Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Technology of Privacy Walter Hoehn

Published byCharity Chapman Modified over 9 years ago

Similar presentations

Presentation on theme: "The Technology of Privacy Walter Hoehn"— Presentation transcript:

1 The Technology of Privacy Walter Hoehn wassa@memphis.edu

2 Privacy Imperatives Legal FERPA State/local laws and ordinances Ethical It’s what the users expect Security Personal data can be used to compromise local systems

3 Privacy Anti-Patterns Identifiable Security Credentials Unnecessary information release Unnecessary session persistence Identity triangulation Data correlation among resource providers Trolling Opacity to user

4 Shibboleth Privacy Aims Passwords should only be transmitted to authenticating institutions Authentication context should be anonymous Access should be possible with minimal attribute information Users should be able to manage release of their personal data

5 Application Requirements Entitlement Pseudonymous Persistence Affiliations/Membership Identity

6 Attribute Release Policies Control which attributes are released by the Attribute Authority Access controls are fine-grained and support release of specific values Policies are applied to a specific service provider or set of service providers Combination of metadata and SSL client authentication is used to tie policy to requests Control which attributes are released by the Attribute Authority Access controls are fine-grained and support release of specific values Policies are applied to a specific service provider or set of service providers Combination of metadata and SSL client authentication is used to tie policy to requests

7 ARP Structure Multiple policies can apply to a user System, User, Community, etc. Each policy contains one or more rules Each rule contains a target specification Each rule contains one or more attribute release specifications Multiple policies can apply to a user System, User, Community, etc. Each policy contains one or more rules Each rule contains a target specification Each rule contains one or more attribute release specifications

8 Example ARP urn:x-exampleServiceProvider member urn:x-exampleServiceProvider member

9 ARP Rule Selection Default Rule Always included in effective ARPs derived from the enclosing ARP Default Rule Always included in effective ARPs derived from the enclosing ARP

10 ARP Rule Selection Selection by requester Standard urn:x- exampleServiceProvider Match Function ^urn:x-.*$ Selection by requester Standard urn:x- exampleServiceProvider Match Function ^urn:x-.*$

11 Example ARP (Redux) urn:x-exampleServiceProvider member urn:x-exampleServiceProvider member

12 Value Release Releasing any value Implicit deny Precedence (deny, permit, implicit deny) Releasing any value Implicit deny Precedence (deny, permit, implicit deny)

13 Value Release Releasing a specific value member@example.edu Match functions ^.*@example.edu$ Releasing a specific value member@example.edu Match functions ^.*@example.edu$

14 Value Release Combining attribute specifications Combining attribute specifications

15 Value Release Precedence in action faculty@example.edu Precedence in action faculty@example.edu

16 Combining Rules urn:x-exampleServiceProvider wassa@example.edu urn:x-exampleServiceProvider wassa@example.edu

17 Processing Model Identify all applicable ARPs Create an effective ARP Include all default rules Include all matching rules Determine which attribute/value pairs will be released (compile a list of values with “permit” qualifier & subtract values with “deny” qualifiers) Identify all applicable ARPs Create an effective ARP Include all default rules Include all matching rules Determine which attribute/value pairs will be released (compile a list of values with “permit” qualifier & subtract values with “deny” qualifiers)

18 ARP Management Present Site & user level ARPs Managed manually by system administrators with text editors Near Future Site, group, and user level ARPs Managed by system and library administrators with web- based GUI utility Down the road Several management interfaces, including those for the end user

19 The Technology of Privacy Walter Hoehn wassa@memphis.edu

Download ppt "The Technology of Privacy Walter Hoehn"

Similar presentations

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.

Defining the Security Domain Marilu Goodyear John H. Louis University of Kansas.
Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.

Forms Authentication, Users, Roles, Membership Ventsislav Popov Crossroad Ltd.
User Authentication for Enterprise Applications November 16, 2005 Tom Board, NUIT.

User Authentication for Enterprise Applications November 16, 2005 Tom Board, NUIT.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.

PKI 2: Protezione del traffico Web tramite SSL Fabrizio Grossi.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
Open Linking and the OpenURL Standard Eric F. Van de Velde, Ph.D. Chair, NISO Committee AX Director of Library Information Technology California Institute.

Open Linking and the OpenURL Standard Eric F. Van de Velde, Ph.D. Chair, NISO Committee AX Director of Library Information Technology California Institute.
C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.

C MU U sable P rivacy and S ecurity Laboratory 1 Privacy Policy, Law and Technology Identity October 9, 2008.
Introduction To Windows NT ® Server And Internet Information Server.

Introduction To Windows NT ® Server And Internet Information Server.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.

ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Web App Access Control Design

Web App Access Control Design
June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.

June 30, 2004CAMP Shibboleth Implementation Workshop Shibboleth Mockup - ARP GUI Management by Steven Carmody Brown University proxy Walter Hoehn.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department

Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.

Credential Provider Operational Practices Statement CAMP Shibboleth June 29, 2004 David Wasley.
Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.

Shibboleth: New Functionality in Version 1 Steve Carmody July 9, 2003 Steve Carmody July 9, 2003.
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Madrid. Oct 8, 2004IADIS International Conference WWW/Internet 2004 1 Access Management in Federated Digital Libraries Kailash Bhoopalam Kurt Maly Mohammed.

Madrid. Oct 8, 2004IADIS International Conference WWW/Internet Access Management in Federated Digital Libraries Kailash Bhoopalam Kurt Maly Mohammed.

Similar presentations

Ads by Google