Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Slides:

Advertisements

Similar presentations

Web Services Architecture An interoperability architecture for the World Wide Service Network.

Advertisements

Increasing public concern about loss of privacy Broad availability of information stored and exchanged in electronic format Concerns about genetic information.

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

Introduction to the State-Level Mitigation 20/20 TM Software for Management of State-Level Hazard Mitigation Planning and Programming A software program.

Using Digital Credentials On The World-Wide Web M. Winslett.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

Web Service Architecture Part I- Overview and Models (based on W3C Working Group Note Frank.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Service Broker Lesson 11. Skills Matrix Service Broker Service Broker, provides a solution to common problems with message delivery and consistency that.

Database Administration Chapter 16. Need for Databases  Data is used by different people, in different departments, for different reasons  Interpretation.

Pay As You Go – Associating Costs with Jini Leases By: Peer Hasselmeyer and Markus Schumacher Presented By: Nathan Balon.

Privacy By Design Sample Use Case Privacy Controls Insurance Application- Vehicle Data.

July 25, 2005 PEP Workshop, UM A Single Sign-On Identity Management System Without a Trusted Third Party Brian Richardson and Jim Greer ARIES Lab.

InterSwyft Technology presentation. Introduction InterSwyft brings secured encrypted transmission of SMS messages for internal and external devices such.

Usable Security – CS 6204 – Fall, 2009 – Dennis Kafura – Virginia Tech Privacy Preferences Edgardo Vega Usable Security – CS 6204 – Fall, 2009 – Dennis.

Managing Client Access

Module 4 Managing Client Access. Module Overview Configuring the Client Access Server Role Configuring Client Access Services for Outlook Clients Configuring.

Cardea Requirements, Authorization Model, Standards and Approach Globus World Security Workshop January 23, 2004 Rebekah Lepro Metz

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Using the Internet to Conduct Research What Investigators and IRB Members Should Know -- January 29, Lisa Shickle, MS Analyst, VCU Massey Cancer.

P3P A New Standard in Online Privacy Overview and Demos from Summer 2000.

Identity Management Report By Jean Carreon and Marlon Gonzales.

Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.

Shib-Grid Integrated Authorization (Shintau) George Inman (University of Kent) TF-EMC2 Meeting Prague, 5 th September 2007.

Protecting Internet Communications: Encryption  Encryption: Process of transforming plain text or data into cipher text that cannot be read by anyone.

1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.

Session ID: Session Classification: Dr. Michael Willett OASIS and WillettWorks DSP-R35A General Interest OASIS Privacy Management Reference Model (PMRM)

Web Services based e-Commerce System Sandy Liu Jodrey School of Computer Science Acadia University July, 2002.

RELATIONAL FAULT TOLERANT INTERFACE TO HETEROGENEOUS DISTRIBUTED DATABASES Prof. Osama Abulnaja Afraa Khalifah

An Approach To Automate a Process of Detecting Unauthorised Accesses M. Chmielewski, A. Gowdiak, N. Meyer, T. Ostwald, M. Stroiński

A Flexible Access Control Model for Web Services Elisa Bertino CERIAS and CS Department, Purdue University Joint work with Anna C. Squicciarini – University.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Meng Yan. Introduction In fact, your online actions may be monitored by unauthorized parties logged and preserved for future access years later.

Privacy Engineering for Digital Rights Management Systems By XiaoYu Chen.

1 CS 502: Computing Methods for Digital Libraries Lecture 19 Interoperability Z39.50.

Access Control for Federation of Emulab-based Network Testbeds Ted Faber, John Wroclawski 28 July 2008

SOA-39: Securing Your SOA Francois Martel Principal Solution Engineer Mitigating Security Risks of a De-coupled Infrastructure.

What’s MPEG-21 ? (a short summary of available papers by OCCAMM)

Introduction to Semantic Web Service Architecture ► The vision of the Semantic Web ► Ontologies as the basic building block ► Semantic Web Service Architecture.

Database Administration

Security Patterns for Web Services 02/03/05 Nelly A. Delessy.

Providing web services to mobile users: The architecture design of an m-service portal Minder Chen - Dongsong Zhang - Lina Zhou Presented by: Juan M. Cubillos.

Introduction to Web Services Presented by Sarath Chandra Dorbala.

Functioning as a Business Associate Under HIPAA William F. Tulloch Director, PCBA March 9, 2004.

Csci5233 Computer Security1 Bishop: Chapter 14 Representing Identity.

CMPE 494 Service-Oriented Architectures and Web Services Platform for Privacy Preferences Project (P3P) İDRİS YILDIZ

SMARTIE Area of Activity: Framework Programme 7Framework Programme 7 ICT Objective 1.4 IoT (Smart Cities) Period:1 st September st August 2016.

A Semi-Automated Digital Preservation System based on Semantic Web Services Jane Hunter Sharmin Choudhury DSTC PTY LTD, Brisbane, Australia Slides by Ananta.

The Web Web Design. 3.2 The Web Focus on Reading Main Ideas A URL is an address that identifies a specific Web page. Web browsers have varying capabilities.

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

S/MIME T ANANDHAN.

Change Control Module P5 LEARNING OBJECTIVES: LEARNING OUTCOMES

THE DEVELOPMENT SERVICE

Scalable Policy-awarE Linked Data arChitecture for prIvacy, trAnsparency and compLiance H2020-ICT Big Data PPP: privacy-preserving Big Data technologies.

CapEx Authorization Portal

THREE TIER MOBILE COMPUTING ARCHITECTURE

Dashboard eHealth services: actual mockup

Metadata The metadata contains

AAA: A Survey and a Policy- Based Architecture and Framework

Chinese wall model in the internet Environment

WEB SERVICES From Chapter 19, Distributed Systems

Chapter 4 Network Management Standards and Models

Chapter 4 Network Management Standards and Models

Ponder policy toolkit Jovana Balkoski, Rashid Mijumbi

The Platform for Privacy Preferences Project

Presentation transcript:

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project

Selected Pages For Presentation This presentation is based on the First 9 pages of the paper and the conclusion at the end of the paper. Section 3.2 “Realization of Some Pseudonym Properties” On page 9 th page is not included.

Outline Introduction Identity Management System Criteria For Identity Management System Functionality Of P3P P3P and Criteria For Identity Management System Conclusion Questions

Introduction Identity Management is what we do in a normal conversation. We consider the role and relationship and identify our selves accordingly. Different names or pseudonyms can be used. This preserves the real identity of a individual. Anonymous Communication Networks like the internet require an Identity Management System. This Paper proposes a scheme for an Identity Management System based on P3P.

Identity Management System A mechanism for managing, disclosing and negotiating personal data, To give users the choice between anonymity, pseudonymity and optional self identification. Prior to P3P other Identity Management Systems have been proposed, however non have been implemented. But now the requirements of an underlying anonymous network and appropriate infrastructure become more and more available.

Criteria For Identity Management System Privacy Protection Baseline Anonymous communication network Trustworthy user device Independent experts to validate data security level. Security of data in communication with other parties User has restricted access to identity manager.

Criteria For Identity Management System Empowering the user Convenient user interface to manage identity and control privacy facilities like grant of consent or removal of consent. Storage of personal data under user control Negotiation tool for disclosure of information. Negotiation tool for other aspects like security configuration. Support from privacy protection authorities, e.g. help with configuration

Criteria For Identity Management System Representation of pseudonyms/roles/identity cards with different properties through cryptographic means (blind signatures…) Based on standardized protocols and open data structures. Possibility for easy monitoring Compliance with legal framework

Functionality of P3P P3P is a standard for exchange of personal data. It Enables web sites to express their privacy practices in a standard format that can be retrieved automatically and interpreted easily by user agents. P3P user agents can inform users of the websites practices and automate decision making based on these practices.

P3P At Work Service Bob Request Web Page Determine Action Based On Policy Return Reference To Policy Bob’s agent requests a web page from a Service. Bob’s agent fetches the policy, evaluates it and depending on the preferences that have been set by Bob determines the action it should take: e.g. request, limit or block the required transfer. The Service provider responds by sending a reference to a P3P policy in the header of its HTTP response. The policy consists of one or more statements about the services privacy practices

P3P Policy Expressed as XML <DATA ref=“# user.home-info.telecom.telephone” optional=“yes”/>

Other Features Of P3P P3P provides a flexible and powerful mechanism to extend its syntax and semantics using the “ ” element. P3P allows the optional use of a Persona. Persona is a unique identifier for a set of data elements values. It Allows for the representation of pseudonyms

P3P and Criteria For Identity Management System Privacy protection baseline P3P can only act as a module in larger context, thus it does not realize the full privacy protection itself, but may be integrated. Empowering the user Negotiation is not Addressed in this version of P3P however future releases will add to this facility.

P3P and Criteria For Identity Management System Representation of pseudonyms is addressed by the persona concept. An Open standard protocol that coacts with other commonly used standards (like HTTP, XML) Allows for Online monitoring and comparison of privacy policies, but cannot guarantee companies follow them. Complies With Legal Frame Work

Conclusion P3P essentially provides the means for contract making between two parties where one agrees to provide information and the other agrees to process this information only within the negotiation limits. To make P3P function, a legal framework is required to make these contracts legally binding and internationally enforceable.

Questions How are pseudonyms supported in P3P? Is it necessary for contracts between User agents and the Service’s to be legally binding? Why?