Using XACML for access control in Social Networks

Similar documents
How MPEG Query Format enables advanced multimedia functionalities

Implementing Mobile Applications with the MIPAMS Content Management Platform

A MPEG-Based Architecture for Generic Distributed Multimedia Scenarios

Use of Mobile Agents for IPR Management and Negotiation

IPR Issues (2/2) Standardisation initiatives around Digital Rights Management. IPR Issues. Multimedia content. Representation: Metadata

I. INTRODUCTION. T H Theepigaa. A Bhuvaneswari

SPLIT INTERFACES (SPIN) Jordi Domingo-Pascual Universitat Politècnica de Catalunya BarcelonaTECH (UPC) VFCS17. ISCTE. Lisboa.

Paper Id: IJRDTM USABILITY AND ACCESSIBILITY ANALYSIS AND EVALUATION OF E-TOURISM SECTOR IN BANGLADESH

Extended Identity for Social Networks

Information mining and information retrieval : methods and applications

Designing a System Engineering Environment in a structured way

EFFICIENT INTEGRATION OF SEMANTIC TECHNOLOGIES FOR PROFESSIONAL IMAGE ANNOTATION AND SEARCH

VISO: A Shared, Formal Knowledge Base as a Foundation for Semi-automatic InfoVis Systems

Part I: Future Internet Foundations: Architectural Issues

For many years, the creation and dissemination

Definition and Uses of the i* Metamodel 1

Signal Processing: Image Communication

How do people tag pictures? A study with Facebook application

Flaws in Some Self-Healing Key Distribution Schemes with Revocation

User Control Mechanisms for Privacy Protection Should Go Hand in Hand with Privacy-Consequence Information: The Case of Smartphone Apps

Evaluating the suitability of Web 2.0 technologies for online atlas access interfaces

The MPEG Query Format, a New Standard For Querying Digital Content. Usage in Scholarly Literature Search and Retrieval

XETA: extensible metadata System

1) The Definition of Personal Data, the Legal Basis of Data Processing, the Concepts of Data Controller and Data Processor

Presented by: David Martin (SRI)

PROJECTION MODELING SIMPLIFICATION MARKER EXTRACTION DECISION. Image #k Partition #k

A Scenario for Business Benefit from Public Data

DC Proposal: Knowledge Based Access Control Policy Specification and Enforcement

I. INTRODUCTION CLOUD COMPUTING BLOCKS. ISSN: Page 25

Dominique Carrega, Emmanuel Fournier, Hervé Muyal (Tecsi).

SYDNEY FESTIVAL PRIVACY POLICY

Standards for Query Formalization in Mobile Visual Search

Proceedings Energy-Related Data Integration Using Semantic Data Models for Energy Efficient Retrofitting Projects

GENERAL PRIVACY POLICY

SPECS Project Secure Provisioning of Cloud Services based on SLA Management. SPECS Overview

CONTEXT-SENSITIVE VISUAL RESOURCE BROWSER

Specification of Access Control and Certification Policies for Semantic Web Services

Improving Adaptive Hypermedia by Adding Semantics

Global estandards and Web Architectures for egovernment projects José M. Alonso,

Privacy Policy Personal identification information Non-personal identification information Web browser cookies

European Transport Policy: ITS in action ITS Action Plan Directive 2010/40/EU

WaSABi 2014: Breakout Brainstorming Session Summary

Ecological Waste Management Ltd Privacy Policy

An Object-Oriented HLA Simulation Study

Mapping between Digital Identity Ontologies through SISM

FOSTERING THE WAY OF SAINT JAMES THROUGH PERSONALIZED AND GEOLOCATED TV CHANNELS

Identity management is a growing Web trend with. A SWIFT Take COVER FEATURE. Virtual identities and identifiers

Internet of Things: The story so far

Privacy & Cookie Statement

Strong Authentication for Web Services using Smartcards

IMPROVING DATA SECURITY USING ATTRIBUTE BASED BROADCAST ENCRYPTION IN CLOUD COMPUTING

Ontology Extraction from Heterogeneous Documents

Finding Similarity and Comparability from Merged Hetero Data of the Semantic Web by Using Graph Pattern Matching

Using Workflow-based Systems for e-services Provision

An Infrastructure for MultiMedia Metadata Management

The Go4IT project. Toward a TTCN-3 open environment for IPv6 protocols testing. Project identity card

Ambiguity Handling in Mobile-capable Social Networks

US 2013 Consumer Data Privacy Study Mobile Edition

AOS Aftersales Online System

National Identity Exchange Federation. Terminology Reference. Version 1.0

An Architecture for TV Content Distributed Search and Retrieval Using the MPEG Query Format (MPQF)

New Generation Open Content Delivery Networks

Information Retrieval System Based on Context-aware in Internet of Things. Ma Junhong 1, a *

13303/17 CB/ek 1 DGE 2B

Predicates for Boolean web service policy languages Anne H. Anderson Sun Microsystems Laboratories Burlington, MA

W3C Workshop on the Future of Social Networking, January 2009, Barcelona

Detecting Structural Refactoring Conflicts Using Critical Pair Analysis

Plus500UK Limited. Website and Platform Privacy Policy

Porting Social Media Contributions with SIOC

Accreditation Process. Trusted Digital Identity Framework February 2018, version 1.0

Energy Data Innovation Network GA N

A Study of Future Internet Applications based on Semantic Web Technology Configuration Model

The ResiStand Project

Semantic-Driven Multimedia Retrieval with the MPEG Query Format

VdTÜV Statement on the Communication from the EU Commission A Digital Single Market Strategy for Europe

Semantic Web: vision and reality

Overview of Web Mining Techniques and its Application towards Web

ANALYSIS OF SaaS MULTI-TENANT DATABASE IN A CLOUD ENVIRONMENT

TripAdvisor RTONZ Workshop

IST 1 st Call project eperspace Towards the era of personal services at home and everywhere

Managing the lifecycle of XACML delegation policies in federated environments

Semantic Annotation of Stock Photography for CBIR using MPEG-7 standards

Evaluation and Design Issues of Nordic DC Metadata Creation Tool

Introduction. The website. E-newsletter. Use of cookies

In Accountable IoT We Trust

Trusted Profile Identification and Validation Model

Please note: Only the original curriculum in Danish language has legal validity in matters of discrepancy. CURRICULUM

HOW TO SECURE YOUR INSTAGRAM ACCOUNT.

This is the published version of a paper presented at Workshop on Innovative Mobile Applications of Context (IMAC) at MobileHCI 2006, Espoo, Finland.

Provenance Information in the Web of Data

Offering Access to Personalized Interactive Video

OpenChain Specification Version 1.2 pc6 (DRAFT) [With Edit Markups Turned Off]

Applying the Semantic Web Layers to Access Control

a Programme supported by the European Commission Service for Foreign Policy Instruments (FPI)

Content Interoperability Strategy

Web Mining Evolution & Comparative Study with Data Mining

ABLE MAIL: INCLUSIVE . EVALUATED AND REVIEWED BY PEOPLE WITH INTELLECTUAL DISABILITIES

IPv6 Task Force - Phase II. Welcome

Global Wildlife Cybercrime Action Plan1

Which Role for an Ontology of Uncertainty?

Transcription:

Using XACML for access control in Social Networks Anna Carreras, Eva Rodríguez, Jaime Delgado Distributed Multimedia Applications Group (DMAG) Universitat Politècnica de Catalunya (UPC) Jordi Girona 1-3, E-08034 Barcelona, Spain {annac, evar, jaime.delgado}@ac.upc.edu Abstract. Social Networks, as the main axis of Web 2.0, are creating a number of interesting challenges to the research and standardisation communities. In this paper, we analyse the current and future use of access control policies in Social Networks. Subsequently, two main issues are addressed: the interoperability among systems using different policy languages and the lack of elements in the existing policy languages when trying to express Social Networks access control. In particular, our approach is based on the use of the XACML standard. Keywords: Privacy, social networks, information sharing, access control policies, XACML. 1 Introduction In the last few years, social networks have been actually the Internet phenomenon, and the main axis of the so-called Web 2.0, while creating a number of new interesting challenges to the research community. Online social networks are communities in the Internet, usually around one website, which connect users voluntarily sharing information. In this context, mainly due to the growing amount of (personal) data being shared nowadays through internet, users concern about privacy has risen. In our previous works, we have analyzed current privacy policies of the most relevant social networks, and identified the different elements of Digital Rights Management systems that could be used in this application scenario [1]. Furthermore, two different implementations of those policies, one based on the MPEG-21 Rights Expression Language (REL) [2] and the other one based on the extensible Access Control Markup Language (XACML) [3], have been presented and analyzed [4]. Finally, in line with the previous research activities, a possible architecture for the interoperability of rights expression languages based on XACML has been designed [5]. Furthermore, other relevant work in the protection of contextual information in context-aware content adaptation systems has been developed within the Visnet II NoE project [6]. In this line, the effects on user privacy have been analyzed, and a possible privacy model for Social Networks application scenario has been presented in [7].

From all this work, we have identified two important issues that still need to be fully solved by the standardization and research communities. First, the existing standardized access control policy languages (i.e. XACML) are missing some elements when trying to express Social Networks current and future privacy policies. And second, the interoperability between different policy languages still needs to be solved. Thus, in the next section, we will first, go into details of the aforementioned open issues, and then, in Section 3, we will present our initial approach to solve them, as well as some preliminary work done in this direction. Finally, Section 4 will conclude the paper. 2 Open issues on access control policies languages for Social Networks As introduced in Section 1, Social Networks present new interesting challenges when trying to address the protection and/or governance of the shared data. In few words, they have created a highly dynamic environment in which users have a producer-consumer role and their actions are based on the idea of trust. Furthermore, new types of resources need to be protected (such as relationships or events ), and a high degree of expressiveness is demanded by users in order to define their own access control (privacy) preferences. Policy expressions mainly depend on the context of the access (apart from the nature of the resource that needs to be protected, and the user s characteristics). Although XACML has been proved to be flexible enough to describe any type of access control policy, there is not yet a common standard format to describe this Social Network s context, and thus, there is a clear lack of interoperability at a semantic level. Furthermore, this lack of semantic interoperability, apart from being an issue to be solved at an application-specific level, should be also addressed in a more generic way when thinking, for example, about the cloud computing concept. Different applications and services using different access control policy languages need to be interoperable. But this time, the incompatibility is not between different Social Networks but between a number of heterogeneous services/applications, and thus the interoperability between the different access control policies languages may be even harder to achieve. Users voluntarily share information, but not only content, also actions and personal information. In addition, service providers are collecting even more information on users behaviour. However, not only this voluntarily provided shared information must be protected. There is an increasing amount of third parties which have seen a business opportunity in Social Networks, and are offering all kind of applications to these communities of users. It is important that users had means to decide the access control policies applying to friends, but also to these third parties. The implementation of an access control model based on a symmetric level of trust would be recommendable, for example, including the possibility of negotiating policies.

3 Our approach and preliminary work 3.1 Interoperability with sticky policies based on XACML The concept of sticky policies was already introduced in [8] as a requirement in Web 2.0, referring to the access policies associated to the data. We agree on the fact that using sticky policies would be suitable in Social Networks application scenario, but apart from being a mean of enforcing the protection of personal data, we have tried to show how they may contribute to achieve the desired interoperability amongst systems. We propose a possible architecture based on XACML which allows (Social Networks ) users to control the access to their content without the need of giving it to the Social Network Provider and through the use of sticky policies. Furthermore, the use of some translators (detailed in [5]) guarantees the interoperability between RELs without losing information. The proposed architecture is shown is Fig. 1. Fig.1 Proposed architecture for access control in Social Networks application scenario A user would be able to publish an external resource link in her user profile in order to share some of her pictures stored in an External System (external from the Social Network, for example, it could be her private server) with some access control. Then, when another user would check that link, he/she would be redirected to the external system. The later would extract the necessary context from the Social Network and process the request. Finally, if the object license is not in the XACML language, the RELs translators would generate the appropriate policy and the result will be past to the XACML system. This module is in charge of authorising the access, and is also detailed in [5]. If the authorisation were positive, the system would access the content, and would show it to the user. If not, it would just show the user a message telling him that he/she has no rights to do that. 3.2 Negotiating the access control using XACML As outlined in Section 2, it would be very interesting (in the Social Networks application scenario) to give the opportunity to users and service providers of negotiating the access control policies. This is mainly due to the dynamicity of the

application scenario being addressed in this paper, and in order to give the maximum control to users over the protection of their contents. For this purpose, a message expressing an offer instead of imposing a policy may be required. XACML, as well as RELs, can be used to express offers in which users of a system may propose to other users of the system usage rules for their content according to the rights and conditions that they negotiate. MPEG-21 REL [2] defines the obtain right for this purpose, which can be conceptualised as an advertisement to share or sale the associated grant. Within this grant, the rights and conditions initially stated by the offer maker will be defined. Then, in XACML, a similar mechanism can be used to provide this capability. 3.3 Semantic interoperability Our last approach tries to address the lack of semantic interoperability identified when using XACML. In our opinion, there is a clear need of a common ontology expressing the semantics of all the elements contained in access control policies. Of course, this is not a trivial task, and requires a lot of work and time. Our idea, is to initiate it at a specific application level (i.e. Social Networks) combining the use of current existing ontologies, such as the Delivery Context Ontology [9], FOAF [10], etc. Nevertheless, from our study on the topic done so far [4], we could conclude that these existing ontologies are not enough to guarantee the desired semantic interoperability for access control, and thus, some necessary extension should also be made. The last step would be, then, to try to apply our initial ontology in other application scenarios, probably by integrating the existing ontologies of different domains in order to verify its usability and extensibility. But we insist that this is an ambitious project that we have just initiated and will take some time to give relevant results. 4 Conclusions In this paper, some novel issues on the access control in Social Networks application scenario have been analysed. In particular, two main issues have been addressed. On the one hand, the interoperability among Social Networks which are using different policy languages and, on the other hand, the lack of elements of the current existing standards trying to express access control policies in Social Networks. In our approach, we have shown how the desired (syntactic) interoperability could be achieved by using sticky policies and REL (Rights Expression Languages) translators in a distributed access control architecture based on XACML. Furthermore, we have presented how XACML could be used in the negotiation of access control policies. And, finally, we have highlighted the initial steps we are taking in order to achieve the necessary semantic interoperability among systems using different policy languages.

5 Acknowledgments This work has been partially supported by the Spanish government (MCM-LC project, TEC 2008-06692-C02-01). 6. References 1. E. Rodríguez, V. Rodríguez, A. Carreras, J.Delgado, A Digital Rights Management approach to privacy in online social networks, in Proc. of the 1 st Workshop on Privacy and Protection in Web-based Social Networks (within ICAIL '09), Barcelona, Spain, June 2009. IDT Series, vol. 3, ISSN 2013-5017. 2. International Standards Organisation. Information technology Multimedia Framework (MPEG-21) Part 5: Rights Expression Language. ISO/IEC 21000-5:2004. 3. T. Moses (Ed.): extensible Access Control Markup Language (XACML) Version 2.0, Feb. 2005 http://docs.oasis-open.org/xacml/2.0/access control- xacml-2.0-core-spec-os.pdf 4. V. Rodríguez, A.Carreras, E. Rodríguez, J. Delgado, Applications to improve privacy on online social networks, in Proc. of the First Workshop on Law and Web 2.0, Antoni Roig (ed.), September 2009. 5. X. Maroñas, E. Rodríguez, J. Delgado, An architecture for the interoperability between rights expression languages based on XACML, in Proc. of the 5 th International ODRL Workshop (within Virtual Goods 09), Nancy, France, September 2009, ISBN: 978-2- 905267-69-6. 6. IST-1-038398 - Networked Audiovisual Media Technologies - VISNET II, Deliverable D2.1.4: Final set of contributions on context-based content adaptation. April 2009. 7. A. Carreras, J. Delgado, E. Rodríguez, R. Tous, The Impact of Contextual Information on User Privacy in Social Networks, in Proc. of the 1 st Workshop on Privacy and Protection in Web-based Social Networks (within ICAIL '09), Barcelona, Spain, June 2009. IDT Series, vol. 3, ISSN 2013-5017. 8. C. E. Gates, Access control requirements for Web 2.0 security and privacy, Position paper accepted to the Workshop on Web 2.0 Security and Privacy (W2SP) 2007, Oakland, CA, USA, May 2007. 9. Delivery Context Ontology (DCO). W3C Working Draft 16 June 2009 (See http://www.w3.org/tr/2009/wd-dcontology-20090616/.) 10. The Friend of a Friend (FOAF) Project (See http://www.foaf-project.org/.)

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback