1 / 16

Towards Web 2.0 Content Sharing Beyond Walled Gardens

University of British Columbia. Towards Web 2.0 Content Sharing Beyond Walled Gardens. San-Tsai Sun Supervisor: Kosta Beznosov. Laboratory for Education and Research in Secure Systems Engineering ( LERSSE ) University of British Columbia. practical problem.

oona
Télécharger la présentation

Towards Web 2.0 Content Sharing Beyond Walled Gardens

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. University of British Columbia Towards Web 2.0 Content Sharing Beyond Walled Gardens San-Tsai Sun Supervisor: KostaBeznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University of British Columbia

  2. practical problem lack of usable mechanisms for secure Web 2.0 user content sharing across content and service providers (CSPs)

  3. content sharing scenario CCA scouts only Colonial Coast Adventures (CCA) Girl Scouts Alice Jenny Picasa Web Alice’s CCA scout friends in Picasa Web

  4. question • how to enable useful sharing of Web 2.0 content across CSPs? • can existing technologies enable this type of sharing?

  5. secret-link approach http://picasaweb.google.com/Alice?authkey=Gv1sRgCOzuv • usable for Web users • easy to implement by CSPs • Alice does not have control over Jenny’s sharing of secret link with others • Alice has to know Jenny’s email secret-link Alice Jenny jenny@aol.com Picasa Web

  6. design goals • content sharing useful for average users • user-centric, i.e., access policy and identity follow the user • only use browser, no special software or crypto on the user computer • CSPs • separation of content hosting and content sharing • not required to change their existing access-control mechanism

  7. approach • OpenIDemailextension [1] to enable OpenID IdPs to use email as an alternative identifier • www.alo.com/santsai vs. santsas@alo.com • policy hosting service • role-based trust-management policy language (RT) for credentials and policies [2] • distributed membership and containment queries [1] B. Adida, “EmID: Web authentication by email address,” in The Proceedings of Web 2.0 Security and Privacy Workshop 2008, Oakland, California, USA, 2008. [2] N. Li, J. C. Mitchell, and W. H. Winsborough, “Design of a role-based trust-management framework,” in SP ’02 Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002

  8. sharing scenario CCA.scout  Alice@gmail.com CCA.scout  Jenny@aol.com CCA.scout Betty@hotmail.com CCA secret-link memberships secret-link, Alice@gmail.com.scout Alice policy service Gmail policy service Yahoo Alice@gmail.com.scout  CCA.@yahoo.scout Alice@gmail.com.scout Picasa Web Alice@gmail.com.scout

  9. access scenario CCA.scout  Alice@gmail.com CCA.scout  Jenny@aol.com CCA.scout Betty@hotmail.com Jenny@aol.com CCA containment secret-link Jenny@aol.com, Alice@gmail.com.scout Jenny policy service Gmail policy service Yahoo OpenIDemail AOL yes/no Alice@gmail.com.scout  CCA.@yahoo.scout Picasa Web Alice@gmail.com.scout

  10. content sharing scenario 2 CCA scouts and their parents only Colonial Coast Adventures (CCA) Girl Scouts Mary Alice Jenny Picasa Web Alice’s scout friends in Picasa Web

  11. sharing scenario 2 CCA.scout  Alice@gamil.com CCA.scout  Jenny@aol.com CCA.scout Betty@hotmail.com CCA Jenny@aol.com.parent  Mary@hotmail.com Alice@gamil.com.scout_parent Alice Jenny policy service Gmail policy service Yahoo policy service AOL Alice@gamil.com.scout  CCA.@yahoo.scout Alice@gamil.com.scout_parent  Alice@gamil.com.scout.parent Alice@gamil.com.scout Alice@gamil.com.scout_parent Picasa

  12. access scenario 2 secret-link CCA.scout  Alice@gamil.com CCA.scout  Jenny@aol.com CCA.scout Betty@hotmail.com CCA Jenny@aol.com.parent  Mary@hotmail.com memberships containment secret-link Alice@gamil.com.scout_parent ,Mary@hotmail.com Mary Jenny policy service Gmail policy service Yahoo policy service AOL yes/no Alice@gamil.com.scout  CCA.@yahoo.scout Alice@gamil.com.scout_parent  Alice@gamil.com.scout.parent Alice@gamil.com.scout Alice@gamil.com.scout_parent Picasa

  13. progress up-to-date • protocols/algorithms for distributed memberships and containment queries • preliminary prototype • initial performance evaluation

  14. open questions • what is the expressiveness of sharing control that users need? • how to design useable interface for controlled sharing? • how to limit transitive trust? • A trusts B  B trusts C  A trusts C • how to preserve the confidentiality of credentials and policies? • CCA does not want everybody to know email addresses of its scouts

  15. future work • investigate user needs in controlled sharing • design user interface • evaluate usability • investigate an approach for limiting transitive trust • preserve the confidentiality of credentials and policies • investigate phishing/spam prevention • improve performance

  16. San-Tsai Sun <santsais@ece.ubc.ca> • San-Tsai Sun and Konstantin Beznosov. Open problems in Web 2.0 user content sharing. Presented at iNetSec Workshop, April 23th 2009. • San-Tsai Sun, KirstieHawkey, and Konstantin Beznosov. Towards enabling web 2.0 content sharing beyond walled gardens. To be presented at the Workshop on Security and Privacy in Online Social Networking, August 29th 2009

More Related