Download presentation
Presentation is loading. Please wait.
1
The Technology of Privacy Walter Hoehn wassa@memphis.edu
2
Privacy Imperatives Legal FERPA State/local laws and ordinances Ethical It’s what the users expect Security Personal data can be used to compromise local systems
3
Privacy Anti-Patterns Identifiable Security Credentials Unnecessary information release Unnecessary session persistence Identity triangulation Data correlation among resource providers Trolling Opacity to user
4
Shibboleth Privacy Aims Passwords should only be transmitted to authenticating institutions Authentication context should be anonymous Access should be possible with minimal attribute information Users should be able to manage release of their personal data
5
Application Requirements Entitlement Pseudonymous Persistence Affiliations/Membership Identity
6
Attribute Release Policies Control which attributes are released by the Attribute Authority Access controls are fine-grained and support release of specific values Policies are applied to a specific service provider or set of service providers Combination of metadata and SSL client authentication is used to tie policy to requests Control which attributes are released by the Attribute Authority Access controls are fine-grained and support release of specific values Policies are applied to a specific service provider or set of service providers Combination of metadata and SSL client authentication is used to tie policy to requests
7
ARP Structure Multiple policies can apply to a user System, User, Community, etc. Each policy contains one or more rules Each rule contains a target specification Each rule contains one or more attribute release specifications Multiple policies can apply to a user System, User, Community, etc. Each policy contains one or more rules Each rule contains a target specification Each rule contains one or more attribute release specifications
8
Example ARP urn:x-exampleServiceProvider member urn:x-exampleServiceProvider member
9
ARP Rule Selection Default Rule Always included in effective ARPs derived from the enclosing ARP Default Rule Always included in effective ARPs derived from the enclosing ARP
10
ARP Rule Selection Selection by requester Standard urn:x- exampleServiceProvider Match Function ^urn:x-.*$ Selection by requester Standard urn:x- exampleServiceProvider Match Function ^urn:x-.*$
11
Example ARP (Redux) urn:x-exampleServiceProvider member urn:x-exampleServiceProvider member
12
Value Release Releasing any value Implicit deny Precedence (deny, permit, implicit deny) Releasing any value Implicit deny Precedence (deny, permit, implicit deny)
13
Value Release Releasing a specific value member@example.edu Match functions ^.*@example.edu$ Releasing a specific value member@example.edu Match functions ^.*@example.edu$
14
Value Release Combining attribute specifications Combining attribute specifications
15
Value Release Precedence in action faculty@example.edu Precedence in action faculty@example.edu
16
Combining Rules urn:x-exampleServiceProvider wassa@example.edu urn:x-exampleServiceProvider wassa@example.edu
17
Processing Model Identify all applicable ARPs Create an effective ARP Include all default rules Include all matching rules Determine which attribute/value pairs will be released (compile a list of values with “permit” qualifier & subtract values with “deny” qualifiers) Identify all applicable ARPs Create an effective ARP Include all default rules Include all matching rules Determine which attribute/value pairs will be released (compile a list of values with “permit” qualifier & subtract values with “deny” qualifiers)
18
ARP Management Present Site & user level ARPs Managed manually by system administrators with text editors Near Future Site, group, and user level ARPs Managed by system and library administrators with web- based GUI utility Down the road Several management interfaces, including those for the end user
19
The Technology of Privacy Walter Hoehn wassa@memphis.edu
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.