An architecture for privacy-enabled user profile portability on the Web of Data

  • 2,230 views
Uploaded on

Presentation at the Heterogeneous Recommendation Workshop at the ACM Recommender Systems Conference 2010. …

Presentation at the Heterogeneous Recommendation Workshop at the ACM Recommender Systems Conference 2010.

Providing relevant recommendations requires access to user profile data. Current social networking ecosystems allow third party services to request user authorisation for accessing profile data, thus enabling cross-domain recommendation. However these ecosystems create user lock-in and social networking data silos, as the profile data is neither portable nor interoperable. We argue that innovations in reconciling heterogeneous data sources must be also be matched by innovations in architecture design and recommender methodology. We present and qualitatively evaluate an architecture for privacy-enabled user profile portability, which is based on technologies from the emerging Web of Data (FOAF, WebIDs and the Web Access Control vocabulary). The proposed architecture enables the creation of a universal “private by default” ecosystem with interoperability of user profile data. The privacy of the user is protected by allowing multiple data providers to host their part of the user profile. This provides an incentive for more users to make profile data from different domains available for recommendations.

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
  • I like your presentation :D , althought it's a pity is in pdf version u.u
    Are you sure you want to
    Your message goes here
No Downloads

Views

Total Views
2,230
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
27
Comments
1
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Digital Enterprise Research Institute www.deri.ie An architecture for privacy-enabled user profile portability on the Web of Data Benjamin Heitmann, James G. Kim, Alexandre Passant, Conor Hayes, Hong-Gee Kim Funded by Science Foundation Ireland under Grant No. SFI/08/CE/I1380 (Líon-2)  Copyright 2009 Digital Enterprise Research Institute. All rights reserved. Chapter
  • 2. Motivation Digital Enterprise Research Institute www.deri.ie  Rec. Systems can benefit from external data sources:  e.g. for cold-start problem ?  New paradigm shifts require external data:  beyond single site context data recommendations  beyond single domain sharing  Challenge: sharing of profile data  Maintain privacy of user (“public by default” is not enough) Benjamin.Heitmann slide 2 of 11 @deri.org
  • 3. Outline Digital Enterprise Research Institute www.deri.ie  The challenge: portable and private user profiles  Background: Introducing Linked Data  An architecture to enable portable and private user profiles  Foundation standards  Roles  Communication pattern  Qualitative evaluation  Related work Benjamin.Heitmann slide 3 of 11 @deri.org
  • 4. The challenge: portable and private user profiles Digital Enterprise Research Institute www.deri.ie  Current eco-systems:  hub site: centralised express user profile storage preference authentication e.g. Facebook, Twitter for user action  users profiles: secure and private, but no web site interaction portability.  third party services: can cross domain data sharing access user profile if if authorised authorised, e.g. by user TweetMeme or Flickr  closed system  Users are locked into an ecosystem, no portability  Challenge: open recommendations for alternative with portability external site provided by and privacy! facebook (at the same time) Benjamin.Heitmann slide 4 of 11 @deri.org
  • 5. Background: The Web of Data and Linked Data Digital Enterprise Research Institute www.deri.ie  the Web of Data provides:  structured data, collaboratively created, about object centred sociality  domain knowledge through ontologies (e.g. DBpedia ontology)  cross-domain links between sources  Linked Data principles: 1. use URIs “for everything” 2. allow HTTP access to all URIs 3. when accessing a URI, provide relevant data in RDF 4. include links to URIs from third Linking Open Data (LOD) cloud, as of October 2010 parties (background knowledge) Benjamin.Heitmann slide 5 of 11 @deri.org
  • 6. Foundation standards Digital Enterprise Research Institute www.deri.ie no logo  WebIDs:  WebAccess  FOAF profiles:  user Control (WAC)  domain authentication vocabulary: independent user without passwords profiles  resource access  publish public key authorisation  described using in FOAF profile the Friend-of-a-  defines whitelist  store private key in Friend (FOAF) for a resource browser vocabulary access by third  decentralised parties  can contain any authentication structured data,  can be used for schema e.g. activity streams “private by default” mode Benjamin.Heitmann slide 6 of 11 @deri.org
  • 7. Alternative: architecture for private and portable user profiles Digital Enterprise Research Institute www.deri.ie  User profile:  Profile data expressed WebID using RDF (FOAF+SIOC)  WebID provides identity private key public key (2 parts) – private SSL Key in user agent – public SSL Key in FOAF user agent FOAF Profile profile  Roles: stored  user agents: manage user in identities  profile storage service: retrieves user profile stores 1 or many profiles if user authorises it profile storage site data consumer  data consumers: provide services for users Benjamin.Heitmann slide 7 of 11 @deri.org
  • 8. Communication pattern of the proposed architecture Digital Enterprise Research Institute www.deri.ie WebID private key public key Storage URI user agent FOAF Profile stored in profile storage site Benjamin.Heitmann slide 8 of 11 @deri.org
  • 9. Communication pattern of the proposed architecture Digital Enterprise Research Institute www.deri.ie  Scenario: recommend patients with similar treatments WebID  Assumption: user is logged into Openbook private key public key Storage URI user agent FOAF Profile stored in profile storage site Benjamin.Heitmann slide 8 of 11 @deri.org
  • 10. Communication pattern of the proposed architecture Digital Enterprise Research Institute www.deri.ie  Scenario: recommend patients with similar treatments WebID  Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI user agent FOAF Profile Any patients stored like me? in profile storage site data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
  • 11. Communication pattern of the proposed architecture Digital Enterprise Research Institute www.deri.ie  Scenario: recommend patients with similar treatments WebID  Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent FOAF Profile Firefox stored provides in storage URI profile storage site data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
  • 12. Communication pattern of the proposed architecture Digital Enterprise Research Institute www.deri.ie  Scenario: recommend patients with similar treatments WebID  Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent 3. PLM redirects Firefox to FOAF Profile Openbook for authorisation redirect to stored openbook in for authorisation profile storage site data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
  • 13. Communication pattern of the proposed architecture Digital Enterprise Research Institute www.deri.ie  Scenario: recommend patients with similar treatments WebID  Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent 3. PLM redirects Firefox to FOAF Profile Openbook for authorisation User authorises stored 4. User authorises Openbook to Openbook to in show parts of show some profile parts to PLM profile to PLM (new WAC entry gets created) profile storage site data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
  • 14. Communication pattern of the proposed architecture Digital Enterprise Research Institute www.deri.ie  Scenario: recommend patients with similar treatments WebID  Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent 3. PLM redirects Firefox to FOAF Profile Openbook for authorisation stored 4. User authorises Openbook to in show some profile parts to PLM (new WAC entry gets created) 5.Openbook redirects to PLM redirect back to profile storage site PatientsLikeMe data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
  • 15. Communication pattern of the proposed architecture Digital Enterprise Research Institute www.deri.ie  Scenario: recommend patients with similar treatments WebID  Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent 3. PLM redirects Firefox to FOAF Profile Openbook for authorisation stored 4. User authorises Openbook to in show some profile parts to PLM PatientsLikeMe retrieves profile (new WAC entry gets created) parts now 5.Openbook redirects to PLM profile storage site 6.Now PLM accesses parts of profile data on openbook data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
  • 16. Qualitative evaluation Digital Enterprise Research Institute www.deri.ie  Based on evaluation framework for privacy enhanced technologies by Wang+Kobsa [20,15]  Protection of identity:  user can create and choose identities without constraints  allows pseudonymity, unobservability, deniability, anonymity  alternatively identities can be assigned by organisations  Control over user data:  profile data can be optionally self-hosted  open standards allow portability, no lock-in to any ecosystem  Non-functional requirements:  Universality: one universal, standards based eco-system  Scalability: no bottlenecks or central points of failure  Reuse of infrastructure: standards from WWW and Web of Data are reused Benjamin.Heitmann slide 9 of 11 @deri.org
  • 17. Related work (“the competition”) Digital Enterprise Research Institute www.deri.ie no logo  OpenID:  OAuth:  OpenID attribute  user authentication  resource access exchange: without passwords authorisation  protocol for  1 billion accounts, 9  defines protocol for exchanging profile million sites 3rd parties to access data  requires user resources  very limited interaction  manages access via vocabulary  not scalable, due to tokens  inflexible and hard to number of HTTP  high HTTP extend connections required connection overhead  has not reached  fragmentation industry adoption (Twitter vs Facebook) Benjamin.Heitmann slide 10 of 11 @deri.org
  • 18. Summary Digital Enterprise Research Institute www.deri.ie  coming paradigm shifts towards social eco-systems:  recommendations in a multi-site and cross-domain context  current eco-systems are built around centralised and closed hub sites  alternative: eco-systems centred around secure and portable user profiles (“private by default”)  foundation: WebIDs and FOAF profiles  provides incentives for users to share their profile data  can enable a universal, decentralised social eco-system  Future work: implement and evaluate prototype with all parties in a cross-domain setting Benjamin.Heitmann slide 11 of 11 @deri.org