Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Ppl presentation 2010

717 views

Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

Ppl presentation 2010

  1. 1. PrimeLife Policy Language PPL Dr Slim Trabelsi [email_address] 27/04/2010
  2. 2. <ul><li>Scenario </li></ul><ul><li>Authorizations and Obligations </li></ul><ul><li>Authorizations and Obligations Matching </li></ul><ul><li>PPL Policy Language Model </li></ul><ul><li>Example </li></ul><ul><li>Architecture </li></ul>Agenda © SAP 2010/ Page
  3. 3. Scenario Data Subject (Client) Issuer Data Controller (Server) Downstream Data Controller Resources Non-personal content, services,… Collected personal data Personal Data (PII) Non-certified Certified: cards request credential card request resource request personal data personal data resource request personal data personal data
  4. 4. Types of policies <ul><li>Specific Policy: </li></ul><ul><li>over specific resource (e.g. BuyService) </li></ul><ul><li>Access control policy (ACP): who can access </li></ul><ul><ul><li>cards to possess (e.g. ID card) </li></ul></ul><ul><ul><li>personal data to reveal (e.g. nationality) </li></ul></ul><ul><ul><li>conditions to satisfy (e.g. age>18) </li></ul></ul><ul><li>Data handling policy (DHP): how revealed personal data will be treated </li></ul><ul><ul><li>Authorizations (e.g. marketing purposes) </li></ul></ul><ul><ul><li>Obligations (e.g. delete after 1y) </li></ul></ul><ul><li>Generic Policy: </li></ul><ul><li>DHP over implicitly revealed personal data (e.g. IP address, cookies,…) </li></ul><ul><ul><li>Authorizations (e.g. admin purposes) </li></ul></ul><ul><ul><li>Obligations (e.g. delete after 1y) </li></ul></ul>Data Subject Data Controller Resources Non-personal content, services,… Collected personal data Personal Data (PD) Non-certified Certified: cards <ul><li>Specific Policy: </li></ul><ul><li>over specific personal data (e.g. birth date) </li></ul><ul><li>Access control policy (ACP): who can access (e.g. PrivacySeal silver) </li></ul><ul><li>Data handling preferences (DHPrefs): how is to be treated when revealed </li></ul><ul><ul><li>Authorizations (e.g. marketing purposes, forwarded to PrivacySeal gold) </li></ul></ul><ul><ul><li>Obligations (e.g. delete after  2y) </li></ul></ul><ul><li>Generic Preferences: </li></ul><ul><li>DHPrefs over implicitly revealed personal data (e.g. IP address, cookies,…) </li></ul><ul><ul><li>Authorizations (e.g. admin purposes) </li></ul></ul><ul><ul><li>Obligations (e.g. delete after  2y) </li></ul></ul>XACML SAML request resource request personal data personal data resource Policy Engine Policy Engine
  5. 5. Authorizations and obligations in PPL <ul><li>General principle: provide </li></ul><ul><ul><li>wrapper for user-extensible vocabularies </li></ul></ul><ul><ul><li>basic pre-defined vocabulary </li></ul></ul><ul><li>Authorizations </li></ul><ul><ul><li>“ use for purpose” </li></ul></ul><ul><ul><ul><li>user-extensible ontology of purposes, </li></ul></ul></ul><ul><ul><ul><li>basic pre-defined ontology available </li></ul></ul></ul><ul><ul><li>“ forward under policy” = downstream access control </li></ul></ul><ul><li>Obligations </li></ul><ul><ul><li>general structure: do action when trigger ( from start to end) </li></ul></ul><ul><ul><li>pre-defined actions: </li></ul></ul><ul><ul><ul><li>delete data </li></ul></ul></ul><ul><ul><ul><li>anonymize data </li></ul></ul></ul><ul><ul><ul><li>notify data subject </li></ul></ul></ul><ul><ul><ul><li>write to (secure) log </li></ul></ul></ul><ul><ul><li>pre-defined triggers: </li></ul></ul><ul><ul><ul><li>at time, periodic </li></ul></ul></ul><ul><ul><ul><li>data access, data deletion </li></ul></ul></ul><ul><ul><ul><li>data loss, obligation violation </li></ul></ul></ul><ul><ul><ul><li>aliens landing on earth </li></ul></ul></ul>
  6. 6. Obligation & authorization matching <ul><li>automated matching of any two data handling preferences/policies via “less permissive than” relation ( ≤) defined on </li></ul><ul><ul><li>authorizations, e.g. </li></ul></ul><ul><ul><li>use for {delivery} ≤ use for {delivery,marketing} </li></ul></ul><ul><ul><li>triggers, e.g. </li></ul></ul><ul><ul><li>trigger at 2010/01/01 ≤ trigger at 2010/12/31 </li></ul></ul><ul><ul><li>actions, e.g. </li></ul></ul><ul><ul><li>delete firstname, lastname ≤ delete firstname </li></ul></ul><ul><ul><li>obligations </li></ul></ul><ul><ul><li>o 1 =(a 1 ,t 1 ,v 1 ) ≤ o 2 =(a 2 ,t 2 ,v 2 )  (a 1 ≤a 2 ) ^ (t 1 ≤t 2 ) ^ (v 1 ≤v 2 ) </li></ul></ul><ul><ul><li>sets of authorizations and obligations </li></ul></ul><ul><ul><li>O 1 ≤ O 2   o 1  O 1  o 2  O 2 : o 1 ≤ o 2 </li></ul></ul><ul><ul><li>data handling policies </li></ul></ul><ul><ul><li>P 1 = (A 1 ,O 1 ) ≤ P 2 = (A 2 ,O 2 )  A 1 ≤ A 2 ^ O 1 ≤ O 2 </li></ul></ul>action trigger validity
  7. 7. PPL Policy Language Model © SAP 2009 / Page
  8. 8. Example: Alice Creating an Account <ul><li>Privacy Policy Proposed by the Server: </li></ul><ul><ul><li>DHPolicy: </li></ul></ul><ul><ul><ul><li>Purpose: Statistics, Administration, Marketing </li></ul></ul></ul><ul><ul><ul><li>DownStreamUsage: </li></ul></ul></ul><ul><ul><ul><ul><li>XACML_Policy ( www.travel.com , read, [e-mail | personal address| Age | Credit card]) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Purpose: Marketing </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Obligation: Delete (*, 3 months) </li></ul></ul></ul></ul><ul><ul><ul><li>Obligation: Delete (*, 1 year) </li></ul></ul></ul><ul><ul><li>CredentialRequirements: </li></ul></ul><ul><ul><ul><li>Age >18 (condition) </li></ul></ul></ul><ul><ul><ul><li>Valid Credit Card </li></ul></ul></ul><ul><ul><li>ProvisionalAction: </li></ul></ul><ul><ul><li>RevealUnderDHP ([e-mail | personal address| Age | Credit card], DHPolicy) </li></ul></ul>© SAP 2009 / Page
  9. 9. Example: Alice Creating an Account <ul><li>Privacy Preferences imposed by Alice </li></ul><ul><ul><li>ACP: </li></ul></ul><ul><ul><ul><li>XACML_Policy( www.store.com , ANY, ANY) </li></ul></ul></ul><ul><ul><li>DHPref: </li></ul></ul><ul><ul><ul><li>Purpose: Statistics, Administration, Marketing </li></ul></ul></ul><ul><ul><ul><li>DownStreamUsage: </li></ul></ul></ul><ul><ul><ul><ul><li>XACML_Policy ( www.travel.com,ANY , ANY) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Purpose: Marketing, Administration </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Obligation: Delete (*, 3 months) </li></ul></ul></ul></ul><ul><ul><li>Obligation: Delete (*, 3 months) </li></ul></ul>© SAP 2009 / Page
  10. 10. Example: Alice Creating an Account <ul><li>Sticky Policy generated as the result of the policy matching </li></ul><ul><ul><li>StickyPolicy: </li></ul></ul><ul><ul><ul><li>Purpose: Statistics, Administration, Marketing </li></ul></ul></ul><ul><ul><ul><li>DownStreamUsage: </li></ul></ul></ul><ul><ul><ul><ul><li>XACML_Policy (www.travel.com, ANY, ANY) </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Purpose: Marketing </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Obligation: Delete (*, 3 months) </li></ul></ul></ul></ul><ul><ul><ul><li>Obligation: Delete (*,1 year) </li></ul></ul></ul>© SAP 2009 / Page
  11. 11. Architecture Context Handler PEP PDP Application/Communication Facade Policy Store Credential Store Ontology engine Obligation Enforcement Cred Handler PDP Cred Selection UI Idemix X.509 Rule Verification Resources/ PII Store Policy UI Auth/Obl Matching Engine
  12. 12. Card abstraction <ul><li>Card contains </li></ul><ul><ul><li>list of attribute-value pairs </li></ul></ul><ul><ul><li>pre-evidence : technology-specific meta-data to </li></ul></ul><ul><ul><ul><li>protect attribute integrity </li></ul></ul></ul><ul><ul><ul><li>prove card ownership </li></ul></ul></ul><ul><li>Card issuer vouches for attributes wrt owner (identity/authority) </li></ul><ul><li>Hierarchy of card types: define attributes contained </li></ul><ul><li>Policy: requirements on owned cards own p::Passport issued-by admin.ch; c::Creditcard issued-by visa.com reveal c.number where p.name = c.name ^ p.bdate < today-18Y </li></ul><ul><li>Authentication = claim over owned cards + evidence , e.g., </li></ul><ul><li>Instantiating technologies include X.509, SAML, CardSpace, OpenID, Kerberos, trusted LDAP, Identity Mixer, U-Prove,… </li></ul>
  13. 13. Features <ul><li>Access control requirements language supporting </li></ul><ul><li>Privacy preservation </li></ul><ul><ul><li>for user: minimal claim to be disclosed </li></ul></ul><ul><ul><li>(selectively) reveal attribute ↔ predicate satisfied </li></ul></ul><ul><ul><li>for server: “sanitize” sensitive policies </li></ul></ul><ul><ul><li>Bloom Filter Based matching </li></ul></ul><ul><li>Multi-card claims </li></ul><ul><ul><li>but prevent “card mixing” through reference pointer to individual cards </li></ul></ul><ul><li>Technology independence </li></ul><ul><ul><li>but supporting advanced features, esp. anonymous credentials </li></ul></ul>
  14. 14. © SAP 2009 / Page Thank you!
  15. 15. Grid © SAP 2010 / Page
  16. 16. Definition and Halftone Values of Colors © SAP 2010 / Page Secondary color palette 100% Primary color palette 100% RGB 68/105/125 RGB 96/127/143 RGB 125/150/164 RGB 152/173/183 RGB 180/195/203 RGB 4/53/123 RGB 240/171/0 RGB 102/102/102 RGB 153/153/153 RGB 204/204/204 RGB 21/101/112 RGB 98/146/147 RGB 127/166/167 RGB 154/185/185 RGB 181/204/204 RGB 85/118/48 RGB 110/138/79 RGB 136/160/111 RGB 162/180/141 RGB 187/200/172 RGB 119/74/57 RGB 140/101/87 RGB 161/129/118 RGB 181/156/147 RGB 201/183/176 RGB 100/68/89 RGB 123/96/114 RGB 147/125/139 RGB 170/152/164 RGB 193/180/189 RGB 73/108/96 RGB 101/129/120 RGB 129/152/144 RGB 156/174/168 RGB 183/196/191 RGB 129/110/44 RGB 148/132/75 RGB 167/154/108 RGB 186/176/139 RGB 205/197/171 RGB 132/76/84 RGB 150/103/110 RGB 169/130/136 RGB 188/157/162 RGB 206/183/187 85% 70% 55% 40% RGB 158/48/57 Tertiary color palette 100% 85% 70% 55% 40% SAP Blue SAP Gold SAP Dark Gray SAP Gray SAP Light Gray Dove Petrol Violet/Mauve Warm Red Warm Green Cool Green Ocher Warning Red Cool Red
  17. 17. Copyright 2010 SAP AG All Rights Reserved <ul><li>No part of this publication may be reproduced or transmitted in any form or for any purpose without the express permission of SAP AG. The information contained herein may be changed without prior notice. </li></ul><ul><li>Some software products marketed by SAP AG and its distributors contain proprietary software components of other software vendors. </li></ul><ul><li>Microsoft, Windows, Excel, Outlook, and PowerPoint are registered trademarks of Microsoft Corporation. </li></ul><ul><li>IBM, DB2, DB2 Universal Database, System i, System i5, System p, System p5, System x, System z, System z10, System z9, z10, z9, iSeries, pSeries, xSeries, zSeries, eServer, z/VM, z/OS, i5/OS, S/390, OS/390, OS/400, AS/400, S/390 Parallel Enterprise Server, PowerVM, Power Architecture, POWER6+, POWER6, POWER5+, POWER5, POWER, OpenPower, PowerPC, BatchPipes, BladeCenter, System Storage, GPFS, HACMP, RETAIN, DB2 Connect, RACF, Redbooks, OS/2, Parallel Sysplex, MVS/ESA, AIX, Intelligent Miner, WebSphere, Netfinity, Tivoli and Informix are trademarks or registered trademarks of IBM Corporation. </li></ul><ul><li>Linux is the registered trademark of Linus Torvalds in the U.S. and other countries. </li></ul><ul><li>Adobe, the Adobe logo, Acrobat, PostScript, and Reader are either trademarks or registered trademarks of Adobe Systems Incorporated in the United States and/or other countries. </li></ul><ul><li>Oracle is a registered trademark of Oracle Corporation. </li></ul><ul><li>UNIX, X/Open, OSF/1, and Motif are registered trademarks of the Open Group. </li></ul><ul><li>Citrix, ICA, Program Neighborhood, MetaFrame, WinFrame, VideoFrame, and MultiWin are trademarks or registered trademarks of Citrix Systems, Inc. </li></ul><ul><li>HTML, XML, XHTML and W3C are trademarks or registered trademarks of W3C®, World Wide Web Consortium, Massachusetts Institute of Technology. </li></ul><ul><li>Java is a registered trademark of Sun Microsystems, Inc. </li></ul><ul><li>JavaScript is a registered trademark of Sun Microsystems, Inc., used under license for technology invented and implemented by Netscape. </li></ul><ul><li>SAP, R/3, SAP NetWeaver, Duet, PartnerEdge, ByDesign, SAP Business ByDesign, and other SAP products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of SAP AG in Germany and other countries. </li></ul><ul><li>Business Objects and the Business Objects logo, BusinessObjects, Crystal Reports, Crystal Decisions, Web Intelligence, Xcelsius, and other Business Objects products and services mentioned herein as well as their respective logos are trademarks or registered trademarks of Business Objects S.A. in the United States and in other countries. Business Objects is an SAP company. </li></ul><ul><li>All other product and service names mentioned are the trademarks of their respective companies. Data contained in this document serves informational purposes only. National product specifications may vary. </li></ul><ul><li>These materials are subject to change without notice. These materials are provided by SAP AG and its affiliated companies (&quot;SAP Group&quot;) for informational purposes only, without representation or warranty of any kind, and SAP Group shall not be liable for errors or omissions with respect to the materials. The only warranties for SAP Group products and services are those that are set forth in the express warranty statements accompanying such products and services, if any. Nothing herein should be construed as constituting an additional warrant. </li></ul>© SAP 2010 / Page

×