Role Management In Privacy-enhanced collaborative environment

  • 1,289 views
Uploaded on

Presentation at the IADIS international conference e-Society 2010, 18.03.2010, Porto …

Presentation at the IADIS international conference e-Society 2010, 18.03.2010, Porto

Find the full paper here: http://www.iadisportal.org/digital-library/role-management-in-a-privacy-enhanced-collaborative-environment

More in: Education
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,289
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
2

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Role Management in a Privacy-Enhanced Collaborative Environment
    Anja Lorenz
    Chair of Business Information Systems
    University of Technology Chemnitz, Germany
    KatrinBorcea-Pfitzmann
    Chair of Privacy and Data Security
    University of Technology Dresden,
    Germany
  • 2. Agenda
    Role Management in a
    Privacy-Enhanced
    Collaborative Environment
    18.03.2010
    2 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 3. Collaborative environments
    Relationshipmanagement
    Content sharing
    Collaborativeworking
    Collaborative Environment
    Privacy-Enhanced
    Rolemanagement
    18.03.2010
    3 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 4. Motivation forprivacy-enhancement
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
    4 | 33
    18.03.2010
    Collaborative Environment
    Manyspreaded personal data on web profilesfor different reasons…
    Privacy-Enhanced
    Rolemanagement
  • 5. Web profilesof Katrin
    Collaborative Environment
    • forresearch
    • 6. for professional networking
    • 7. for private networking
    Privacy-Enhanced
    Rolemanagement
    18.03.2010
    5 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 8. Web profilesof Anja
    Collaborative Environment
    • forresearch
    • 9. for professional networking
    (@anjalorenz)
    • for private networking
    Privacy-Enhanced
    Rolemanagement
    18.03.2010
    6 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 10. Collaborative Environment
    Privacy-Enhanced
    Motivation forprivacy-enhancement
    Things thatmay happen…
    Rolemanagement
    18.03.2010
    7 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 11. Collaborative Environment
    Privacy-Enhanced
    Rolemanagement
    Via http://thenextweb.com/2009/08/09/note-friend-boss-fb-bitch-job/
    Motivation forprivacy-enhancement
    18.03.2010
    8 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 12. Collaborative Environment
    Privacy-Enhanced
    Rolemanagement
    http://pleaserobme.com/
    Motivation forprivacy-enhancement
    18.03.2010
    9 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 13. Collaborative Environment
    Privacy-Enhanced
    Becarefulwithspreading personal data in the web!
    Rolemanagement
    Motivation forprivacy-enhancement
    18.03.2010
    10 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 14. Privacy-Enhancement
    Protection in collaborativeenvironments
    The surrounding of each person is uniformly untrusted!
    (Chaum 1995)
    Privacy-Enhanced Collaborative Environment
    Rolemanagement
    18.03.2010
    11 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 15. State-of-the-art
    Technical approaches for privacy-enhancement
    Pseudonymisation
    Encryption
    Anonymisation
    Privacy-Enhanced Collaborative Environment
    Well-provedforsender-recipientrelationships (e-Shops etc.)
    But do not supportrequirementsforprivacyrespectingcollaborativeworking
    Rolemanagement
    18.03.2010
    12 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 16. Collaborative environments
    Conditionsforprivacyprotection
    No predefined protocols
    Ad-hoc decisions
    Spontaneous activities
    And interaction is a strongly wanted feature
    Privacy-Enhanced Collaborative Environment
    Rolemanagement
    18.03.2010
    13 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 17. Ourapproach:
    Privacy enhancedidentitymanagement
    Focus:
    User Control
  • 18. Privacy enhanced ID-management
    Main concept: Partial identities
    Privacy-Enhanced Collaborative Environment
    Not:showingwholeprofilesofoneperson
    But:disclosingselectedattributesofoneperson partial identity
    Rolemanagement
    18.03.2010
    15 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 19. Privacy enhanced ID-management
    Main concept: Partial identities
    A partial identity (pID)… „represents the person in a specific context or role.“
    a subset of attributes
    union of all pIDs = complete identity
    credentials for proof-demanding attributes
    (Pfitzmann & Hansen 2008, Chaum 1985)
    Privacy-Enhanced Collaborative Environment
    Rolemanagement
    18.03.2010
    16 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 20. The Userdecideswhich personal dataisdisclosedandtowhom in whatcontext!
  • 21. Research Background
    BluES, PRIME, BluES’n, Prime Life
    Privacy-Enhanced Collaborative Environment
    Rolemanagement
    https://www.prime-project.eu
    http://www.primelife.eu/
    18.03.2010
    18 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 22. Research Background
    BluES’n
    A privacy-enhancedcollaborativeenvironmentforlearning
    Privacy-Enhanced Collaborative Environment
    Identity managment  partial identities for user representation in certain contexts
    Authentication & authorisation based on anonymous credentials and policies (cf. David Chaum 1985)
    Rolemanagement
    18.03.2010
    19 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 23. Research Background
    BluES’n
    A privacy-enhancedcollaborativeenvironmentforlearning
    Privacy-Enhanced Collaborative Environment
    Socialinteraction vs. privacyrequirements
    Intra-applicationpartitioning(Borcea et al. 2005)
    Awarenessinformation(cf. e.g. Franz et al. 2006)
    Reputation (Steinbrecher 2006)
    Roles
    Rolemanagement
    18.03.2010
    20 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 24. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Understanding ofRoles
    Different interpretations
    Position (Linton 1936, Luhmann 1984)
    Behaviour(Gerhardt 1971)
    Relations (Mead 1967, Goffman 1974, Carell+ 2002)
    Groups (Znaniecki 1965)
    18.03.2010
    21 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 25. Understanding ofRoles
    Different usage
    Overall aim: reducing management complexity
    • Apply actions to a group of users
    • 26. Generate and support certain work settings
    • 27. Ease access control
    Rolemanagement in a Privacy-Enhanced Collaborative Environment
    18.03.2010
    22 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 28. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    RoleConceptforBluES‘n
    Ourinterpretation
    Roles = stereotypes of users
    Equal rights and duties
    Expectations of behavior
    Help interaction partners to range in a user’s position within a group
    (Lorenz 2009, Borcea-Pfitzmann 2008)
    18.03.2010
    23 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 29. RoleConceptforBluES‘n
    Ourusage: 3 roledimensions
    Administrative Roles
    Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Owner
    Participant
    Guest
    18.03.2010
    24 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 30. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    RoleConceptforBluES‘n
    Ourusage: 3 roledimensions
    Administrative Roles
    FunctionalRoles
    Teacher
    Learner
    18.03.2010
    25 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 31. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    RoleConceptforBluES‘n
    Ourusage: 3 roledimensions
    Administrative Roles
    FunctionalRoles
    Group dynamicRoles
    Creative
    Problem Solver
    Motivator
    18.03.2010
    26 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 32. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Role Management for PECEs
    Benefitsregardingprivacyissues
    Not:discloseattributesofthepID
    But:discloseattributesoftherole
    18.03.2010
    27 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 33. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Role Management for PECEs
    Benefitsregardingprivacyissues
    Not:centrallymanagedlistofroleholders
    But:decentralisationbyanonymouscredentialsforroles
    18.03.2010
    28 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 34. Role Management for PECEs
    Benefitsregardingprivacyissues
    Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Not:oneroleforeachpID
    But: n:m relationshipofrolesandpIDs
    18.03.2010
    29 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 35. Role Management for PECEs
    Remainingcoreproblem
    Rolesareinformationaboutusers
    Scenario: Onlyfewuserscan hold teacherrole
    Question:WhatistherightcontexttoswitchtoanotherpID?
    Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Teacher 1
    Teacher 2
    18.03.2010
    30 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 36. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Role Management for PECEs
    Approaches forautomaticchoiceofpID
    In BluES: Decisionsuggestionmodule(DSM)
    helpstoselecttheappropriatepIDaccordingtopreferencesforthecorrespondingcontext
    Question:Whatare relevant contextsforswitchingpIDs?
    Transactions?
    Roles?
    Interaction Partners?
    Nodefaultway
     Onlyadvicesbyuser‘spreferences
    18.03.2010
    31 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 37. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Role Management for PECEs
    Conclusions
    PECEs providemeanstoprotectusers‘ privacy, e.g. by partial identitymanagement
    Mission: keeppIDsunlinkable
    Flexible, decoupledrolemanagementallowstodistributerolesontoseveralpIDs
    Riskof linkability canbereduced but not removed
    18.03.2010
    32 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 38. Thankyou!
    Questions?
    18.03.2010
    33 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 39. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    References
    1|2
    Borcea, K. et al., 2005b. Intra-Application Partitioning of Personal Data. In A. Kobsa & L. CranorProceedings of the Workshop on Privacy-Enhanced Personalization (PEP’05). Edinburgh, UK, pp. 67-72. Available at: http://www.isr.uci.edu/pep05/papers/borcea-pep.pdf.
    Borcea-Pfitzmann, K., 2008. Framework für die Entwicklungeineruniversellenkollaborativen eLearning-Plattform, PhD thesis, TechnischeUniversität, Dresden. Available at: http://hsss.slub-dresden.de/deds-access/hsss.urlmapping.MappingServlet?id=1237287991632-2707 .
    Carell, A. et al., 2002. ComputergestützteskollaborativesLernen: Die Bedeutung von Partizipation, Wissensintegration und Einfluss von Rollen. Journal Hochschuldidaktik, 13, 26-35. Available at: http://www.sociotech-lit.de/CaJR02-CkL.pdf.
    Chaum, D., 1985. Security without identification: transaction systems to make big brother obsolete. Communications of the ACM, 28(10), 1030-1044. Available at: http://portal.acm.org/citation.cfm?doid=4372.4373.
    Franz, E et al., 2006. Privacy-aware user interfaces within collaborative environments. In K. MihalicProceedings of the international workshop in conjunciton with AVI 2006 on Context in advanced interfaces - AVI ‘06. New York, USA: ACM Press, pp. 45-48. Available at: http://portal.acm.org/citation.cfm?doid=1145706.1145715.
    Gerhardt, U., 1971. RollenanalysealskritischeSoziologie: EinkonzeptuellerRahmenzurempirischen und methodologischenBegründungeinerTheoriederVergesellschaftung H. Maus & F. Fürstenberg, Neuwied, Berlin: Luchterhand.
    18.03.2010
    34 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 40. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    References
    2|2
    Goffman, E., 1974. Rollenkonzepte und Rollendistanz. In C. MühlfeldSozilogischeTheorie. Hamburg: Hoffmann und CampeVerlag.
    Linton, R., 1936. The study of man: an introduction, New York, USA: Appleton Century Crofts, Inc.
    Lorenz, A., 2009. Rollenmanagement trifft Privatsphäre: Problempunkte und Konsequenzen: Analyse und Realisierung des Rollenmanagements in der kollaborativen Lernumgebung BluES’n, Saarbrücken: VDM Verlag.
    Luhmann, N., 1984. SozialeSysteme. GrundrißeinerallgemeinenTheorie, Frankfurt: SuhrkampVerlag. Available at: http://www.worldcat.org/isbn/351857700X.
    Mead, G.H., 1967. Mind, Self and Society 3 ed., Chicago: University of Chicago Press.
    Pfitzmann, A. & Hansen, M., 2008. Anonymity, Unlinkability, Undetectability, Unobservability, Pseudonymity, and Identity Management - A Consolidated Proposal for Terminology, Dresden, Germany: Institute of Systems Architecture. Available at: http://dud.inf.tu-dresden.de/Anon_Terminology.shtml.
    Staples, W.G., 2007. Encyclopedia of Privacy: A-M, Westport (Connecticut); London: Greenwood Publishing Group. Available at: http://books.google.de/books?id=sFv1ZltBhR0C.
    Steinbrecher, S., 2006. Design Options for Privacy-Respecting Reputation Systems within Centralised Internet Communities. In S. Fischer-Hübner et al. Security and Privacy in Dynamic Environments: Proceedings of the IFIP TC-1 1 2 1st International Information Security Conference (SEC 2006). IFIP International Federation for Information Processing. Boston: Springer, pp. 123-134. Available at: http://www.springerlink.com/index/10.1007/0-387-33406-8.
    Znaniecki, F., 1965. Social relations and social roles: the unfinished systematic sociology, San Francisco, CA: Chandler Pub. Co.
    18.03.2010
    35 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto
  • 41. Rolemanagement in a Privacy-Enhanced Collaborative Environment
    Images
    Joystick: http://www.flickr.com/photos/beggs/103038447/
    Dishes: http://www.flickr.com/photos/starwarsblog/514453347/
    Classroam: http://www.flickr.com/photos/wolfra/2873071778
    18.03.2010
    36 | 33
    Anja Lorenz: "Roles in PECEs" at IADIS e-Society 2010, Porto