Download - webinos Security privacy
Security and privacy
Background
webinos creates networks of personal devices and exposes them to web applications.– Potential attack vector for malware– Potential for a loss of privacy
webinos must be designed to protect stakeholders (primarily users) and be implemented securely
This presentation
1. Goals for security and privacy in webinos
2. Focus on:1. One device
2. The personal zone
3. Inter-user security and privacy
3. Conclusions and future directions
Goals
1. Protect user data, devices and services
2. Balance security mechanisms against control and freedom
3. Provide a consistent user experience
4. Allow for management of applications, data and devices
5. Take into consideration other stakeholders
Security and privacy on one device
API access mediated by an XACML-based security policy architecture– Based on WAC and BONDI– Extended for multi-device scenarios– Extended with privacy controls (TBD)
Application signing– Widgets – based on WAC and W3C
drafts/standards– Websites – SSL certificates
Local authentication
Personal zones
Device authentication– Public key infrastructure for every device– PZH acts as a certificate authority– Enrolment of new devices
Secure communication OpenID authentication of users Policy synchronisation PZH interface to manage zones
Communication between users
Personal zones can be bridged for inter-user communication
Authentication– User identity expressed through OpenID /
WebFinger / social network– Enables certificate exchange
Authorisation– Policies mediate access to APIs and services
Conclusion
Consistent, straightforward security framework
Building on existing work, introducing personal zones
In the future:– Interfaces– Better privacy management, expression– Integration of secure hardware?– More tools for users and developers