The slides of the talk I've given at the IoT London meetup about the THRIDI project. More information on the THRIDI project can be found here: https://www.brunel.ac.uk/research/Projects/Project?id=853f2a38-b594-4494-9e13-e102afa272a1&language=en-GB
2. 2
About Me
• Work on networks and systems
• Recently more interested in data protection
– IETF (ACE) and Kantara (UMA) Working
Groups
• Even more recently, in multi-disciplinary
work
3. Standardisation Working Groups: Secure IoT
based on Web Authorisation
OAuth 2.0 is a popular web
authorization standard, which allows
users to grant limited access to their
resources on one site to another site,
without exposing their credentials.
Has distinct roles
• Resource owner: “user”
• Authorization server: The interface
where authorization is obtained
• Client: Application trying to get access to
user information
• Resource server: Hosts user information
Access permissions to a resource are
time-bound, scoped, compact tokens
Resource
owner
(User Agent)
Resource
server
Authorization
server
Client
Delegates Obtains token
Uses token
Access permissions are captured in tokens
4. Who configures these
systems?
Standards don’t answer
• Are end-users resource owners?
• How do they configure authorization servers
with privacy policies?
• How do different people sharing a device
manage privacy?
• How can we support them create data
sharing policies on-demand?
4
7. HDI Framework:
Legibility, Agency and Negotiability
Legibility: helping people understand
what is happening to data about them
Agency: to change relevant
systems to be in better accord
with their wishes
Negotiability: work with the people using
the data to improve its processing.
8. 1. We are all very different
Systems need to learn and adapt to different user behaviour and expectations
Participants
HS
1
HS
2
HS
3
HS
4
SA
1
SA
2
SA
3
SA
4
SH
1
SH
2
SH
3
ST
1
ST
2
ST
3
ST
4
Bathroom
9 10 8 9 10 10 10 9 10 5 10 10 9 10 10
Bedroom
10 9 9 8 8 8 6 10 9 6 9 9 10 9 9
Wallet
7 8 10 6 9 9 9 7 3 7 8 8 3 8 8
Living
room 8 3 7 7 5 7 5 8 8 2 6 7 8 7 7
Window 3 6 5 4 7 6 8 4 7 9 4 2 7 6 5
Padlock 4 5 3 10 3 4 4 6 5 8 7 4 4 3 6
Door 6 7 4 5 4 5 3 3 4 10 3 3 6 4 4
Wall 5 1 6 3 6 2 7 5 6 4 5 5 5 5 1
Café 2 4 2 2 2 3 2 2 2 1 2 1 2 2 3
Public
square 1 2 1 1 1 1 1 1 1 1 1 6 1 1 2
9. 2. We need different
perspectives to solve
problems
• “[Maybe if ] we can just see the
different perspectives, then maybe
we can just overcome lots of
things.”
• “You should always minimise
data collection. All problems start
when you start to collect data. So,
the least footprints you have the
better in technology”
• “the footprints are temporary
because, at the end of the day, the
environment will eliminate them.”
10. 3. More questions than answers
requiring inter-disciplinary
research
• Smart Toys: What should be the
default privacy settings like
when user preferences may
vary?
• Smart Security: How better to
incorporate transparency and
accountability so these devices
are not used for malicious
purposes such as domestic
abuse?
• Smart Health: How to avoid
information overload to users,
especially when sharing health
data to avoid unnecessary
stress?
• Smart Appliances: How can we
make data flows more legible?