190 likes | 219 Views
The Technology of Privacy. Walter Hoehn wassa@memphis.edu. Privacy Imperatives. Legal FERPA State/local laws and ordinances Ethical It’s what the users expect Security Personal data can be used to compromise local systems. Privacy Anti-Patterns. Identifiable Security Credentials
E N D
The Technology of Privacy • Walter Hoehn • wassa@memphis.edu
Privacy Imperatives • Legal • FERPA • State/local laws and ordinances • Ethical • It’s what the users expect • Security • Personal data can be used to compromise local systems
Privacy Anti-Patterns • Identifiable Security Credentials • Unnecessary information release • Unnecessary session persistence • Identity triangulation • Data correlation among resource providers • Trolling • Opacity to user
Shibboleth Privacy Aims • Passwords should only be transmitted to authenticating institutions • Authentication context should be anonymous • Access should be possible with minimal attribute information • Users should be able to manage release of their personal data
Application Requirements • Entitlement • Pseudonymous Persistence • Affiliations/Membership • Identity
Attribute Release Policies • Control which attributes are released by the Attribute Authority • Access controls are fine-grained and support release of specific values • Policies are applied to a specific service provider or set of service providers • Combination of metadata and SSL client authentication is used to tie policy to requests
ARP Structure • Multiple policies can apply to a user • System, User, Community, etc. • Each policy contains one or more rules • Each rule contains a target specification • Each rule contains one or more attribute release specifications
Example ARP • <AttributeReleasePolicy> • <Rule> • <Target> • <Requester>urn:x-exampleServiceProvider</Requester> • </Target> • <Attributename="urn:mace:dir:attribute-def:eduPersonAffiliation"> • <Valuerelease="permit">member</Value> • </Attribute> • </Rule> • </AttributeReleasePolicy>
ARP Rule Selection • Default Rule • Always included in effective ARPs derived from the enclosing ARP • <Target> • <AnyTarget /> • </Target>
ARP Rule Selection • Selection by requester • Standard • <Target> • <Requester>urn:x-exampleServiceProvider</Requester> • </Target> • Match Function • <Target> • <Requester matchFunction=”urn:mace:shibboleth:arp:matchFunction:regexMatch”>^urn:x-.*$</Requester> • </Target>
Example ARP (Redux) • <AttributeReleasePolicy> • <Rule> • <Target> • <Requester>urn:x-exampleServiceProvider</Requester> • </Target> • <Attributename="urn:mace:dir:attribute-def:eduPersonAffiliation"> • <Valuerelease="permit">member</Value> • </Attribute> • </Rule> • </AttributeReleasePolicy>
Value Release • Releasing any value • <Attributename="urn:mace:dir:attribute-def:eduPersonAffiliation"> • <AnyValuerelease="permit" /> • </Attribute> • Implicit deny • Precedence (deny, permit, implicit deny)
Value Release • Releasing a specific value • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <Valuerelease="permit">member@example.edu</Value> • </Attribute> • Match functions • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <Valuerelease="permit" matchFunction=”urn:mace:shibboleth:arp:matchFunction:regexMatch”> • ^.*@example.edu$</Value> • </Attribute>
Value Release • Combining attribute specifications • <Attributename="urn:mace:dir:attribute-def:eduPersonPrincipalName"> • <AnyValuerelease="permit" /> • </Attribute> • <Attributename="urn:mace:dir:attribute-def:eduPersonAffiliation"> • <AnyValuerelease="permit" /> • </Attribute>
Value Release • Precedence in action • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <AnyValuerelease="permit" /> • </Attribute> • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <Valuerelease="deny">faculty@example.edu</Value> • </Attribute>
Combining Rules • <AttributeReleasePolicy> • <Rule> • <Target><AnyTarget /></Target> • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <AnyValuerelease="permit" /> • </Attribute> • </Rule> • <Rule> • <Target> • <Requester>urn:x-exampleServiceProvider</Requester> • </Target> • <Attributename="urn:mace:dir:attribute-def:eduPersonPrincipalName"> • <Valuerelease="permit">wassa@example.edu</Value> • </Attribute> • </Rule> • </AttributeReleasePolicy>
Processing Model • Identify all applicable ARPs • Create an effective ARP • Include all default rules • Include all matching rules • Determine which attribute/value pairs will be released (compile a list of values with “permit” qualifier & subtract values with “deny” qualifiers)
ARP Management • Present • Site & user level ARPs • Managed manually by system administrators with text editors • Near Future • Site, group, and user level ARPs • Managed by system and library administrators with web-based GUI utility • Down the road • Several management interfaces, including those for the end user
The Technology of Privacy • Walter Hoehn • wassa@memphis.edu