overview (ii)


WebID Authentication and Authorisation

like

watch

write/read

download

Access to Resource

Decision

Web Server

Administration

rules

Information

resourcesGet

AccessPolicies

AccessPolicies

Application Server

Get Resources (WebId)Get User’s Social Network (WebId)

Get extra Data

Manage Access Control Policies

Enforcement

Ask for Access

Get Resource’s Author Data

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Background & Overview (iii)


Access to Resource

Decision

Web Server

Administration

rules

Information

resourcesGet

AccessPolicies

AccessPolicies

Application Server


Get extra Data


Enforcement

Ask for Access


Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png



Access to Resource

Decision

Web Server

Administration

rules

Information

resourcesGet

AccessPolicies

AccessPolicies

Application Server


Get extra Data


Enforcement

Ask for Access


Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

October 20, 2014 @ Riva Del Garda, Italy


5

October 20, 2014 @ Riva Del Garda, Italy


5

Access to Resource

Decision

Web Server

Administration

rules

Information

resourcesGet

AccessPolicies

AccessPolicies

Application Server


Get extra Data


Enforcement

Ask for Access


Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Outline •  Background and Overview •  Objectives •  Proposal •  Test bed •  Related Work •  Conclusions •  Future Work


Objectives (i) •  Store a resource in a single place •  Share a resource for multiple web domains •  Definition of access policies in a single place •  A single access policy management system


not only for public resources

•  Corollary –  User unique identity –  A hyperlinked Web again…

Objectives (ii) •  Based on

–  FOAF Profiles –  WebID Authentication + Authorization –  Provenance Ontologies –  Semantic Rules

•  Triggers –  User’s uploading of resources –  User’s sharing of resources – ….


Access to Resource

Decision

Web Server

Administration

rules

Information

resourcesGet

AccessPolicies

AccessPolicies

Application Server


Get extra Data


Enforcement

Ask for Access


Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Proposal


Web ServerPEP

AuthenticationModule

Upload Sensor

AuthorisationModule

Distributed Resource Broker

WebApplication 2

Web Application 1

WebApplication n <uses>

<uses>

<uses>



Applicational Web Server

PEP

Web Application

PIP

Photo Hosting Server

Photo Web Application

ownerOf

photo.png

PEP

photo.png

3. UploadServer URI

4. ResourceUpload

2. Retrieve ResourceUpload Domain

5. ResourceURI


FOAF Profiles

1. Resource Upload

Resource

6. Link to Resource URI User

Upload Workflow


raw provenance info

Web Server 1

Policy Enforcement Point

User_B User_CUser_A

....

Preferred UploadServer

UploadServer

Web Server 1

Web Server 2

Web Server 3

....

FOAF + SSL

uploadsResource_A

isFriendOfisFriendOf

Resource Repository

Authentication & Authorisation Module

Resource_A

has read access to Resource A

Preferred Upload Server

Resource_A

User_A

uploadsResource_B

uploadsResource_A1

Web Server n


action

friendship level

Publishing WebServer

Policy Information Point

ProvenanceGenerator

structured provenance info

message exchange

graphed information

Publisher

Web Application 1

PublishingServer

Legend

Publishing Agent

MetadataGenarator

isOwnerOf


•  Identity Provider •  Resource Hosting •  Social Relationships •  Access Policy

Management

Test bed (i)

October 20, 2014 @ Riva Del Garda, Italy 15 October 20, 2014 @ Riva Del Garda, Italy

User C User B User A

Wordpress Instance A

wordpress.foafserver.*

Management System foafserver.*

Wordpress Instance B test.foafserver.*

isFriendOf isFriendOf

•  WebID Authentication+Authorisation

•  Distributed Resource Broker

•  WebID Authentication

•  Authorisation

•  WebID Authentication

•  Authorisation •  Distributed

Resource Broker

Test bed (ii) •  http://foafserver.dei.isep.ipp.pt •  http://wordpress.foafserver.dei.isep.ipp.pt/ •  http://test.foafserver.dei.isep.ipp.pt/


Related Work •  Priv.ly

–  Client side approach •  Client Browser

dependent

–  Slow adoption •  Depends solely on

users

–  Focus only on text data

•  Presented Approach –  Server side approach

•  Apache web server dependent

–  Quick adoption •  Depends on web

domain owners

–  Focus on indivisible resources


•  Publish resources privately –  Cross-domain perspective –  Manage access policies independently of each web

domain •  Resources can be located anywhere •  Different renderings of the same web page,

according to each user access permissions •  Keeps every resource trustworthy


Conclusions

Future Work •  Address parts of resources •  Public-key encryption per resource, per

identity •  Blacklisting resources or certain user

resources


GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb [email protected]

?

Privon'2014 - How To Publish Privately

Documents

Transcript of Privon'2014 - How To Publish Privately