1. How to Publish Privately
October 20, 2014 @ Riva Del Garda, Italy
Presented at Privacy Online Workshop (PrivOn’2014)
Collocated with the 13th International Semantic Web Conference (ISWC’2014)
GECAD – Knowledge Engineering and Decision Support
Research Group (Polytechnic Institute of Porto – Portugal)
http://www.gecad.isep.ipp.pt
Nuno Bettencourt
http://paginas.isep.ipp.pt/nmb
nmb@isep.ipp.pt
2. Outline
• Background and Overview
• Objectives
• Proposal
• Test bed
• Related Work
• Conclusions
• Future Work
October 20, 2014 @ Riva Del Garda, Italy 1
3. Outline
• Background and Overview
• Objectives
• Proposal
• Test bed
• Related Work
• Conclusions
• Future Work
October 20, 2014 @ Riva Del Garda, Italy 2
4. Background & Overview (i)
• Web domains
• Social Networks
• User Identities
• Accountability
• Architecture Overview
October 20, 2014 @ Riva Del Garda, Italy 3
5. upload
Background & Overview (ii)
watch
write/read
WebID Authentication and Authorisation
download
FOAF Profile: http://foafserver.com/profiles/johndoe.rdf#me
like
October 20, 2014 @ Riva Del Garda, Italy 4
6. Background & Overview (iii)
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
Application Server
rules
Information
resources
Enforcement
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
HTTP
Client
photo.png
ownerOf
Resource
Author
October 20, 2014 @ Riva Del Garda, Italy 5
7. Background & Overview (iii)
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
Application Server
rules
Information
resources
Enforcement
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
HTTP
Client
photo.png
ownerOf
Resource
Author
October 20, 2014 @ Riva Del Garda, Italy 5
8. Background & Overview (iii)
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
Application Server
rules
Information
resources
Enforcement
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
HTTP
Client
photo.png
ownerOf
Resource
Author
October 20, 2014 @ Riva Del Garda, Italy 5
9. Background & Overview (iii)
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
Application Server
rules
Information
resources
Enforcement
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
HTTP
Client
photo.png
ownerOf
Resource
Author
October 20, 2014 @ Riva Del Garda, Italy 5
10. Background & Overview (iii)
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
Application Server
rules
Information
resources
Enforcement
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
HTTP
Client
photo.png
ownerOf
Resource
Author
October 20, 2014 @ Riva Del Garda, Italy 5
11. Background & Overview (iii)
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
Application Server
rules
Information
resources
Enforcement
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
HTTP
Client
photo.png
ownerOf
Resource
Author
October 20, 2014 @ Riva Del Garda, Italy
5
12. Background & Overview (iii)
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
Application Server
rules
Information
resources
Enforcement
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
HTTP
Client
photo.png
ownerOf
Resource
Author
October 20, 2014 @ Riva Del Garda, Italy
5
13. Background & Overview (iii)
Application Server
Enforcement
HTTP
Client
photo.png
ownerOf
October 20, 2014 @ Riva Del Garda, Italy
5
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
rules
Information
resources
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
Resource
Author
14. Outline
• Background and Overview
• Objectives
• Proposal
• Test bed
• Related Work
• Conclusions
• Future Work
October 20, 2014 @ Riva Del Garda, Italy 6
15. Objectives (i)
• Store a resource in a single place
• Share a resource for multiple web domains
• Definition of access policies in a single place
• A single access policy management system
not only for public resources
• Corollary
– User unique identity
– A hyperlinked Web again…
October 20, 2014 @ Riva Del Garda, Italy 7
16. Objectives (ii)
• Based on
– FOAF Profiles
– WebID Authentication + Authorization
– Provenance Ontologies
– Semantic Rules
• Triggers
– User’s uploading of resources
– User’s sharing of resources
– ….
October 20, 2014 @ Riva Del Garda, Italy 8
17. Outline
• Background and Overview
• Objectives
• Proposal
• Test bed
• Related Work
• Conclusions
• Future Work
October 20, 2014 @ Riva Del Garda, Italy 9
18. Proposal
Access to
Resource
Decision
Web Server
Get Resource
Get Resource’s
Author Data
Administration
Application Server
rules
Information
resources
Enforcement
Get
Access
Policies
Access
Policies
Get extra Data
Get Resources (WebId)
Get User’s Social Network (WebId)
Manage Access
Control Policies
Ask for Access
HTTP
Client
photo.png
ownerOf
Resource
Author
October 20, 2014 @ Riva Del Garda, Italy 10
19. Distributed Resource Broker
Web Server
PEP
Upload
Sensor
Authentication
Module
Authorisation
Module
Distributed
Resource Broker
Web
Application 1
Web
Application 2
Web
<uses>
<uses>
Application n <uses>
October 20, 2014 @ Riva Del Garda, Italy 11
20. Upload Workflow
Applicational Web Server
PEP
Web
Application
PIP
Photo Hosting Server
Photo Web Application
ownerOf
photo.png
PEP
photo.png
FOAF
Profiles
3. Upload
Server URI
4. Resource
Upload
2. Retrieve Resource
Upload Domain
5. Resource
URI
User 6. Link to Resource URI
Distributed Resource Broker
1. Resource
Upload
Resource
October 20, 2014 @ Riva Del Garda, Italy 12
21. User_A User_B User_C
raw provenance info
Web Server 1
Resource_A
Policy Enforcement Point
....
Preferred Upload
Server
Upload
Server
Web
Server 1
Web
Server 2
Web
Server 3
....
FOAF + SSL
uploads
Resource_A
isFriendOf isFriendOf
Resource
Repository
Authentication &
Authorisation Module
has read access to Resource A
Preferred Upload Server
Resource_A
User_A
uploads
Resource_B
uploads
Resource_A1
Web
Server n
Distributed Resource
Broker
action
friendship level
Publishing
WebServer
Policy Information Point
Provenance
Generator
structured provenance info
message exchange
graphed information
Publisher
Web Application 1
Publishing
Server
Legend
Publishing
Agent
Metadata
Genarator
isOwnerOf
October 20, 2014 @ Riva Del Garda, Italy 13
22. Outline
• Background and Overview
• Objectives
• Proposal
• Test bed
• Related Work
• Conclusions
• Future Work
October 20, 2014 @ Riva Del Garda, Italy 14
23. Management
System
foafserver.*
• WebID
Authentication
• Authorisation
• Identity Provider
• Resource Hosting
• Social Relationships
• Access Policy
Management
Test bed (i)
Wordpress
Instance A
wordpress.foafserver.*
Wordpress
Instance B
test.foafserver.*
• WebID
Authentication
+Authorisation
• Distributed
Resource
Broker
isFriendOf isFriendOf
• WebID
Authentication
• Authorisation
• Distributed
Resource
Broker
User A User B User C
October 20, 2014 @ Riva Del Garda, Italy 15
24. Test bed (ii)
• http://foafserver.dei.isep.ipp.pt
• http://wordpress.foafserver.dei.isep.ipp.pt/
• http://test.foafserver.dei.isep.ipp.pt/
October 20, 2014 @ Riva Del Garda, Italy 16
25. Outline
• Background and Overview
• Objectives
• Proposal
• Test bed
• Related Work
• Conclusions
• Future Work
October 20, 2014 @ Riva Del Garda, Italy 17
26. Related Work
• Priv.ly
– Client side approach
• Client Browser
dependent
– Slow adoption
• Depends solely on
users
– Focus only on text
data
• Presented Approach
– Server side approach
• Apache web server
dependent
– Quick adoption
• Depends on web
domain owners
– Focus on indivisible
resources
October 20, 2014 @ Riva Del Garda, Italy 18
27. Outline
• Background and Overview
• Objectives
• Proposal
• Test bed
• Related Work
• Conclusions
• Future Work
October 20, 2014 @ Riva Del Garda, Italy 19
28. Conclusions
• Publish resources privately
– Cross-domain perspective
– Manage access policies independently of each web
domain
• Resources can be located anywhere
• Different renderings of the same web page,
according to each user access permissions
• Keeps every resource trustworthy
October 20, 2014 @ Riva Del Garda, Italy 20
29. Outline
• Background and Overview
• Objectives
• Proposal
• Test bed
• Related Work
• Conclusions
• Future Work
October 20, 2014 @ Riva Del Garda, Italy 21
30. Future Work
• Address parts of resources
• Public-key encryption per resource, per
identity
• Blacklisting resources or certain user
resources
October 20, 2014 @ Riva Del Garda, Italy 22
31. ?
GECAD – Knowledge Engineering and Decision Support
Research Group (Polytechnic Institute of Porto – Portugal)
http://www.gecad.isep.ipp.pt
Nuno Bettencourt
http://paginas.isep.ipp.pt/nmb
nmb@isep.ipp.pt