How to Publish Privately

Download PDF
6 downloads 41647 Views 2MB Size Report
Comment
Oct 20, 2014 - Collocated with the 13th International Semantic Web Conference (ISWC'2014) ... Web Server .... http://wordpress.foafserver.dei.isep.ipp.pt/.
How to Publish Privately October 20, 2014 @ Riva Del Garda, Italy Presented at Privacy Online Workshop (PrivOn’2014) Collocated with the 13th International Semantic Web Conference (ISWC’2014)

GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb [email protected]

Outline •  •  •  •  •  •  • 

Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work

October 20, 2014 @ Riva Del Garda, Italy

1

Outline •  •  •  •  •  •  • 

Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work

October 20, 2014 @ Riva Del Garda, Italy

2

Background & Overview (i) •  •  •  •  • 

Web domains Social Networks User Identities Accountability Architecture Overview

October 20, 2014 @ Riva Del Garda, Italy

3

Background & Overview (ii)

like

download write/read watch

upload

WebID Authentication and Authorisation FOAF Profile: http://foafserver.com/profiles/johndoe.rdf#me

October 20, 2014 @ Riva Del Garda, Italy

4

Background & Overview (iii) Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

5

Background & Overview (iii) Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

5

Background & Overview (iii) Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

5

Background & Overview (iii) Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

5

Background & Overview (iii) Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

5

Background & Overview (iii) Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

5

Background & Overview (iii) Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

5

Background & Overview (iii) Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

5

Outline •  •  •  •  •  •  • 

Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work

October 20, 2014 @ Riva Del Garda, Italy

6

Objectives (i) •  •  •  • 

Store a resource in a single place Share a resource for multiple web domains Definition of access policies in a single place A single access policy management system

•  Corollary –  User unique identity –  A hyperlinked Web again… not only for public resources

October 20, 2014 @ Riva Del Garda, Italy

7

Objectives (ii) •  Based on –  FOAF Profiles –  WebID Authentication + Authorization –  Provenance Ontologies –  Semantic Rules

•  Triggers –  User’s uploading of resources –  User’s sharing of resources –  …. October 20, 2014 @ Riva Del Garda, Italy

8

Outline •  •  •  •  •  •  • 

Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work

October 20, 2014 @ Riva Del Garda, Italy

9

Proposal Access to Resource

Web Server

Get Resource

Application Server

Get Resource’s Author Data

Enforcement

Ask for Access

HTTP Client photo.png

rules

Get Access Policies

Information Decision

resources

ownerOf

Get extra Data Access Policies

Resource Author

Manage Access Control Policies

October 20, 2014 @ Riva Del Garda, Italy

Get Resources (WebId) Get User’s Social Network (WebId)

Administration

10

Distributed Resource Broker Web Server Web Application 1

PEP

Web Application 2



Web Application n



Upload Sensor Authentication Module Authorisation Module

October 20, 2014 @ Riva Del Garda, Italy

Distributed Resource Broker

11

Upload Workflow photo.png

Applicational Web Server PIP

ownerOf

Web Application

FOAF Profiles

2. Retrieve Resource Upload Domain User

Photo Hosting Server

PEP

4. Resource Upload

3. Upload Server URI

Photo Web Application

6. Link to Resource URI Distributed Resource Broker

1. Resource Upload Resource

October 20, 2014 @ Riva Del Garda, Italy

PEP

photo.png

5. Resource URI

12

isFriendOf

User_A uploads Resource_A

User_B

uploads Resource_A1

Legend

isFriendOf

uploads Resource_B

message exchange

action

graphed information

friendship level

User_C

has read access to Resource A

FOAF + SSL

Web Server 1

Web Server 2

Web Server 3

Web Server n

Publishing Server

....

....

Publishing WebServer

Web Application 1 Resource Repository

Policy Enforcement Point Authentication & Authorisation Module

Upload Server

Preferred Upload Server

Web Server 1 Resource_A

Preferred Upload Server

Distributed Resource Broker

Resource_A

isOwnerOf User_A

Policy Information Point Publishing Agent

Metadata Genarator

Provenance Generator

Publisher

raw provenance info

October 20, 2014 @ Riva Del Garda, Italy

structured provenance info

13

Outline •  •  •  •  •  •  • 

Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work

October 20, 2014 @ Riva Del Garda, Italy

14

Test bed (i) Wordpress Instance A

Management System

Wordpress Instance B

wordpress.foafserver.*

foafserver.*

test.foafserver.*

•  WebID Authentication +Authorisation •  Distributed Resource Broker

•  WebID Authentication •  Authorisation •  Identity Provider •  Resource Hosting •  Social Relationships •  Access Policy Management

isFriendOf User A October 20, 2014 @ Riva Del Garda, Italy

•  WebID Authentication •  Authorisation •  Distributed Resource Broker

isFriendOf User B

User C 15

Test bed (ii) •  http://foafserver.dei.isep.ipp.pt •  http://wordpress.foafserver.dei.isep.ipp.pt/ •  http://test.foafserver.dei.isep.ipp.pt/

October 20, 2014 @ Riva Del Garda, Italy

16

Outline •  •  •  •  •  •  • 

Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work

October 20, 2014 @ Riva Del Garda, Italy

17

Related Work •  Priv.ly –  Client side approach •  Client Browser dependent

–  Slow adoption •  Depends solely on users

–  Focus only on text data October 20, 2014 @ Riva Del Garda, Italy

•  Presented Approach –  Server side approach •  Apache web server dependent

–  Quick adoption •  Depends on web domain owners

–  Focus on indivisible resources 18

Outline •  •  •  •  •  •  • 

Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work

October 20, 2014 @ Riva Del Garda, Italy

19

Conclusions •  Publish resources privately –  Cross-domain perspective –  Manage access policies independently of each web domain

•  Resources can be located anywhere •  Different renderings of the same web page, according to each user access permissions •  Keeps every resource trustworthy

October 20, 2014 @ Riva Del Garda, Italy

20

Outline •  •  •  •  •  •  • 

Background and Overview Objectives Proposal Test bed Related Work Conclusions Future Work

October 20, 2014 @ Riva Del Garda, Italy

21

Future Work •  Address parts of resources •  Public-key encryption per resource, per identity •  Blacklisting resources or certain user resources

October 20, 2014 @ Riva Del Garda, Italy

22

? GECAD – Knowledge Engineering and Decision Support Research Group (Polytechnic Institute of Porto – Portugal) http://www.gecad.isep.ipp.pt Nuno Bettencourt http://paginas.isep.ipp.pt/nmb [email protected]