Downloaded 32 times
![Qualitative evaluation
Digital Enterprise Research Institute www.deri.ie
Based on evaluation framework for privacy enhanced
technologies by Wang+Kobsa [20,15]
Protection of identity:
user can create and choose identities without constraints
allows pseudonymity, unobservability, deniability, anonymity
alternatively identities can be assigned by organisations
Control over user data:
profile data can be optionally self-hosted
open standards allow portability, no lock-in to any ecosystem
Non-functional requirements:
Universality: one universal, standards based eco-system
Scalability: no bottlenecks or central points of failure
Reuse of infrastructure: standards from WWW and Web of Data
are reused
Benjamin.Heitmann
slide 9 of 11
@deri.org](https://image.slidesharecdn.com/privacyenableduserprofileportabilityarchitecture-100926090957-phpapp01/75/An-architecture-for-privacy-enabled-user-profile-portability-on-the-Web-of-Data-16-2048.jpg)
Uploaded byBenjamin Heitmann
An architecture for privacy-enabled user profile portability on the Web of Data
The document discusses the architecture for enabling privacy-focused and portable user profiles on the web of data. It highlights the limitations of existing centralized ecosystems and proposes an alternative approach using web identifiers (WebIDs) and Friend of a Friend (FOAF) profiles to facilitate secure data sharing across multiple domains. The goal is to create a universal, decentralized social ecosystem that prioritizes user privacy while allowing for richer recommendations based on cross-domain information.
More Related Content
Similar to An architecture for privacy-enabled user profile portability on the Web of Data
An architecture for privacy-enabled user profile portability on the Web of Data
- 1. Digital Enterprise ResearchInstitute www.deri.ie An architecture for privacy-enabled user profile portability on the Web of Data Benjamin Heitmann, James G. Kim, Alexandre Passant, Conor Hayes, Hong-Gee Kim Funded by Science Foundation Ireland under Grant No. SFI/08/CE/I1380 (Líon-2) Copyright 2009 Digital Enterprise Research Institute. All rights reserved. Chapter
- 2. Motivation Digital Enterprise ResearchInstitute www.deri.ie Rec. Systems can benefit from external data sources: e.g. for cold-start problem ? New paradigm shifts require external data: beyond single site context data recommendations beyond single domain sharing Challenge: sharing of profile data Maintain privacy of user (“public by default” is not enough) Benjamin.Heitmann slide 2 of 11 @deri.org
- 3. Outline Digital Enterprise ResearchInstitute www.deri.ie The challenge: portable and private user profiles Background: Introducing Linked Data An architecture to enable portable and private user profiles Foundation standards Roles Communication pattern Qualitative evaluation Related work Benjamin.Heitmann slide 3 of 11 @deri.org
- 4. The challenge: portable and private user profiles Digital Enterprise Research Institute www.deri.ie Current eco-systems: hub site: centralised express user profile storage preference authentication e.g. Facebook, Twitter for user action users profiles: secure and private, but no web site interaction portability. third party services: can cross domain data sharing access user profile if if authorised authorised, e.g. by user TweetMeme or Flickr closed system Users are locked into an ecosystem, no portability Challenge: open recommendations for alternative with portability external site provided by and privacy! facebook (at the same time) Benjamin.Heitmann slide 4 of 11 @deri.org
- 5. Background: The Web of Data and Linked Data Digital Enterprise Research Institute www.deri.ie the Web of Data provides: structured data, collaboratively created, about object centred sociality domain knowledge through ontologies (e.g. DBpedia ontology) cross-domain links between sources Linked Data principles: 1. use URIs “for everything” 2. allow HTTP access to all URIs 3. when accessing a URI, provide relevant data in RDF 4. include links to URIs from third Linking Open Data (LOD) cloud, as of October 2010 parties (background knowledge) Benjamin.Heitmann slide 5 of 11 @deri.org
- 6. Foundation standards Digital EnterpriseResearch Institute www.deri.ie no logo WebIDs: WebAccess FOAF profiles: user Control (WAC) domain authentication vocabulary: independent user without passwords profiles resource access publish public key authorisation described using in FOAF profile the Friend-of-a- defines whitelist store private key in Friend (FOAF) for a resource browser vocabulary access by third decentralised parties can contain any authentication structured data, can be used for schema e.g. activity streams “private by default” mode Benjamin.Heitmann slide 6 of 11 @deri.org
- 7. Alternative: architecture forprivate and portable user profiles Digital Enterprise Research Institute www.deri.ie User profile: Profile data expressed WebID using RDF (FOAF+SIOC) WebID provides identity private key public key (2 parts) – private SSL Key in user agent – public SSL Key in FOAF user agent FOAF Profile profile Roles: stored user agents: manage user in identities profile storage service: retrieves user profile stores 1 or many profiles if user authorises it profile storage site data consumer data consumers: provide services for users Benjamin.Heitmann slide 7 of 11 @deri.org
- 8. Communication pattern ofthe proposed architecture Digital Enterprise Research Institute www.deri.ie WebID private key public key Storage URI user agent FOAF Profile stored in profile storage site Benjamin.Heitmann slide 8 of 11 @deri.org
- 9. Communication pattern ofthe proposed architecture Digital Enterprise Research Institute www.deri.ie Scenario: recommend patients with similar treatments WebID Assumption: user is logged into Openbook private key public key Storage URI user agent FOAF Profile stored in profile storage site Benjamin.Heitmann slide 8 of 11 @deri.org
- 10. Communication pattern ofthe proposed architecture Digital Enterprise Research Institute www.deri.ie Scenario: recommend patients with similar treatments WebID Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI user agent FOAF Profile Any patients stored like me? in profile storage site data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
- 11. Communication pattern ofthe proposed architecture Digital Enterprise Research Institute www.deri.ie Scenario: recommend patients with similar treatments WebID Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent FOAF Profile Firefox stored provides in storage URI profile storage site data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
- 12. Communication pattern ofthe proposed architecture Digital Enterprise Research Institute www.deri.ie Scenario: recommend patients with similar treatments WebID Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent 3. PLM redirects Firefox to FOAF Profile Openbook for authorisation redirect to stored openbook in for authorisation profile storage site data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
- 13. Communication pattern ofthe proposed architecture Digital Enterprise Research Institute www.deri.ie Scenario: recommend patients with similar treatments WebID Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent 3. PLM redirects Firefox to FOAF Profile Openbook for authorisation User authorises stored 4. User authorises Openbook to Openbook to in show parts of show some profile parts to PLM profile to PLM (new WAC entry gets created) profile storage site data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
- 14. Communication pattern ofthe proposed architecture Digital Enterprise Research Institute www.deri.ie Scenario: recommend patients with similar treatments WebID Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent 3. PLM redirects Firefox to FOAF Profile Openbook for authorisation stored 4. User authorises Openbook to in show some profile parts to PLM (new WAC entry gets created) 5.Openbook redirects to PLM redirect back to profile storage site PatientsLikeMe data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
- 15. Communication pattern ofthe proposed architecture Digital Enterprise Research Institute www.deri.ie Scenario: recommend patients with similar treatments WebID Assumption: user is logged into Openbook private key public key 1. User searches for PatiensLikeMe Storage URI 2. PatientsLikeMe (PLM) gets profile storage URI via Firefox user agent 3. PLM redirects Firefox to FOAF Profile Openbook for authorisation stored 4. User authorises Openbook to in show some profile parts to PLM PatientsLikeMe retrieves profile (new WAC entry gets created) parts now 5.Openbook redirects to PLM profile storage site 6.Now PLM accesses parts of profile data on openbook data consumer Benjamin.Heitmann slide 8 of 11 @deri.org
- 16. Qualitative evaluation Digital EnterpriseResearch Institute www.deri.ie Based on evaluation framework for privacy enhanced technologies by Wang+Kobsa [20,15] Protection of identity: user can create and choose identities without constraints allows pseudonymity, unobservability, deniability, anonymity alternatively identities can be assigned by organisations Control over user data: profile data can be optionally self-hosted open standards allow portability, no lock-in to any ecosystem Non-functional requirements: Universality: one universal, standards based eco-system Scalability: no bottlenecks or central points of failure Reuse of infrastructure: standards from WWW and Web of Data are reused Benjamin.Heitmann slide 9 of 11 @deri.org
- 17. Related work (“thecompetition”) Digital Enterprise Research Institute www.deri.ie no logo OpenID: OAuth: OpenID attribute user authentication resource access exchange: without passwords authorisation protocol for 1 billion accounts, 9 defines protocol for exchanging profile million sites 3rd parties to access data requires user resources very limited interaction manages access via vocabulary not scalable, due to tokens inflexible and hard to number of HTTP high HTTP extend connections required connection overhead has not reached fragmentation industry adoption (Twitter vs Facebook) Benjamin.Heitmann slide 10 of 11 @deri.org
- 18. Summary Digital Enterprise ResearchInstitute www.deri.ie coming paradigm shifts towards social eco-systems: recommendations in a multi-site and cross-domain context current eco-systems are built around centralised and closed hub sites alternative: eco-systems centred around secure and portable user profiles (“private by default”) foundation: WebIDs and FOAF profiles provides incentives for users to share their profile data can enable a universal, decentralised social eco-system Future work: implement and evaluate prototype with all parties in a cross-domain setting Benjamin.Heitmann slide 11 of 11 @deri.org