Towards Web 2.0 Content Sharing Beyond Walled Gardens
description
Transcript of Towards Web 2.0 Content Sharing Beyond Walled Gardens
![Page 1: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/1.jpg)
University of British Columbia
Towards Web 2.0 Content Sharing Beyond Walled Gardens
San-Tsai SunSupervisor: Kosta Beznosov
Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University of British Columbia
![Page 2: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/2.jpg)
practical problem
2
lack of usable mechanisms for secure Web 2.0 user content sharing across content and service
providers (CSPs)
![Page 3: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/3.jpg)
content sharing scenario
3
CCA scouts only
Colonial Coast Adventures (CCA)Girl Scouts
Alice Jenny
Picasa WebAlice’s CCA scout friends in Picasa Web
![Page 4: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/4.jpg)
question
4
• how to enable useful sharing of Web 2.0 content across CSPs?
• can existing technologies enable this type of sharing?
![Page 5: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/5.jpg)
secret-link approach
5
AlicePicasa Web
Jenny
http://picasaweb.google.com/Alice?authkey=Gv1sRgCOzuv
usable for Web users easy to implement by CSPs
Alice does not have control over Jenny’s sharing of secret link with othersAlice has to know Jenny’s email
secret-link
![Page 6: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/6.jpg)
design goals• content sharing useful for average users• user-centric, i.e., access policy and identity
follow the user• only use browser, no special software or
crypto on the user computer• CSPs
– separation of content hosting and content sharing– not required to change their existing access-
control mechanism
6
![Page 7: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/7.jpg)
approach• OpenIDemail extension [1] to enable OpenID IdPs
to use email as an alternative identifier– www.alo.com/santsai vs. [email protected]
• policy hosting service– role-based trust-management policy language (RT)
for credentials and policies [2] – distributed membership and containment queries
7
[1] B. Adida, “EmID: Web authentication by email address,” in The Proceedings of Web 2.0 Security and Privacy Workshop 2008, Oakland, California, USA, 2008.
[2] N. Li, J. C. Mitchell, and W. H. Winsborough, “Design of a role-based trust-management framework,” in SP ’02 Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002
![Page 8: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/8.jpg)
sharing scenario
8
CCA
AlicePicasa Web
policy service Gmail
[email protected] [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
policy service Yahoo
secret-link, [email protected]
memberships
secret-link
![Page 9: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/9.jpg)
access scenario
9
Picasa Web
policy service Gmail
[email protected] [email protected]
CCACCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
policy service Yahoo
[email protected], [email protected]
containment
Jenny
secret-link
OpenIDemail
AOL
yes/no
![Page 10: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/10.jpg)
content sharing scenario 2
10
CCA scouts and their parents only
Colonial Coast Adventures (CCA)Girl Scouts
MaryAlice Jenny
Picasa WebAlice’s scout friends in Picasa Web
![Page 11: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/11.jpg)
sharing scenario 2
11
CCA
Alice
Picasa
policy service Gmail
[email protected] [email protected]
[email protected]_parent [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
policy service Yahoo
[email protected]_parent
[email protected]@gamil.com.scout_parent
Jenny
policy serviceAOL
![Page 12: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/12.jpg)
[email protected] [email protected]
[email protected]_parent [email protected]
access scenario 2
12
Picasa
CCACCA.scout [email protected]
CCA.scout [email protected]
CCA.scout [email protected]
policy service Yahoo
[email protected]_parent ,[email protected]
memberships
secret-link
yes/no
policy serviceAOL
[email protected] [email protected]
[email protected]@gamil.com.scout_parent
cont
ainm
ent
Jenny
secret-link
Mary
policy service Gmail
![Page 13: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/13.jpg)
progress up-to-date
• protocols/algorithms for distributed memberships and containment queries
• preliminary prototype• initial performance evaluation
13
![Page 14: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/14.jpg)
open questions• what is the expressiveness of sharing control
that users need?• how to design useable interface for controlled
sharing?• how to limit transitive trust?
– A trusts B B trusts C A trusts C• how to preserve the confidentiality of
credentials and policies?– CCA does not want everybody to know email
addresses of its scouts14
![Page 15: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/15.jpg)
future work
• investigate user needs in controlled sharing • design user interface• evaluate usability • investigate an approach for limiting transitive
trust• preserve the confidentiality of credentials and
policies• investigate phishing/spam prevention• improve performance
15
![Page 16: Towards Web 2.0 Content Sharing Beyond Walled Gardens](https://reader035.fdocuments.us/reader035/viewer/2022070414/56814e27550346895dbb8c66/html5/thumbnails/16.jpg)
San-Tsai Sun <[email protected]>
16
San-Tsai Sun and Konstantin Beznosov. Open problems in Web 2.0 user content sharing. Presented at iNetSec Workshop, April 23th 2009.
San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Towards enabling web 2.0 content sharing beyond walled gardens. To be presented at the Workshop on Security and Privacy in Online Social Networking, August 29th 2009