How to Publish Privately October 20, 2014 @ Riva Del Garda, Italy Presented at Privacy Online Workshop (PrivOn’2014) Collocated with the 13th International Semantic Web Conference (ISWC’2014)
GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb
[email protected]
Outline • • • • • • •
Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work
October 20, 2014 @ Riva Del Garda, Italy
1
Outline • • • • • • •
Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work
October 20, 2014 @ Riva Del Garda, Italy
2
Background & Overview (i) • • • • •
Web domains Social Networks User Identities Accountability Architecture Overview
October 20, 2014 @ Riva Del Garda, Italy
3
Background & Overview (ii)
like
download write/read watch
upload
WebID Authentication and Authorisation FOAF Profile: http://foafserver.com/profiles/johndoe.rdf#me
October 20, 2014 @ Riva Del Garda, Italy
4
Background & Overview (iii) Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
5
Background & Overview (iii) Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
5
Background & Overview (iii) Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
5
Background & Overview (iii) Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
5
Background & Overview (iii) Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
5
Background & Overview (iii) Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
5
Background & Overview (iii) Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
5
Background & Overview (iii) Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
5
Outline • • • • • • •
Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work
October 20, 2014 @ Riva Del Garda, Italy
6
Objectives (i) • • • •
Store a resource in a single place Share a resource for multiple web domains Definition of access policies in a single place A single access policy management system
• Corollary – User unique identity – A hyperlinked Web again… not only for public resources
October 20, 2014 @ Riva Del Garda, Italy
7
Objectives (ii) • Based on – FOAF Profiles – WebID Authentication + Authorization – Provenance Ontologies – Semantic Rules
• Triggers – User’s uploading of resources – User’s sharing of resources – …. October 20, 2014 @ Riva Del Garda, Italy
8
Outline • • • • • • •
Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work
October 20, 2014 @ Riva Del Garda, Italy
9
Proposal Access to Resource
Web Server
Get Resource
Application Server
Get Resource’s Author Data
Enforcement
Ask for Access
HTTP Client photo.png
rules
Get Access Policies
Information Decision
resources
ownerOf
Get extra Data Access Policies
Resource Author
Manage Access Control Policies
October 20, 2014 @ Riva Del Garda, Italy
Get Resources (WebId) Get User’s Social Network (WebId)
Administration
10
Distributed Resource Broker Web Server Web Application 1
PEP
Web Application 2
Web Application n
Upload Sensor Authentication Module Authorisation Module
October 20, 2014 @ Riva Del Garda, Italy
Distributed Resource Broker
11
Upload Workflow photo.png
Applicational Web Server PIP
ownerOf
Web Application
FOAF Profiles
2. Retrieve Resource Upload Domain User
Photo Hosting Server
PEP
4. Resource Upload
3. Upload Server URI
Photo Web Application
6. Link to Resource URI Distributed Resource Broker
1. Resource Upload Resource
October 20, 2014 @ Riva Del Garda, Italy
PEP
photo.png
5. Resource URI
12
isFriendOf
User_A uploads Resource_A
User_B
uploads Resource_A1
Legend
isFriendOf
uploads Resource_B
message exchange
action
graphed information
friendship level
User_C
has read access to Resource A
FOAF + SSL
Web Server 1
Web Server 2
Web Server 3
Web Server n
Publishing Server
....
....
Publishing WebServer
Web Application 1 Resource Repository
Policy Enforcement Point Authentication & Authorisation Module
Upload Server
Preferred Upload Server
Web Server 1 Resource_A
Preferred Upload Server
Distributed Resource Broker
Resource_A
isOwnerOf User_A
Policy Information Point Publishing Agent
Metadata Genarator
Provenance Generator
Publisher
raw provenance info
October 20, 2014 @ Riva Del Garda, Italy
structured provenance info
13
Outline • • • • • • •
Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work
October 20, 2014 @ Riva Del Garda, Italy
14
Test bed (i) Wordpress Instance A
Management System
Wordpress Instance B
wordpress.foafserver.*
foafserver.*
test.foafserver.*
• WebID Authentication +Authorisation • Distributed Resource Broker
• WebID Authentication • Authorisation • Identity Provider • Resource Hosting • Social Relationships • Access Policy Management
isFriendOf User A October 20, 2014 @ Riva Del Garda, Italy
• WebID Authentication • Authorisation • Distributed Resource Broker
isFriendOf User B
User C 15
Test bed (ii) • http://foafserver.dei.isep.ipp.pt • http://wordpress.foafserver.dei.isep.ipp.pt/ • http://test.foafserver.dei.isep.ipp.pt/
October 20, 2014 @ Riva Del Garda, Italy
16
Outline • • • • • • •
Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work
October 20, 2014 @ Riva Del Garda, Italy
17
Related Work • Priv.ly – Client side approach • Client Browser dependent
– Slow adoption • Depends solely on users
– Focus only on text data October 20, 2014 @ Riva Del Garda, Italy
• Presented Approach – Server side approach • Apache web server dependent
– Quick adoption • Depends on web domain owners
– Focus on indivisible resources 18
Outline • • • • • • •
Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work
October 20, 2014 @ Riva Del Garda, Italy
19
Conclusions • Publish resources privately – Cross-domain perspective – Manage access policies independently of each web domain
• Resources can be located anywhere • Different renderings of the same web page, according to each user access permissions • Keeps every resource trustworthy
October 20, 2014 @ Riva Del Garda, Italy
20
Outline • • • • • • •
Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work
October 20, 2014 @ Riva Del Garda, Italy
21
Future Work • Address parts of resources • Public-key encryption per resource, per identity • Blacklisting resources or certain user resources
October 20, 2014 @ Riva Del Garda, Italy
22
? GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb
[email protected]