Privon'2014 - How To Publish Privately

404 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
404
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
9
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Privon'2014 - How To Publish Privately

  1. 1. How to Publish Privately October 20, 2014 @ Riva Del Garda, Italy Presented at Privacy Online Workshop (PrivOn’2014) Collocated with the 13th International Semantic Web Conference (ISWC’2014) GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb nmb@isep.ipp.pt
  2. 2. Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work October 20, 2014 @ Riva Del Garda, Italy 1
  3. 3. Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work October 20, 2014 @ Riva Del Garda, Italy 2
  4. 4. Background & Overview (i) • Web domains • Social Networks • User Identities • Accountability • Architecture Overview October 20, 2014 @ Riva Del Garda, Italy 3
  5. 5. upload Background & Overview (ii) watch write/read WebID Authentication and Authorisation download FOAF Profile: http://foafserver.com/profiles/johndoe.rdf#me like October 20, 2014 @ Riva Del Garda, Italy 4
  6. 6. Background & Overview (iii) Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration Application Server rules Information resources Enforcement Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access HTTP Client photo.png ownerOf Resource Author October 20, 2014 @ Riva Del Garda, Italy 5
  7. 7. Background & Overview (iii) Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration Application Server rules Information resources Enforcement Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access HTTP Client photo.png ownerOf Resource Author October 20, 2014 @ Riva Del Garda, Italy 5
  8. 8. Background & Overview (iii) Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration Application Server rules Information resources Enforcement Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access HTTP Client photo.png ownerOf Resource Author October 20, 2014 @ Riva Del Garda, Italy 5
  9. 9. Background & Overview (iii) Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration Application Server rules Information resources Enforcement Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access HTTP Client photo.png ownerOf Resource Author October 20, 2014 @ Riva Del Garda, Italy 5
  10. 10. Background & Overview (iii) Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration Application Server rules Information resources Enforcement Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access HTTP Client photo.png ownerOf Resource Author October 20, 2014 @ Riva Del Garda, Italy 5
  11. 11. Background & Overview (iii) Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration Application Server rules Information resources Enforcement Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access HTTP Client photo.png ownerOf Resource Author October 20, 2014 @ Riva Del Garda, Italy 5
  12. 12. Background & Overview (iii) Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration Application Server rules Information resources Enforcement Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access HTTP Client photo.png ownerOf Resource Author October 20, 2014 @ Riva Del Garda, Italy 5
  13. 13. Background & Overview (iii) Application Server Enforcement HTTP Client photo.png ownerOf October 20, 2014 @ Riva Del Garda, Italy 5 Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration rules Information resources Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access Resource Author
  14. 14. Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work October 20, 2014 @ Riva Del Garda, Italy 6
  15. 15. Objectives (i) • Store a resource in a single place • Share a resource for multiple web domains • Definition of access policies in a single place • A single access policy management system not only for public resources • Corollary – User unique identity – A hyperlinked Web again… October 20, 2014 @ Riva Del Garda, Italy 7
  16. 16. Objectives (ii) • Based on – FOAF Profiles – WebID Authentication + Authorization – Provenance Ontologies – Semantic Rules • Triggers – User’s uploading of resources – User’s sharing of resources – …. October 20, 2014 @ Riva Del Garda, Italy 8
  17. 17. Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work October 20, 2014 @ Riva Del Garda, Italy 9
  18. 18. Proposal Access to Resource Decision Web Server Get Resource Get Resource’s Author Data Administration Application Server rules Information resources Enforcement Get Access Policies Access Policies Get extra Data Get Resources (WebId) Get User’s Social Network (WebId) Manage Access Control Policies Ask for Access HTTP Client photo.png ownerOf Resource Author October 20, 2014 @ Riva Del Garda, Italy 10
  19. 19. Distributed Resource Broker Web Server PEP Upload Sensor Authentication Module Authorisation Module Distributed Resource Broker Web Application 1 Web Application 2 Web <uses> <uses> Application n <uses> October 20, 2014 @ Riva Del Garda, Italy 11
  20. 20. Upload Workflow Applicational Web Server PEP Web Application PIP Photo Hosting Server Photo Web Application ownerOf photo.png PEP photo.png FOAF Profiles 3. Upload Server URI 4. Resource Upload 2. Retrieve Resource Upload Domain 5. Resource URI User 6. Link to Resource URI Distributed Resource Broker 1. Resource Upload Resource October 20, 2014 @ Riva Del Garda, Italy 12
  21. 21. User_A User_B User_C raw provenance info Web Server 1 Resource_A Policy Enforcement Point .... Preferred Upload Server Upload Server Web Server 1 Web Server 2 Web Server 3 .... FOAF + SSL uploads Resource_A isFriendOf isFriendOf Resource Repository Authentication & Authorisation Module has read access to Resource A Preferred Upload Server Resource_A User_A uploads Resource_B uploads Resource_A1 Web Server n Distributed Resource Broker action friendship level Publishing WebServer Policy Information Point Provenance Generator structured provenance info message exchange graphed information Publisher Web Application 1 Publishing Server Legend Publishing Agent Metadata Genarator isOwnerOf October 20, 2014 @ Riva Del Garda, Italy 13
  22. 22. Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work October 20, 2014 @ Riva Del Garda, Italy 14
  23. 23. Management System foafserver.* • WebID Authentication • Authorisation • Identity Provider • Resource Hosting • Social Relationships • Access Policy Management Test bed (i) Wordpress Instance A wordpress.foafserver.* Wordpress Instance B test.foafserver.* • WebID Authentication +Authorisation • Distributed Resource Broker isFriendOf isFriendOf • WebID Authentication • Authorisation • Distributed Resource Broker User A User B User C October 20, 2014 @ Riva Del Garda, Italy 15
  24. 24. Test bed (ii) • http://foafserver.dei.isep.ipp.pt • http://wordpress.foafserver.dei.isep.ipp.pt/ • http://test.foafserver.dei.isep.ipp.pt/ October 20, 2014 @ Riva Del Garda, Italy 16
  25. 25. Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work October 20, 2014 @ Riva Del Garda, Italy 17
  26. 26. Related Work • Priv.ly – Client side approach • Client Browser dependent – Slow adoption • Depends solely on users – Focus only on text data • Presented Approach – Server side approach • Apache web server dependent – Quick adoption • Depends on web domain owners – Focus on indivisible resources October 20, 2014 @ Riva Del Garda, Italy 18
  27. 27. Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work October 20, 2014 @ Riva Del Garda, Italy 19
  28. 28. Conclusions • Publish resources privately – Cross-domain perspective – Manage access policies independently of each web domain • Resources can be located anywhere • Different renderings of the same web page, according to each user access permissions • Keeps every resource trustworthy October 20, 2014 @ Riva Del Garda, Italy 20
  29. 29. Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work October 20, 2014 @ Riva Del Garda, Italy 21
  30. 30. Future Work • Address parts of resources • Public-key encryption per resource, per identity • Blacklisting resources or certain user resources October 20, 2014 @ Riva Del Garda, Italy 22
  31. 31. ? GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb nmb@isep.ipp.pt

×