A Privacy Preference Manager for the Social Semantic Web

Copyright 2011 Digital Enterprise Research Institute. All rights reserved.

Digital Enterprise Research Institute www.deri.ie

Enabling Networked Knowledge

A Privacy Preference Manager for the Social

Semantic WebOwen Sacco and Alexandre Passant

[email protected] 2011 – Bonn, Germany Monday 24th October 2011



Introduction

Increase in shared personal information on the Social Web raised awareness about privacy



Introduction

Recent Study1 shows:

Privacy became a concern in Social Networks (SN) when private news was publicly shared

SNs provided third party with user’s information

Most users are aware of privacy settings and have set them at least since 2009

1Danah Boyd and Eszter Hargittai. Facebook privacy settings. Who cares? First Monday. August 2010.



Current Limitations

Social Web applications provide system default privacy settings



Use Case

A FOAF based Social Network

Users feel more confident to publish their information

Users would be in full control– Which specific information can be shared and to whom

Granting access based on interest and not only to friends in contact lists

– Eg: Provide my phone number only to DERI colleagues without being in a friend or group list called DERI

Protecting a FOAF based Social Network



PPO Overview

A light weight vocabulary for defining fine-grained privacy preferences for RDF data

A privacy preference contains: Which resource, statement or graph must be restricted A condition that must be satisfied The access control privilege (defined using WAC) A SPARQL query that tests whether a user requesting

information matches a graph pattern



PPO Overview

ppo:PrivacyPreference

ppo:hasLiteral

rdfs:Literal

rdfs:Resource

ppo:appliesToResource

rdf:Statement trix:Graph

ppo:AccessSpaceppo:hasAccessSpace

ppo:appliesToStatement ppo:appliesToNamedGraph

ppo:hasAccessQuery

ppo:Condition

rdf:Property

ppo:hasPropertyppo:classAsObjectppo:classAsSubjectppo:resourceAsObject

acl:Access

ppo:hasAccess

ppo:resourceAsSubject

ppo:hasCondition

Restrictions Conditions Access Test Queries Access Control Privileges

rdfs:Resource rdfs:Resource rdfs:Class rdfs:Class

rdfs:Literal

This rdfs:Literal represents a SPARQL query as a String.



Example: Provide my phone number only to DERI colleagues

PPO Overview

PREFIX ppo: <http://vocab.deri.ie/ppo#> .PREFIX ex: <http://example.org/> .

ex:pp1 a ppo:PrivacyPreference;

ppo:hasCondition [ ppo:hasProperty foaf:phone ];

ppo:hasAccess acl:Read;

ppo:hasAccessSpace [ ppo:hasAccessQuery "ASK {?x foaf:workplaceHomepage <http://www.deri.ie>}"].



PPO Formal Model

Definition 1: Restrictions Resource

– Identified by its own URI

∀St(AssignAccess(U,A) ∧ (Subject(U,St) ∨ Predicate(U,St) ∨ Object(U,St)) ⇒

AssignAccess(St,A))

Statement– Consists of <subject, predicate, object>

∀St((AssignAccess(S,A) ∧ AssignAccess(P,A) ∧ AssignAccess(O,A)) ∧ (Subject(S,St) ∧

Predicate(P,St) ∧ Object(O,St)) ⇒ AssignAccess(St,A))



PPO Formal Model

Named Graph– A name denoted by a URI– A set of statements mapped to this name

∀St(AssignAccess(NG,A) ∧ RDFGraph(St,NG) ⇒ AssignAccess(St,A))



PPO Formal Model

Definition 2: Conditions Resource As Subject

– A resource’s URI identified as a statement’s Subject

∀St(AssignAccess(U,A) ∧ Subject(U,St) ⇒ AssignAccess(St,A))

Resource As Object– A resource’s URI identified as a statement’s Object

∀St(AssignAccess(U,A) ∧ Object(U,St) ⇒ AssignAccess(St,A))



PPO Formal Model

Class As Subject– An instance of a class defined as a statement’s Subject

∀St(AssignAccess(C,A) ∧ RDFType(U,C) ∧ Subject(U,St) ⇒ AssignAccess(St,A))

Class As Object– An instance of a class defined as a statement’s Object

∀St(AssignAccess(C,A) ∧ RDFType(U,C) ∧ Object(U,St) ⇒ AssignAccess(St,A))



PPO Formal Model

Definition 3: Access Control Privilege An access control privilege defines the read and/or write

privilege

AccessControl = {read,write}

Definition 4: Access Space Contains an access query that checks if a requester

satisfies specific attributes

AccessSpace = {accessquery1, ..., accessqueryn}



PPO Formal Model

Definition 5: A Privacy Preference The set of all: Restrictions, Conditions, AccessControl

and AccessSpace

PrivacyPreference ⊆ Restrictions ∪ Conditions ∪ AccessControl ∪ AccessSpace



PPO Formal Model

Definition 6: Applying Privacy Preferences A requester requests personal information This request is matched to the correct privacy

preference– i.e. the restrictions

∀P((Statement(St,P) ∨ Resource(R,P) ∨ NamedGraph(NG,P)) ⇒ ApplyPrivacyPreference(P))

A mapping is done between the restricted statements (RS) and the condition statements (CS)

M : RestrictedStatements(RS) → ConditionStatements(CS)



PPO Formal Model

If M = false THEN ¬ApplyPrivacyPreference(P)

If ApplyPrivacyPreference(P), AccessSpace(Q) is executed on the requester’s information

If AccessSpace(Q) = true THEN AccessControl(A) is granted to the requester



MyPrivacyManager provides two main tasks: A user creates his/her privacy preferences A requester logs in to the other user’s

MyPrivacyManager which in turn will view a faceted profile

– filtered based on the privacy preferences

MyPrivacyManager

User BRequester

MyPrivacy ManagerPrivate FOAF Profile

Privacy Preferences

User A

WebID



MyPrivacyManager

WebID Authenticato

r

RDF Data Retriever & Parser

Privacy Preferences

Enforcer

Privacy Preferences

Creator

User Interface

Privacy Preferences

WebID Authentication Service

foafssl.org

User

SSL Certificate Confirmation

ConfirmationSSL Certificate

PrivacyPreferences

Created Privacy

Preferences

FOAF URI

Request RDF DATA

FOAF

Logs In

Created Privacy

Preferences

Social Semantic Data

MyPrivacyManager

Privacy Preferences

Created Privacy

Preferences



MyPrivacyManager

FOAF

Attributes which a

requester must satisfy

(AccessQuery)



MyPrivacyManager

PREFIX ppo: <http://vocab.deri.ie/ppo#> . PREFIX ex: <http://vmuss13.deri.ie/> .

ex:preference1 a ppo:PrivacyPreference;foaf:maker <http://foaf.me/ppm_usera#me>; dc:title "Restricting access to my personal information”;dc:created "2011-06-01T13:32:59+02:00”;

ppo:appliesToStatement :Statement1; :Statement1

rdf:subject <http://vmuss13.deri.ie/foafprofiles/terraces#me>;rdf:predicate <http://xmlns.com/foaf/0.1/name>;rdf:object "Alexandre Passant”;

ppo:appliesToStatement :Statement2; :Statement2

rdf:subject <http://vmuss13.deri.ie/foafprofiles/terraces#me>;rdf:predicate <http://xmlns.com/foaf/0.1/nick>;rdf:object "terraces”;

ppo:assignAccess acl:Read;

ppo:hasAccessSpace [ppo:hasAccessQuery "ASK { ?x foaf:workplaceHomepage <http://www.deri.ie>

}"].

Provenance Information

Restrictions

Access Control PrivilegeAccess Space



MyPrivacyManager

WebID Authenticato

r

RDF Data Retriever & Parser

Privacy Preferences

Enforcer

Privacy Preferences

Creator

User Interface

Privacy Preferences

WebID Authentication Service

foafssl.org

User B

SSL Certificate Confirmation

ConfirmationSSL Certificate

Request

Request RDF DATA

Logs In

Filtered FOAF Profile

User B

MyPrivacyManager

User A

Query

PrivacyPreference

Filtered FOAF Data

Query RDF Data

User A

AccessQuery Result

Request RDF DATA

FOAF Profiles

(Requester)



Future Work

Extending PPO: Conjunctive and disjunctive properties for Conditions Specify the type of environment, i.e. closed or open

environment Cater for more fuzziness in privacy preferences

– Example: Allow access to my party invite to all those that live (have coordinates) around Galway

Extending MyPrivacyManager: Grouping of interests under categories Assert trustworthiness of source and requester’s data



Links

PPO Namespace URI: http://vocab.deri.ie/ppo#

Screencasts Creating Privacy Preferences: http://bit.ly/p0N1Vi Viewing Filtered FOAF Profiles: http://bit.ly/qiAdxT

http://vocab.deri.ie/ppo

http://bit.ly/p0N1Vi

http://bit.ly/qiAdxT

A Privacy Preference Manager for the Social Semantic Web

Education

Transcript of A Privacy Preference Manager for the Social Semantic Web