1 / 20

Towards Web 2.0 Content Sharing Beyond Walled Gardens

atalanta
Télécharger la présentation

Towards Web 2.0 Content Sharing Beyond Walled Gardens

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

    1. Towards Web 2.0 Content Sharing Beyond Walled Gardens San-Tsai Sun Supervisor: Kosta Beznosov Hi, my name is San-Tsai. I am a PHD student at UBC. The topic I am going to present today is toward secure We 2.0 content sharing beyond walled gardensHi, my name is San-Tsai. I am a PHD student at UBC. The topic I am going to present today is toward secure We 2.0 content sharing beyond walled gardens

    2. practical problem 2 lack of usable mechanisms for secure Web 2.0 user content sharing across content and service providers (CSPs) Today, the web is site-centric. A user has to maintain a separate copy of identity, relationships, and cess policies for each content-hosting and service provider. Users need a usable mechanisms for secure Web 2.0 user content sharing across CSPs.Today, the web is site-centric. A user has to maintain a separate copy of identity, relationships, and cess policies for each content-hosting and service provider. Users need a usable mechanisms for secure Web 2.0 user content sharing across CSPs.

    3. content sharing scenario 3 Let’s take a look at a typical content sharing. Alice is a scout in CCA. Jenny is also a CCA scout and Mary is her mother. Alice took pictures in a scout training event and would like to upload to Myphoto.com to share with her friends. However, CCA’s privacy policy states that the pictures taken in training event can only be seen by scout members and their parents. Alice would like to implement this policy. She can do so by restricting access only to her scout friends in Myphoto.com. She also wants to share those pictures with rests of scouts. However, she does not know Jenny and Mary, and they are not registered users of MyPhoto.com.Let’s take a look at a typical content sharing. Alice is a scout in CCA. Jenny is also a CCA scout and Mary is her mother. Alice took pictures in a scout training event and would like to upload to Myphoto.com to share with her friends. However, CCA’s privacy policy states that the pictures taken in training event can only be seen by scout members and their parents. Alice would like to implement this policy. She can do so by restricting access only to her scout friends in Myphoto.com. She also wants to share those pictures with rests of scouts. However, she does not know Jenny and Mary, and they are not registered users of MyPhoto.com.

    4. question 4 So, the question we are currently investigating is how to enable content sharing based on user’s attributes instead of identity across CSPs? What are characteristics of attribute-based content sharing? Can existing technologies achieve this type of sharing So, the question we are currently investigating is how to enable content sharing based on user’s attributes instead of identity across CSPs? What are characteristics of attribute-based content sharing? Can existing technologies achieve this type of sharing

    5. secret-link approach 5 usable for Web users easy to implement by CSPs Alice does not have control over Jenny’s sharing of secret link with others Alice has to know Jenny’s email Now, let’s take a look at a sharing scenario based on our proposed approach. Assume Yahoo is an OpenIDemail provider. CCA uses yahoo to issue credentials about its scout members. Gmail is another OpenIDemail provider, and Alice uses Gmail to issue her credentials. To share pictures hosted by MyPhoto.com, Alice specifies Alice.scout as link recipients, and pictures are accessible by scout parents. MyPhoto.com constructs a secret-link and requests Alice’s OpenIDemail provider, which is Gmail, to send out the link. Gmail exams the credentials issued by Alice, and found Alice.scout depends on CCA.scout. Gmail then make a membership query to CCA’s OpenIDemail provider, which is Yahoo to get a list of scout members. Once the membership query completed, Gmail sends out the link to each member of Alice.scout.Now, let’s take a look at a sharing scenario based on our proposed approach. Assume Yahoo is an OpenIDemail provider. CCA uses yahoo to issue credentials about its scout members. Gmail is another OpenIDemail provider, and Alice uses Gmail to issue her credentials. To share pictures hosted by MyPhoto.com, Alice specifies Alice.scout as link recipients, and pictures are accessible by scout parents. MyPhoto.com constructs a secret-link and requests Alice’s OpenIDemail provider, which is Gmail, to send out the link. Gmail exams the credentials issued by Alice, and found Alice.scout depends on CCA.scout. Gmail then make a membership query to CCA’s OpenIDemail provider, which is Yahoo to get a list of scout members. Once the membership query completed, Gmail sends out the link to each member of Alice.scout.

    6. design goals content sharing useful for average users user-centric, i.e., access policy and identity follow the user only use browser, no special software or crypto on the user computer CSPs separation of content hosting and content sharing not required to change their existing access-control mechanism 6 Our design goal is to design a user-centric attribute-based content sharing solution without complicating users and CSPs. User should be able to use single identity across CSPs and should only use a browser, without special software installed or crypto operations required. For CSPs, the solution should separate content hosting and sharing, and CSPs are not required to change their existing access-control mechanism.Our design goal is to design a user-centric attribute-based content sharing solution without complicating users and CSPs. User should be able to use single identity across CSPs and should only use a browser, without special software installed or crypto operations required. For CSPs, the solution should separate content hosting and sharing, and CSPs are not required to change their existing access-control mechanism.

    7. approach OpenIDemail extension [1] to enable OpenID IdPs to use email as an alternative identifier www.alo.com/santsai vs. santsas@alo.com policy hosting service role-based trust-management policy language (RT) for credentials and policies [2] distributed membership and containment queries 7 The main idea of our approach is to shift secret-link sending and access-control functions from CSPs to OpenIDemal providers. An OpenIDemal provider is an OpenID identity provider augmented with two additional component. The first component is a OpenID extension that enables OpenID identity provider that use email as an alternative identifier. And the second component is a role-based trust-management policy service that provides user-centric credentials and policies. The main idea of our approach is to shift secret-link sending and access-control functions from CSPs to OpenIDemal providers. An OpenIDemal provider is an OpenID identity provider augmented with two additional component. The first component is a OpenID extension that enables OpenID identity provider that use email as an alternative identifier. And the second component is a role-based trust-management policy service that provides user-centric credentials and policies.

    8. sharing scenario 8 Now, let’s take a look at a sharing scenario based on our proposed approach. Assume Yahoo is an OpenIDemail provider. CCA uses yahoo to issue credentials about its scout members. Gmail is another OpenIDemail provider, and Alice uses Gmail to issue her credentials. To share pictures hosted by MyPhoto.com, Alice specifies Alice.scout as link recipients, and pictures are accessible by scout parents. MyPhoto.com constructs a secret-link and requests Alice’s OpenIDemail provider, which is Gmail, to send out the link. Gmail exams the credentials issued by Alice, and found Alice.scout depends on CCA.scout. Gmail then make a membership query to CCA’s OpenIDemail provider, which is Yahoo to get a list of scout members. Once the membership query completed, Gmail sends out the link to each member of Alice.scout.Now, let’s take a look at a sharing scenario based on our proposed approach. Assume Yahoo is an OpenIDemail provider. CCA uses yahoo to issue credentials about its scout members. Gmail is another OpenIDemail provider, and Alice uses Gmail to issue her credentials. To share pictures hosted by MyPhoto.com, Alice specifies Alice.scout as link recipients, and pictures are accessible by scout parents. MyPhoto.com constructs a secret-link and requests Alice’s OpenIDemail provider, which is Gmail, to send out the link. Gmail exams the credentials issued by Alice, and found Alice.scout depends on CCA.scout. Gmail then make a membership query to CCA’s OpenIDemail provider, which is Yahoo to get a list of scout members. Once the membership query completed, Gmail sends out the link to each member of Alice.scout.

    9. access scenario 9 To access a shared content, Jenny clicks on the link in her email box, which in turn, presents the link to MyPhoto.com. Myphoto.com retrieves the access-control list associated with the link, and then makes a containment query to Alice’s OpenIDemail provider, which is Gmail, to determine whether Jenny is a member of Alice.scout. Gmail exams the credentials issued by Alice and found that Alice.scout depends on CCA.scout. Gmail then make a containment query to CCA’s OpenIDemail provider, which is Yahoo, to check whether jenny is a member of Alice.scout. Once the containment query completed, Gmail returns whether Jenny is a member of Alice.scout to MyPhoto.com, and MyPhoto.com make access decision accordingly. To access a shared content, Jenny clicks on the link in her email box, which in turn, presents the link to MyPhoto.com. Myphoto.com retrieves the access-control list associated with the link, and then makes a containment query to Alice’s OpenIDemail provider, which is Gmail, to determine whether Jenny is a member of Alice.scout. Gmail exams the credentials issued by Alice and found that Alice.scout depends on CCA.scout. Gmail then make a containment query to CCA’s OpenIDemail provider, which is Yahoo, to check whether jenny is a member of Alice.scout. Once the containment query completed, Gmail returns whether Jenny is a member of Alice.scout to MyPhoto.com, and MyPhoto.com make access decision accordingly.

    10. content sharing scenario 2 10 Let’s take a look at a typical content sharing. Alice is a scout in CCA. Jenny is also a CCA scout and Mary is her mother. Alice took pictures in a scout training event and would like to upload to Myphoto.com to share with her friends. However, CCA’s privacy policy states that the pictures taken in training event can only be seen by scout members and their parents. Alice would like to implement this policy. She can do so by restricting access only to her scout friends in Myphoto.com. She also wants to share those pictures with rests of scouts. However, she does not know Jenny and Mary, and they are not registered users of MyPhoto.com.Let’s take a look at a typical content sharing. Alice is a scout in CCA. Jenny is also a CCA scout and Mary is her mother. Alice took pictures in a scout training event and would like to upload to Myphoto.com to share with her friends. However, CCA’s privacy policy states that the pictures taken in training event can only be seen by scout members and their parents. Alice would like to implement this policy. She can do so by restricting access only to her scout friends in Myphoto.com. She also wants to share those pictures with rests of scouts. However, she does not know Jenny and Mary, and they are not registered users of MyPhoto.com.

    11. sharing scenario 2 11 Now, let’s take a look at a sharing scenario based on our proposed approach. Assume Yahoo is an OpenIDemail provider. CCA uses yahoo to issue credentials about its scout members. Gmail is another OpenIDemail provider, and Alice uses Gmail to issue her credentials. To share pictures hosted by MyPhoto.com, Alice specifies Alice.scout as link recipients, and pictures are accessible by scout parents. MyPhoto.com constructs a secret-link and requests Alice’s OpenIDemail provider, which is Gmail, to send out the link. Gmail exams the credentials issued by Alice, and found Alice.scout depends on CCA.scout. Gmail then make a membership query to CCA’s OpenIDemail provider, which is Yahoo to get a list of scout members. Once the membership query completed, Gmail sends out the link to each member of Alice.scout.Now, let’s take a look at a sharing scenario based on our proposed approach. Assume Yahoo is an OpenIDemail provider. CCA uses yahoo to issue credentials about its scout members. Gmail is another OpenIDemail provider, and Alice uses Gmail to issue her credentials. To share pictures hosted by MyPhoto.com, Alice specifies Alice.scout as link recipients, and pictures are accessible by scout parents. MyPhoto.com constructs a secret-link and requests Alice’s OpenIDemail provider, which is Gmail, to send out the link. Gmail exams the credentials issued by Alice, and found Alice.scout depends on CCA.scout. Gmail then make a membership query to CCA’s OpenIDemail provider, which is Yahoo to get a list of scout members. Once the membership query completed, Gmail sends out the link to each member of Alice.scout.

    12. access scenario 2 12 To access a shared content, Jenny clicks on the link in her email box, which in turn, presents the link to MyPhoto.com. Myphoto.com retrieves the access-control list associated with the link, and then makes a containment query to Alice’s OpenIDemail provider, which is Gmail, to determine whether Jenny is a member of Alice.scout. Gmail exams the credentials issued by Alice and found that Alice.scout depends on CCA.scout. Gmail then make a containment query to CCA’s OpenIDemail provider, which is Yahoo, to check whether jenny is a member of Alice.scout. Once the containment query completed, Gmail returns whether Jenny is a member of Alice.scout to MyPhoto.com, and MyPhoto.com make access decision accordingly. To access a shared content, Jenny clicks on the link in her email box, which in turn, presents the link to MyPhoto.com. Myphoto.com retrieves the access-control list associated with the link, and then makes a containment query to Alice’s OpenIDemail provider, which is Gmail, to determine whether Jenny is a member of Alice.scout. Gmail exams the credentials issued by Alice and found that Alice.scout depends on CCA.scout. Gmail then make a containment query to CCA’s OpenIDemail provider, which is Yahoo, to check whether jenny is a member of Alice.scout. Once the containment query completed, Gmail returns whether Jenny is a member of Alice.scout to MyPhoto.com, and MyPhoto.com make access decision accordingly.

    13. progress up-to-date protocols/algorithms for distributed memberships and containment queries preliminary prototype initial performance evaluation 13 For future work, we are going to develop a RT policy visualization tool and conduct usability study to ensure out approach is usable for Web users. We also plan to investigate the solutions for phishing and spam prevention, and performance enhancement For future work, we are going to develop a RT policy visualization tool and conduct usability study to ensure out approach is usable for Web users. We also plan to investigate the solutions for phishing and spam prevention, and performance enhancement

    14. open questions what is the expressiveness of sharing control that users need? how to design useable interface for controlled sharing? how to limit transitive trust? A trusts B ? B trusts C ? A trusts C how to preserve the confidentiality of credentials and policies? CCA does not want everybody to know email addresses of its scouts 14 We are currently implementing a prototype of our approach, and there are many issues remaining to be addressed. First, the trust relationship in RT is transitive, A trusts B, and B trusts C, implies A trusts C, which might not the case in reality. Second, the trust relationships are not necessarily commutative, A trusts B does not mean B trust A. And OpenID protocol relies on redirection between CSPs and identity providers , which makes phishing possible. We are currently implementing a prototype of our approach, and there are many issues remaining to be addressed. First, the trust relationship in RT is transitive, A trusts B, and B trusts C, implies A trusts C, which might not the case in reality. Second, the trust relationships are not necessarily commutative, A trusts B does not mean B trust A. And OpenID protocol relies on redirection between CSPs and identity providers , which makes phishing possible.

    15. future work investigate user needs in controlled sharing design user interface evaluate usability investigate an approach for limiting transitive trust preserve the confidentiality of credentials and policies investigate phishing/spam prevention improve performance 15 We are currently implementing a prototype of our approach, and there are many issues remaining to be addressed. First, the trust relationship in RT is transitive, A trusts B, and B trusts C, implies A trusts C, which might not the case in reality. Second, the trust relationships are not necessarily commutative, A trusts B does not mean B trust A. And OpenID protocol relies on redirection between CSPs and identity providers , which makes phishing possible. We are currently implementing a prototype of our approach, and there are many issues remaining to be addressed. First, the trust relationship in RT is transitive, A trusts B, and B trusts C, implies A trusts C, which might not the case in reality. Second, the trust relationships are not necessarily commutative, A trusts B does not mean B trust A. And OpenID protocol relies on redirection between CSPs and identity providers , which makes phishing possible.

    16. San-Tsai Sun <santsais@ece.ubc.ca> 16 If you have any comments or question, please contact me. And the list of publications related to this work are listed below. If you have any comments or question, please contact me. And the list of publications related to this work are listed below.

    17. literature review user content sharing practices federated identity management attribute-based access control systems distributed authorization systems current sharing solutions provided by CSPs 17 To understand those questions, we first reviewed existing literature on user content sharing practices, federated identity management, attribute-based access control systems, distributed authorization systems, and current sharing solutions provided by CSPs To understand those questions, we first reviewed existing literature on user content sharing practices, federated identity management, attribute-based access control systems, distributed authorization systems, and current sharing solutions provided by CSPs

    18. literature review results (1) email is the most commonly used sharing mechanism[Voida 2006, Miller 2007, Whalen 2008] Open ID is an open and user-centric identity solution without pre-trust between CSPs and IdPs 18 First, we found email is the most commonly used sharing mechanism, and OpenID is an open and user centric single-sign-on solution with pre-trust between CSPs and identity providersFirst, we found email is the most commonly used sharing mechanism, and OpenID is an open and user centric single-sign-on solution with pre-trust between CSPs and identity providers

    19. literature review results (2) characteristics of attribute-based access control[Li 2002] distributed authority attribute inference attribute-based delegation attribute with fields RT [Li 2002] policy language supports attribute-based credential and policy concise ( 4 types of policy statements) 19 Next, we found that the requirements of attributed-based access control including distributed authority, for instance, Alice trusts CCA and delegates the scout definition authority to CCA. Attribute inference, for example, Alice defines all CCA scouts as her friends. Attributed-based delegation, for instance, Alice delegates parent definition authority to all scout certified by CCA. And attributes with fields, for instance, Alice defines closed scout friends as scouts in the same group. We also found RT is a policy language that combines the notation of RBAC and trust-management. It supports attribute-based credential and policy. RT is a concise language, all credentials can be expressed in 4 type of statements Next, we found that the requirements of attributed-based access control including distributed authority, for instance, Alice trusts CCA and delegates the scout definition authority to CCA. Attribute inference, for example, Alice defines all CCA scouts as her friends. Attributed-based delegation, for instance, Alice delegates parent definition authority to all scout certified by CCA. And attributes with fields, for instance, Alice defines closed scout friends as scouts in the same group. We also found RT is a policy language that combines the notation of RBAC and trust-management. It supports attribute-based credential and policy. RT is a concise language, all credentials can be expressed in 4 type of statements

    20. secret-link approach supported by Google, Yahoo, Facebook, … a hard-to-guess URL that identifies a shared content usable for Web users Alice does not have control over Jenny’s sharing secret link with others no support for attribute-based sharing TBD: Show flicker secret link … 20 For sharing solutions currently provided by CSPs, we found a sharing mechanism we labelled as secret-link. Secret-link supported by major service providers such as Google, yahoo , and Facebook. It is a hard-to-guess URL that identifies a shared content. Secret-link is usable for content owners, users and CSPs. To share a content, the owner specifies a list of email addresses as the recipients of the link. The CSP then constructs a link and send it to the list of email accounts. To access the shared content, the user clicks on the link on her email box, which in turn, presents the link to CSP. CSP checks the format of link and return the shared content. Secret-link is easy to use. However, the sue of secret-link is not secure. The owner’s privacy will be violated if secret-links are forwarded or exposed. And, it does not support attribute-based sharing For sharing solutions currently provided by CSPs, we found a sharing mechanism we labelled as secret-link. Secret-link supported by major service providers such as Google, yahoo , and Facebook. It is a hard-to-guess URL that identifies a shared content. Secret-link is usable for content owners, users and CSPs. To share a content, the owner specifies a list of email addresses as the recipients of the link. The CSP then constructs a link and send it to the list of email accounts. To access the shared content, the user clicks on the link on her email box, which in turn, presents the link to CSP. CSP checks the format of link and return the shared content. Secret-link is easy to use. However, the sue of secret-link is not secure. The owner’s privacy will be violated if secret-links are forwarded or exposed. And, it does not support attribute-based sharing

More Related