Exploring Visualization Techniques to Enhance Privacy Control UX for User-Managed Access


Published on

Published in: Technology, News & Politics
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Exploring Visualization Techniques to Enhance Privacy Control UX for User-Managed Access

  1. 1. Exploring Visualization Techniques to Enhance Privacy Control UX for User- Managed Access Newcastle University Domenico Catalano, Maciej Wolniak and the Smart Team21st July, 2011 1 V.3
  2. 2. Agenda• Data sharing and online privacy• SmartAM Information Ecology• Enhance privacy control ‣ UMA Connection ‣ UMA Control bridge• Future works• User Experience 2
  3. 3. Data sharing Online Privacy is about sharing Reputational Historical VocationalBiographical GenealogicalTransactional Computational Biological Locational Relational 3
  4. 4. The ParadigmUser Data sharing and online Privacy 4
  5. 5. SmartAM Information Ecology Context Content User 5
  6. 6. SmartAM Information Ecology Context• UMA/SmartAM Context Content User ‣ Provide an advance system to allow internet user to protect and share online information ‣ Prevent of lost of user privacy ‣ Adhere to the international privacy regulations ‣ Secure online information (access control) 6
  7. 7. SmartAM Information Ecology Context• UMA/SmartAM Content Content User ‣ Authorizing User information ‣ Authorizing User’s Web resource info ‣ Authorization Policies ‣ Requesting Parties Information ‣ Analytics information (who, when, what) 7
  8. 8. SmartAM Information Ecology Context• UMA/SmartAM User Content User ‣ Internet User/Social networking user ‣ Company ‣ Developer ‣ Government ‣ Curios!! 8
  9. 9. SmartAM UX 9
  10. 10. SmartAM states system smartam UX Study Subject Possible actions and states of the system Authorizing User interaction B1 Initial state Requester Host Site AM Homepage APP B2 Host B5 B4 Privacy Conceptual model Not Learn registered B3 Dev More User Resource A1 A3 B9 B7 B6 B8 Protect & Initial state Wiki Share A2 Consent C2 Privileged C1 User App Actions Client App for Initial state Login MySelf Policy Definition B10 A4 User B11 View Welcome Resource PagePossible Visible A10 Consent A5Actions Things Default A9 User intentions Policy vs Required A6 A8 Manage User Control Resource Setting Resource Actions Contacts Settings Bridge Registered Policy Shared State of System A7 Connection 10
  11. 11. Understand the nature of data sharing policy in distributed environment• UMA model centralizes the authorization policies for all the Authorizing Users distributed web resource (protected resource).• The externalization of the policies introduces a new level of complexity because the user must (mentally) map the authorization structure for each resource, in more sophisticate one.• This new layer must be able to abstracting the existent, although it must be able to enhance the control on the information that will be shared.• Increasing of Protected resources and requesting parties could be mentally difficult for the user to maintain control in practice on the information. 11
  12. 12. Risks• Lost of Privacy• Exploit of online personal Information• Security breach 12
  13. 13. Enhance Privacy Control through visualization• As result a context authorization policy and a governor system is definitely desirable.• We introduce two new design concepts: ‣ UMA Connection ‣ UMA Control bridge TM• A visualization tool is necessary to facilitate the creation of the sharing policy and the control of the privacy. 13
  14. 14. UMA Connection• An UMA Connection defines a context of the data sharing policy. ‣ It’s a set of objects, including Contacts, authorized Apps and allowed actions on a specific resource. ‣ It can include access restrictions (i.e. period validity) and/or Trusted Claims request to restrict access based on subject’s information.• An UMA Connection is fundamental to enhance user control for what purpose the information will be revealed.• UMA Connection uses a visualization approach which helps user to define an appropriate context.• An Authorizing User can create a Connection for him-self or for others.• A Connection doesn’t incapsulate other connections. 14
  15. 15. Structure of UMA Connection 15
  16. 16. Visualizing UMA Connection Resource Social Apps Class Connection Others Prof University ContactsUMA Connection 16
  17. 17. UMA Control bridge • UMA Control bridge ‣ Is designed to adhere to the user-centric identity paradigm. ‣ Provides a primary user interface for control Resources, Connections, Apps and requesters. ‣ Provides a dashboard with main statistic information about connection, shared data, etc. ‣ Incorporates a single view of these main controls, including a notification bar for new access request. ‣ Provides 3-steps actions to get access to specific view, excluding optional view.UMA Control bridge TM 17
  18. 18. Maintain control on Information that will be revealed Prof Class University Business Friend Personal Data Collab Professional MySelf ProjectA Self-Registration MySelf 18
  19. 19. Future works• Graph Algorithm• Super Connection (Basket of Resources)• Visualization techniques (HTML5) 19
  20. 20. User eXperience 20
  21. 21. Thanks 21