privon'2014 - how to publish privately

GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb nmb@isep.ipp.pt

How to Publish Privately October 20, 2014 @ Riva Del Garda, Italy Presented at Privacy Online Workshop (PrivOn’2014) Collocated with the 13th International Semantic Web Conference (ISWC’2014)

Outline

October 20, 2014 @ Riva Del Garda, Italy 1

•  Background and Overview •  Objectives •  Proposal •  Test bed •  Related Work •  Conclusions •  Future Work

Outline

•  Background and Overview •  Objectives •  Proposal •  Test bed •  Related Work •  Conclusions •  Future Work

Background & Overview (i) •  Web domains •  Social Networks •  User Identities •  Accountability •  Architecture Overview

upload

FOAF Profile: http://foafserver.com/profiles/johndoe.rdf#me

Background & Overview (ii)

WebID Authentication and Authorisation

write/read

download

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get Resources (WebId)Get User’s Social Network (WebId)

Get extra Data

Manage Access Control Policies

Enforcement

Ask for Access

Get Resource’s Author Data

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Background & Overview (iii)

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get extra Data

Enforcement

Ask for Access

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get extra Data

Enforcement

Ask for Access

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get extra Data

Enforcement

Ask for Access

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get extra Data

Enforcement

Ask for Access

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get extra Data

Enforcement

Ask for Access

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

October 20, 2014 @ Riva Del Garda, Italy

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get extra Data

Enforcement

Ask for Access

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get extra Data

Enforcement

Ask for Access

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Outline •  Background and Overview •  Objectives •  Proposal •  Test bed •  Related Work •  Conclusions •  Future Work

Objectives (i) •  Store a resource in a single place •  Share a resource for multiple web domains •  Definition of access policies in a single place •  A single access policy management system

not only for public resources

•  Corollary –  User unique identity –  A hyperlinked Web again…

Objectives (ii) •  Based on

–  FOAF Profiles –  WebID Authentication + Authorization –  Provenance Ontologies –  Semantic Rules

•  Triggers –  User’s uploading of resources –  User’s sharing of resources – ….

Access to Resource

Decision

Web Server

Administration

Information

resourcesGet

AccessPolicies

Application Server

Get extra Data

Enforcement

Ask for Access

Get Resource

ResourceAuthor

HTTPClient

ownerOf

photo.png

Proposal

Web ServerPEP

AuthenticationModule

Upload Sensor

AuthorisationModule

Distributed Resource Broker

WebApplication 2

Web Application 1

WebApplication n <uses>

<uses>

Applicational Web Server

Web Application

Photo Hosting Server

Photo Web Application

ownerOf

photo.png

3. UploadServer URI

4. ResourceUpload

2. Retrieve ResourceUpload Domain

5. ResourceURI

FOAF Profiles

1. Resource Upload

Resource

6. Link to Resource URI User

Upload Workflow

raw provenance info

Web Server 1

Policy Enforcement Point

User_B User_CUser_A

Preferred UploadServer

UploadServer

Web Server 1

Web Server 2

Web Server 3

FOAF + SSL

uploadsResource_A

isFriendOfisFriendOf

Resource Repository

Authentication & Authorisation Module

Resource_A

has read access to Resource A

Preferred Upload Server

Resource_A

User_A

uploadsResource_B

uploadsResource_A1

Web Server n

action

friendship level

Publishing WebServer

Policy Information Point

ProvenanceGenerator

structured provenance info

message exchange

graphed information

Publisher

Web Application 1

PublishingServer

Legend

Publishing Agent

MetadataGenarator

isOwnerOf

•  Identity Provider •  Resource Hosting •  Social Relationships •  Access Policy

Management

Test bed (i)

October 20, 2014 @ Riva Del Garda, Italy 15 October 20, 2014 @ Riva Del Garda, Italy

User C User B User A

Wordpress Instance A

wordpress.foafserver.*

Management System foafserver.*

Wordpress Instance B test.foafserver.*

isFriendOf isFriendOf

•  WebID Authentication+Authorisation

•  Distributed Resource Broker

•  WebID Authentication

•  Authorisation

•  WebID Authentication

•  Authorisation •  Distributed

Resource Broker

Test bed (ii) •  http://foafserver.dei.isep.ipp.pt •  http://wordpress.foafserver.dei.isep.ipp.pt/ •  http://test.foafserver.dei.isep.ipp.pt/

Related Work •  Priv.ly

–  Client side approach •  Client Browser

dependent

–  Slow adoption •  Depends solely on

–  Focus only on text data

•  Presented Approach –  Server side approach

•  Apache web server dependent

–  Quick adoption •  Depends on web

domain owners

–  Focus on indivisible resources

•  Publish resources privately –  Cross-domain perspective –  Manage access policies independently of each web

domain •  Resources can be located anywhere •  Different renderings of the same web page,

according to each user access permissions •  Keeps every resource trustworthy

Conclusions

Future Work •  Address parts of resources •  Public-key encryption per resource, per

identity •  Blacklisting resources or certain user

resources

GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb nmb@isep.ipp.pt

privon'2014 - how to publish privately

resources users

objectives i

single place

hyperlinked web againoctober

Documents

how to publish your indie game

citrix-how to publish applications

how, what & why publish (or perish…). outline 1.how to...

how to publish an ebook

how to deploy & optimize ez publish

how do i sell my house privately

how to publish in elsevier

how to publish your research?

how to write publish papers in dentistry

how, what & why publish (or perish…)

how to publish your iso certification status

how to publish

how and when to publish

publishing your research - icse 2018 · publishing your...

publishing: where, why, and how. outline why it matters...

how to publish in scholarly...

how to self-publish a book

how to publish one’s results

“how to publish your research” workshop

how to get publish - workshop cnudst