Download - Privon'2014 - How To Publish Privately
GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb [email protected]
How to Publish Privately October 20, 2014 @ Riva Del Garda, Italy Presented at Privacy Online Workshop (PrivOn’2014) Collocated with the 13th International Semantic Web Conference (ISWC’2014)
Outline
October 20, 2014 @ Riva Del Garda, Italy 1
• Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work
Outline
October 20, 2014 @ Riva Del Garda, Italy 2
• Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work
Background & Overview (i) • Web domains • Social Networks • User Identities • Accountability • Architecture Overview
October 20, 2014 @ Riva Del Garda, Italy 3
upload
FOAF Profile: http://foafserver.com/profiles/johndoe.rdf#me
Background & Overview (ii)
October 20, 2014 @ Riva Del Garda, Italy 4
WebID Authentication and Authorisation
like
watch
write/read
download
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
Background & Overview (iii)
October 20, 2014 @ Riva Del Garda, Italy 5
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
Background & Overview (iii)
October 20, 2014 @ Riva Del Garda, Italy 5
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
Background & Overview (iii)
October 20, 2014 @ Riva Del Garda, Italy 5
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
Background & Overview (iii)
October 20, 2014 @ Riva Del Garda, Italy 5
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
October 20, 2014 @ Riva Del Garda, Italy 5
Background & Overview (iii)
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
October 20, 2014 @ Riva Del Garda, Italy
Background & Overview (iii)
5
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
October 20, 2014 @ Riva Del Garda, Italy
Background & Overview (iii)
5
October 20, 2014 @ Riva Del Garda, Italy
Background & Overview (iii)
5
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work
October 20, 2014 @ Riva Del Garda, Italy 6
Objectives (i) • Store a resource in a single place • Share a resource for multiple web domains • Definition of access policies in a single place • A single access policy management system
October 20, 2014 @ Riva Del Garda, Italy 7
not only for public resources
• Corollary – User unique identity – A hyperlinked Web again…
Objectives (ii) • Based on
– FOAF Profiles – WebID Authentication + Authorization – Provenance Ontologies – Semantic Rules
• Triggers – User’s uploading of resources – User’s sharing of resources – ….
October 20, 2014 @ Riva Del Garda, Italy 8
Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work
October 20, 2014 @ Riva Del Garda, Italy 9
Access to Resource
Decision
Web Server
Administration
rules
Information
resourcesGet
AccessPolicies
AccessPolicies
Application Server
Get Resources (WebId)Get User’s Social Network (WebId)
Get extra Data
Manage Access Control Policies
Enforcement
Ask for Access
Get Resource’s Author Data
Get Resource
ResourceAuthor
HTTPClient
ownerOf
photo.png
Proposal
October 20, 2014 @ Riva Del Garda, Italy 10
Web ServerPEP
AuthenticationModule
Upload Sensor
AuthorisationModule
Distributed Resource Broker
WebApplication 2
Web Application 1
WebApplication n <uses>
<uses>
<uses>
Distributed Resource Broker
October 20, 2014 @ Riva Del Garda, Italy 11
Applicational Web Server
PEP
Web Application
PIP
Photo Hosting Server
Photo Web Application
ownerOf
photo.png
PEP
photo.png
3. UploadServer URI
4. ResourceUpload
2. Retrieve ResourceUpload Domain
5. ResourceURI
Distributed Resource Broker
FOAF Profiles
1. Resource Upload
Resource
6. Link to Resource URI User
Upload Workflow
October 20, 2014 @ Riva Del Garda, Italy 12
raw provenance info
Web Server 1
Policy Enforcement Point
User_B User_CUser_A
....
Preferred UploadServer
UploadServer
Web Server 1
Web Server 2
Web Server 3
....
FOAF + SSL
uploadsResource_A
isFriendOfisFriendOf
Resource Repository
Authentication & Authorisation Module
Resource_A
has read access to Resource A
Preferred Upload Server
Resource_A
User_A
uploadsResource_B
uploadsResource_A1
Web Server n
Distributed Resource Broker
action
friendship level
Publishing WebServer
Policy Information Point
ProvenanceGenerator
structured provenance info
message exchange
graphed information
Publisher
Web Application 1
PublishingServer
Legend
Publishing Agent
MetadataGenarator
isOwnerOf
October 20, 2014 @ Riva Del Garda, Italy 13
Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work
October 20, 2014 @ Riva Del Garda, Italy 14
• Identity Provider • Resource Hosting • Social Relationships • Access Policy
Management
Test bed (i)
October 20, 2014 @ Riva Del Garda, Italy 15 October 20, 2014 @ Riva Del Garda, Italy
User C User B User A
Wordpress Instance A
wordpress.foafserver.*
Management System foafserver.*
Wordpress Instance B test.foafserver.*
isFriendOf isFriendOf
• WebID Authentication+Authorisation
• Distributed Resource Broker
• WebID Authentication
• Authorisation
• WebID Authentication
• Authorisation • Distributed
Resource Broker
Test bed (ii) • http://foafserver.dei.isep.ipp.pt • http://wordpress.foafserver.dei.isep.ipp.pt/ • http://test.foafserver.dei.isep.ipp.pt/
October 20, 2014 @ Riva Del Garda, Italy 16
Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work
October 20, 2014 @ Riva Del Garda, Italy 17
Related Work • Priv.ly
– Client side approach • Client Browser
dependent
– Slow adoption • Depends solely on
users
– Focus only on text data
• Presented Approach – Server side approach
• Apache web server dependent
– Quick adoption • Depends on web
domain owners
– Focus on indivisible resources
October 20, 2014 @ Riva Del Garda, Italy 18
Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work
October 20, 2014 @ Riva Del Garda, Italy 19
• Publish resources privately – Cross-domain perspective – Manage access policies independently of each web
domain • Resources can be located anywhere • Different renderings of the same web page,
according to each user access permissions • Keeps every resource trustworthy
October 20, 2014 @ Riva Del Garda, Italy 20
Conclusions
Outline • Background and Overview • Objectives • Proposal • Test bed • Related Work • Conclusions • Future Work
October 20, 2014 @ Riva Del Garda, Italy 21
Future Work • Address parts of resources • Public-key encryption per resource, per
identity • Blacklisting resources or certain user
resources
October 20, 2014 @ Riva Del Garda, Italy 22
GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb [email protected]
?