Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte."— Presentation transcript:

1 Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte 1, Anupam Joshi 1, Tim Finin 1 1 2

2 Pranam Kolari – Policy 2005 Outline Web Privacy P3P/APPEL Motivation and Problem Description User Trust Rei Policy Language System Design Privacy Policy Specification Conclusion

3 Pranam Kolari – Policy 2005 Cathy on the Web Source : Cathy Guisewite via Lorrie Cranor

4 Pranam Kolari – Policy 2005 Cathy on the Web Source : Cathy Guisewite via Lorrie Cranor

5 Pranam Kolari – Policy 2005 P3P – The current solution P3P is Platform for Privacy Preferences Protocols and specification languages –P3P Schema for Websites –APPEL Schema for Clients

6 Pranam Kolari – Policy 2005 P3P Sample Policy <POLICY discuri="http://p3pbook.com/privacy.html" name="policy"> <DATA ref="#business.contact-info.online.email">privacy@p3pbook.com <DATA ref="#business.contact-info.online.uri">http://p3pbook.com/ Web Privacy With P3P We keep standard web server logs. Site’s name and contact info Access disclosure Statement Human-readable explanation How data may be used Data recipients Data retention policy Types of data collected Slide Courtesy: Lorrie Cranor

7 Pranam Kolari – Policy 2005 APPEL APPEL is A P3P Preference Exchange Language (W3C working draft in April 2002) … … … Website P3P PolicyAPPEL User Preference

8 Pranam Kolari – Policy 2005 The problem …

9 Pranam Kolari – Policy 2005 Trusting Websites 56% of consumers don’t believe businesses keep promises 63% believe independent verification is important 62% believe existing laws and organizational practices are insufficient Consumer Confidence Trust website policies Distrust website policies Source : (Ernst and Young report 2004)

10 Pranam Kolari – Policy 2005 Existing Mechanisms A4Proxy

11 Pranam Kolari – Policy 2005 P3P/XPref … … Website P3P Policy XPref User Preference <RULE behavior=“request” condition=“/POLICY[ every $pname in STATEMENT/PURPOSE/* satisfies name($panme)=“individual-decision” and every $rname in STATEMENT/RECIPIENT/* satisfies name($rname)= “ours” ]”/> … APPEL User Preference

12 Pranam Kolari – Policy 2005 Low P3P Adoption

13 Pranam Kolari – Policy 2005 Problem Description 1.P3P policies published by websites not trusted by users 2.Low P3P adoption impedes client adoption by users 3.The languages available to describe user privacy preferences are not sufficiently expressive 4.P3P framework does not provide a coherent view of available privacy protection mechanisms to the user

14 Pranam Kolari – Policy 2005 Our approach …

15 Pranam Kolari – Policy 2005 Social Recommendations (1, 2) Note: Superscripts signify problem being addressed

16 Pranam Kolari – Policy 2005 Website Evaluation Ontology (1, 2) Modeling User Perspective of Trust Populating ontology with instance data –BizRate –Services for users to explicitly specify preferences Share using existing social network mechanisms (Ding 2003) www.slashdot.org DiscussionGroup serviceType 9 URI org -- popularity hasP3P hasTextPolicy hasPrivacyCertifier domainSuffix isBasedOutOf hasPolicyEnforcement lawEnforcedBy URI USA Yes US OSDN policySimilarTo owner Website Evaluation Ontology

17 Pranam Kolari – Policy 2005 Rei Policy Language (3)(4) Rei, a policy specification language developed by Lalana Kagal at UMBC (lkagal 2003) Encoded in (1) Prolog, (2) OWL Models deontic concepts of permissions, prohibitions, obligations and dispensations Uses meta policies for conflict resolution Uses speech acts for dynamic policy modification We used it as a policy specification language –RDF specification capability (matches that of P3P) –Dynamic Policies as future extension to our work Part content Courtesy: Lalana Kagal

18 Pranam Kolari – Policy 2005 Rei Policy Language (3)(4) Policy Granting Entity DeonticObject Constraint Action Boolean Simple DomainAction SpeechAct grants to deontic requirement context actor, target action precondition, effect

19 Pranam Kolari – Policy 2005 Rei Policy Modeling (1)(2)(3)(4) Two actors –Website –Web browser Multiple context –P3P RDF published by websites –User Context –Trust Recommendations Multiple actions with priorities –Right, Prohibition, Obligation* *(not enforced)

20 Pranam Kolari – Policy 2005 System Design (1)(2)(3)(4) # FOAF, Golbeck, Li ideas of Trust Trusted Agent Network # FOAF Website Recommender Network Ontologies, Trust rules Personal agents Web Server Clients publish publish (optionally) XSLT Transformer JRC Privacy Proxy * Rei Engine Privacy Expert Rei Privacy Policy (RDF based, enhancements over APPEL) P3P Policy Key Points 1.Web Sites optionally publish P3P policies 2.Clients specify privacy preferences using a policy language - Rei 3.Privacy Expert is the privacy enhancement enabler by binding together entities of the system 4.Rei Engine evaluates policies of users against website attributes 5.Website Recommender Network propagates and builds a model of websites based on reputation 6.FOAF – Enables the creation of the website recommender network 1 2 3 4 5 6

21 Pranam Kolari – Policy 2005 Example Policy [1] - Template.. Current policy allows access to a website … … Policy Rule Rule Actor Policy Constraint Rule Desc. Rule Action

22 Pranam Kolari – Policy 2005 Example Policy [1] - Constraints <constraint:SimpleConstraint rdf:about=“&wwwpolicy;domainOfServiceConstraint” constraint:subject =“&wwwpolicy;var1” constraint:predicate=“&wwwpolicy;domainOfServiceConstraint” constraint:object=“&weo;travel” /> <constraint:SimpleConstraint rdf:about=“&wwwpolicy;trustedDomainGOVconstraint” constraint:subject =“&wwwpolicy;var1” constraint:predicate=“&weo;domainSuffix” constraint:object=“&weo;gov” /> … Policy Constraint

23 Pranam Kolari – Policy 2005 Example Policy [2] - Obligation <policy:Policy rdf:about="&wwwpolicy;obligationexample" … ….. … … Obligation Right

24 Pranam Kolari – Policy 2005 Example Policy [3] - Priority … … Default Explicit Rules

25 Pranam Kolari – Policy 2005 Closing Remarks Evaluation of trust based recommender systems Web browser adopting enhanced framework –E-mail clients with FOAF based spam filtering –Policy Engines –User Context Manager Ontologies from the Semantic Web –Development of common shared ontologies for user trust and context – FOAF, SOUPA

26 Pranam Kolari – Policy 2005 Conclusion The utility of an existing policy language in a highly complex policy engineering domain Policy engineering and enforcement in Web Privacy offers many challenges –Enforcing Obligations –Engineering Delegation Logic using Speech Acts and subsequent enforcement

27 Pranam Kolari – Policy 2005 Questions ?? Paper and Presentation Available at: http://ebiquity.umbc.edu/v2.1/paper/html/id/213/

Download ppt "Pranam Kolari – Policy 2005 Enhancing Web Privacy Protection Through Declarative Policies Pranam Kolari 1 Li Ding 1, Lalana Kagal 2, Shashi Ganjugunte."

Similar presentations

ROWLBAC – Representing Role Based Access Control in OWL

ROWLBAC – Representing Role Based Access Control in OWL
1 Long term changes to P3P Long Term Future of P3P Workshop Giles Hogben Joint Research Centre European Commission.

1 Long term changes to P3P Long Term Future of P3P Workshop Giles Hogben Joint Research Centre European Commission.
TU/e technische universiteit eindhoven Hera: Development of Semantic Web Information Systems Geert-Jan Houben Peter Barna Flavius Frasincar Richard Vdovjak.

TU/e technische universiteit eindhoven Hera: Development of Semantic Web Information Systems Geert-Jan Houben Peter Barna Flavius Frasincar Richard Vdovjak.
Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
Semantic Web Thanks to folks at LAIT lab Sources include :

Semantic Web Thanks to folks at LAIT lab Sources include :
XML Technology in E-Commerce

XML Technology in E-Commerce
CS570 Artificial Intelligence Semantic Web & Ontology 2

CS570 Artificial Intelligence Semantic Web & Ontology 2
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.

Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research

Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.

The Platform for Privacy Preferences Project (P3P) Lorrie Faith Cranor AT&T Labs-Research P3P Interest Group Co-Chair October 1998.
Policy Description & Enforcement Languages Anis Yousefi

Policy Description & Enforcement Languages Anis Yousefi
The Web of data with meaning... By Michael Griffiths.

The Web of data with meaning... By Michael Griffiths.
OASIS Reference Model for Service Oriented Architecture 1.0

OASIS Reference Model for Service Oriented Architecture 1.0
Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.

Enterprise Privacy Promises and Enforcement Adam Barth John C. Mitchell.
W3C Finland Seminar: Semantic Web & Web Services© Kimmo RaatikainenMay 6, 2003 XML in Wireless World Kimmo Raatikainen University of Helsinki, Department.

W3C Finland Seminar: Semantic Web & Web Services© Kimmo RaatikainenMay 6, 2003 XML in Wireless World Kimmo Raatikainen University of Helsinki, Department.
P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.

P3P: Platform for Privacy Preferences Charlin Lu Sensitive Information in a Wired World November 11, 2003.
Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.

Implementing P3P Using Database Technology Rakesh Agrawal Jerry Kiernan Ramakrishnan Srikant Yirong Xu Presented by Yajie Zhu 03/24/2005.
ReQuest (Validating Semantic Searches) Norman Piedade de Noronha 16 th July, 2004.

ReQuest (Validating Semantic Searches) Norman Piedade de Noronha 16 th July, 2004.
BTW Information Annotation By Rudd Stevens, Jason Endo.

BTW Information Annotation By Rudd Stevens, Jason Endo.
PROMPT: Algorithm and Tool for Automated Ontology Merging and Alignment Natalya F. Noy and Mark A. Musen.

PROMPT: Algorithm and Tool for Automated Ontology Merging and Alignment Natalya F. Noy and Mark A. Musen.

Similar presentations

Ads by Google