Secure Web 2.0 Content Sharing Beyond Walled...
Transcript of Secure Web 2.0 Content Sharing Beyond Walled...
![Page 1: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/1.jpg)
University of British Columbia
Secure Web 2.0 Content Sharing Beyond Walled Gardens
San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov
Department of Electrical and Computer Engineering
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)
![Page 2: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/2.jpg)
outline
• overview
• approach
• implementation
• conclusion
2
![Page 3: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/3.jpg)
Web 2.0: user-centric Web
3
Dec. 2006
source: http://www.time.com/time/covers/0,16641,20061225,00.html
“Web 2.0 is a very different thing. It's a tool for bringing together the small contributions of millions of people and making them matter.”
Lev Grossman, "Time's Person of the Year: You," in
Time Magazine. Wednesday, Dec. 13, 2006.
![Page 4: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/4.jpg)
walled garden problem
4
lack of usable mechanisms for secure Web 2.0 user content sharing across
content and service providers (CSPs)
![Page 5: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/5.jpg)
content sharing scenario
5
CCA scouts only
Canadian Coast Adventures (CCA)Girl Scouts
AliceJenny
Picasa Web
![Page 6: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/6.jpg)
sharing content with unknown user
6Slide Share
ACSAC 2009 Attendees
![Page 7: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/7.jpg)
research goal
enable users to share content with unknown Web users
work beyond walled gardens
7
Web-based content sharing mechanism
investigate the applicability of existing access-control systems when apply them to realize
user-centric policy in the Web
![Page 8: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/8.jpg)
challenges
• usability - usable for average Web users
8
• interoperability– work across CSPs boundaries
– work under current walled garden restrictions
“ designing hard to use security is easydesigning easy to use security is hard”
Eric Sachs (product manager for Google security and internal systems),
"Redirects to login pages are bad, or are they?"
in SOUPS 2009 Keynote speaker, Mountain View, CA, USA. July 15-17, 2009.
![Page 9: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/9.jpg)
usability
• user-centric
– use the same identity and access policy across CSPs
• sharing experiences should be similar to users’ existing file/content practices
• only use browser, no special software installed or crypto operations performed by user
9
![Page 10: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/10.jpg)
interoperability
• build upon open standards and protocols
• for CSPs
– provide additional content sharing channel
– not required to change their existing access-control mechanism
10
![Page 11: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/11.jpg)
existing secret-link approach
11
AlicePicasa Web
Jenny
http://picasaweb.google.com/Alice?authkey=Gv1sRgCOzuv
usable for Web users
easy to implement by CSPs
Alice does not have control over Jenny’s sharing of secret link with others
Alice has to know Jenny’s email
secret-link
secret-link
![Page 12: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/12.jpg)
content sharing user studies
• email is the most commonly used sharing mechanism [2,3,4,5]
• users tend to treat socially-defined classes of individuals the same when sharing [1,2,3]
12
[1] J. S. Olson, J. Grudin, and E. Horvitz, “A study of preferences for sharing and privacy,” in CHI ’05 extended abstracts on
Human factors in computing systems (CHI ’05). New York, NY, USA: ACM, 2005, pp. 1985–1988.
[2] S. Voida, W. K. Edwards, M. W. Newman, R. E. Grinter, and N. Ducheneaut, “Share and share alike: exploring the user
interface affordances of file sharing,” in Proceedings of the SIGCHI conference on Human Factors in computing systems
CHI ’06:. New York, NY, USA: ACM, 2006, pp. 221–230.14
[3] T. Whalen, “Supporting file sharing through improved awareness,” Ph.D. Dissertation, Dalhousie University, Canada,
2008. [Online]. Available: http://www.proquest.com/
[4] N. A. Van House, “Flickr and public image-sharing: distant closeness and photo exhibition,” in CHI ’07: Ext. Abstracts on
Human factors in computing systems. NY, NY, USA: ACM, 2007, pp. 2717–2722.
[5] A. D. Miller and W. K. Edwards, “Give and take: A study of consumer photo-sharing culture and practice,” in
Proceedings of the CHI 2007, San Jose, California, USA, April 28 –May 3 2007, pp. 347–356.
![Page 13: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/13.jpg)
outline
• overview
• approach
• implementation
• conclusion
13
![Page 14: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/14.jpg)
ideas
14
secret-link
user-centric policy provider
user-centric identity provider
![Page 15: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/15.jpg)
approach
15
enables users to use their email to login CSPs
extends contact-lists to enable trust-
based access control
OpenIDemail provider
OpenID email to OpenID policy service
OpenPolicy provider
contact
friend family
parent relative
colleague
gmail.com/alice
N. Li, J. C. Mitchell, and W. H. Winsborough, “Design of a role-based trust-management framework,” in
SP :’02 Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002.
RT policy language
![Page 16: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/16.jpg)
policy serviceAlicePolicy.com
sharing scenario
16
CCA
AlicePicasa Web
[email protected] [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
secret-link
credentials for
CCA.scout
policy serviceCCAPolicy.com
![Page 17: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/17.jpg)
policy serviceGooglePolicy.com
access scenario
17
Picasa [email protected]
CCACCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
OpenIDemail
AOL
policy serviceYahooPolicy.com
secret-link
![Page 18: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/18.jpg)
more complex sharing scenario
18
CCA scouts and their parents only
Canadian Coast Adventures (CCA)Girl Scouts
MaryAlice Jenny
Picasa Web
Alice’s scout friends in Picasa Web
[email protected] [email protected]
CCA.scout [email protected]
![Page 19: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/19.jpg)
outline
• overview
• approach
• implementation
• conclusion
19
![Page 21: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/21.jpg)
21
RT type 1 credential statements
![Page 22: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/22.jpg)
22
![Page 23: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/23.jpg)
23
RT type 2 credential statements
![Page 24: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/24.jpg)
24
RT type 3 credential statements
![Page 25: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/25.jpg)
25
RT type 4 credential statements
![Page 26: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/26.jpg)
26
![Page 27: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/27.jpg)
27
![Page 28: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/28.jpg)
28
Facebook Photo Sharing Application
secret-link
![Page 29: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/29.jpg)
29
![Page 30: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/30.jpg)
30
![Page 31: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/31.jpg)
31
![Page 32: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/32.jpg)
32
![Page 33: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/33.jpg)
conclusion
34
Web-based content sharing mechanism
OpenIDEmail Secret-Link
![Page 34: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/34.jpg)
conclusion
• our solution is user-centric
– Web users use the same identity and access policy across CSPs, and they are free to choose them
• only use browser, sharing experiences are similar to users’ existing file/content practices
– email, secret-link
• CSPs are not required to change their existing access-control mechanism
– integrate their secret-link mechanism with OpenPolicy and OpenIDemail provider
35
![Page 35: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/35.jpg)
extend OpenID
• OpenID relies on redirection during authentication
– vulnerable to phishing attacks
• build OpenID support into browser
– function without redirection
36
San-Tsai Sun and Konstantin Beznosov. “Poster: OpenIDemail Enabled Browser,” in ACSAC 2009
poster session, Honolulu, Hawaii, USA . Dec. 9th 2009.
San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. “Web Single Sign-On with OpenIDemail
Enabled Browser”. Under review.
![Page 36: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/36.jpg)
enhance trust-management
• detect who is abusing the trust of others
– Jenny could allow her friend Bob to view CCA’s photos
• control the depth of transitive trust
– A trusts B B trusts C A trusts C
37
![Page 37: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/37.jpg)
usability evaluation
• heuristic evaluation
• cognitive walk-through
• lab experiment
38
![Page 38: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/38.jpg)
questions?
san-tsai sun <[email protected]>
39
University of British Columbia
Secure Web 2.0 Content Sharing Beyond Walled Gardens
Department of Electrical and Computer Engineering
Laboratory for Education and Research in Secure Systems Engineering (LERSSE)
![Page 39: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/39.jpg)
sharing scenario 1
44Alice
Picasa Web
[email protected] [email protected]
secret-link,
policy serviceYourPolicy.com
![Page 40: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/40.jpg)
access scenario 1
45
Picasa [email protected]
[email protected],[email protected]
Betty
secret-link
OpenIDemail
AOL
yes/no
policy serviceYourPolicy.com
![Page 41: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/41.jpg)
policy import scenario
CCA
OpenIDemail
Yahoo
CCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
OpenIDpolicy
MyPolicy
contact
friend family
parent relative
colleague
yahoo.com/CCA
![Page 42: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/42.jpg)
construct policy scenario
47
Alice
[email protected] [email protected]
OpenIDemail
gmail
OpenIDpolicy
YourPolicy
gmail.com/Alice
yahoo.com/CCA
OpenIDemail
Yahoo
mapping
gmail.com/Alice.scout yahoo.com/CCA.scout
![Page 43: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/43.jpg)
sharing scenario (detail)
48
CCA
AlicePicasa Web
[email protected] [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
gmail.com/Alice.scout
gmail.com/Alice.scout
secret-link,
gmail.com/Alice.scout
policy serviceMyPolicy
policy serviceYourPolicy
OpenIDemail
gmail
gmail.com/AliceyourPolicy
OpenIDemail
Yahoocredentials
CCA.scout
aol.com/jenny
...
![Page 44: Secure Web 2.0 Content Sharing Beyond Walled Gardenslersse-dl.ece.ubc.ca/record/215/files/215.pdfUniversity of British Columbia Secure Web 2.0 Content Sharing Beyond Walled Gardens](https://reader033.fdocuments.us/reader033/viewer/2022060805/6089fe62449f8f38a44a2716/html5/thumbnails/44.jpg)
access scenario
49
Picasa Web
[email protected] [email protected]
CCACCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
aol.com/Jenny,gmail.com/Alice.scout
credentials
Jenny
secret-link
OpenIDemail
AOL
yes/no
OpenIDemail
Gmail.com
policy serviceMyPolicy
policy serviceYourPolicy
aol.com/Jenny
gmail.com/Alice.scout
gmail.com/Alice
yourPolicy