Upload
jess
View
52
Download
7
Tags:
Embed Size (px)
DESCRIPTION
HTTPA (Accountable Hyper Text Transfer Protocol) PhD Proposal Talk. Oshani Seneviratne DIG, MIT CSAIL May 31, 2011. Problems Addressed. Personal Information on the Web. Increasing amounts of personal information on the Social Web Often times there are unforeseen adverse consequences - PowerPoint PPT Presentation
Citation preview
HTTPA (Accountable Hyper Text Transfer Protocol)
PhD Proposal Talk
Oshani SeneviratneDIG, MIT CSAILMay 31, 2011
Problems Addressed
Personal Information on the Web
• Increasing amounts of personal information on the Social Web
• Often times there are unforeseen adverse consequences
• Users become victims of poor design choices: E.g. Facebook Beacon, Google Buzz, etc
Reuse of Creative Works
• Reuse is good, but unauthorized content use is bad
• How can you prove that someone has violated your usage restrictions?
User Behavior Tracking Across Websites
Proposed Solution
Web Ecosystem that supports Accountability
• Build an accountable protocol and applications that use it
• Evaluate the adoption and the usability of the protocol
• Provide a framework for information accountability within the context of Web Science research
Protocol Components
Authentication
• Access Control – Identifying the data consumer before serving data
• Tracking and Auditing – Association of data with the entity that accessed/used them
• Side Effect – HTTPA may not support anonymous access unless the data consumer uses the Provenance Tracker to hide her identity
• Use WebID for authentication
Usage Restriction Specification
• Initial Implementation of the protocol will use the RMP (Respect My Privacy) ontology
• May also use the PPO (Privacy Preference Ontology)
• Usage Restriction needs terms such as:
– No cookies– No ownership transfer– No commercial use
– No depiction– No employment use– No insurance use
Negotiation of Usage Restrictions and Intentions / Handshake
• Uses HTTP headers ‘usage-restrictions’ and ‘intentions’
• Use ‘negotiate’ when the original usage restrictions and intentions do not match
Motivating Scenarios for the Handshake
Data Uploaded to Websites
• Specify usage restrictions on data that belongs to the user.– Creative works– Personal data
• Negotiate usage restrictions on the data uploaded to sites– Sites may have a terms that are not what the user
wanted
Data Uploaded to Websites (I)
POST pictureUsage Restrictions: No Ownership Transfer
HTTPA 412 Precondition FailedIntentions: Ownership Transfer
POST picture
Data Uploaded to Websites (II)
POST pictureUsage Restrictions: No Ownership Transfer
HTTPA 412 Precondition FailedIntentions: Ownership Transfer
POST pictureNegotiate: No Ownership Transfer
HTTPA 204 No Content
Data Downloaded from Websites
• Usage restrictions are sent along with the data• Smart clients help the user with proper (re)-
usage
Data Downloaded from WebsitesHEAD Alice’s PhotoIntentions: No-Commercial
Usage Restrictions: No Ownership Transfer
GET Alice’s PhotoIntentions: No-Commercial, No Ownership Transfer
HTTPA 200 OKUsage Aware Log: Log URI
Do Not Track
• Users can accept cookies or reject them when dealing with certain websites
• Usage restrictions are applied to the data collected on users and NOT on the data transferred from the website
Do Not Track: Accepting Cookies (I)
HEAD /index.html
HTTPA 200 OKCookie1, Cookie2,…
GET /index.htmlIntentions: No-Commercial, No-Employment
HTTPA 200 OKCookie1, Cookie2,…Data Content
GET /index.htmlCookie1, Cookie2,…
Do Not Track: Accepting Cookies (II)
HEAD /index.htmlUsage Restrictions: No-Cookies
HTTPA 412 Precondition FailedIntentions: Cookies?
GET /index.htmlIntentions: No-Commercial, No-Employment
HTTPA 200 OKCookie1, Cookie2,…Data Content
GET /index.htmlCookie1, Cookie2,…
Do Not Track: Not Accepting Cookies (I)
HEAD /index.html
HTTPA 200 OKCookie1, Cookie2,…
GET /index.htmlNegotiate: No-cookies, No-Commercial, No-Employment
HTTPA 200 OKData Content
Do Not Track: Not Accepting Cookies (II)
HEAD /index.htmlIntentions: No-Cookies
HTTPA 200 OKData Content
Protocol Components Contd.
Provenance Trackers
• Trusted intermediary– Determination of trust:• Based on hierarchy• Other means of trust to be
investigated
• Stores the accountability logs• Mechanism of communication within the
Provenance Tracker Network TBD
Logging
• Accountability Logs– Available at the Provenance Trackers– Contains the details of the HTTPA transaction– Encrypted– Can only be read by protocol components
• Usage Aware Logs– Available at the Smart Client– Guides the Smart Client on reuse
• Data Provenance Logs– Available at the Smart Client– Keeps track of the subsequent modifications
Accountability Checking
• User can ‘complain’ about violations via the smart client
• Smart client requests for a provenance trail from the provenance tracker network
• Provenance Trackers communicate with each other and provides a proof with:– URIs of subsequent derivatives– Usage restrictions attached at each
reuse/modification/transmission– Identity of the violator
Related Work
Project DReaM
• DRM everywhere/available• Plans on providing an interoperable DRM
architecture• Interface allows to assert fair use• Has an identity management focus
Timeline
Expected Contributions
• Development of a protocol that will change the way users access and use data on the web
• Evaluation of user behavior with smart clients that help them – improve decision making when disclosing private data– reuse content properly– find out who may have violated their usage restrictions
• Recommendations for future accountability research
Questions?