1 / 19

The Technology of Privacy

The Technology of Privacy. Walter Hoehn wassa@memphis.edu. Privacy Imperatives. Legal FERPA State/local laws and ordinances Ethical It’s what the users expect Security Personal data can be used to compromise local systems. Privacy Anti-Patterns. Identifiable Security Credentials

jboden
Download Presentation

The Technology of Privacy

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Technology of Privacy • Walter Hoehn • wassa@memphis.edu

  2. Privacy Imperatives • Legal • FERPA • State/local laws and ordinances • Ethical • It’s what the users expect • Security • Personal data can be used to compromise local systems

  3. Privacy Anti-Patterns • Identifiable Security Credentials • Unnecessary information release • Unnecessary session persistence • Identity triangulation • Data correlation among resource providers • Trolling • Opacity to user

  4. Shibboleth Privacy Aims • Passwords should only be transmitted to authenticating institutions • Authentication context should be anonymous • Access should be possible with minimal attribute information • Users should be able to manage release of their personal data

  5. Application Requirements • Entitlement • Pseudonymous Persistence • Affiliations/Membership • Identity

  6. Attribute Release Policies • Control which attributes are released by the Attribute Authority • Access controls are fine-grained and support release of specific values • Policies are applied to a specific service provider or set of service providers • Combination of metadata and SSL client authentication is used to tie policy to requests

  7. ARP Structure • Multiple policies can apply to a user • System, User, Community, etc. • Each policy contains one or more rules • Each rule contains a target specification • Each rule contains one or more attribute release specifications

  8. Example ARP • <AttributeReleasePolicy> • <Rule> • <Target> • <Requester>urn:x-exampleServiceProvider</Requester> • </Target> • <Attributename="urn:mace:dir:attribute-def:eduPersonAffiliation"> • <Valuerelease="permit">member</Value> • </Attribute> • </Rule> • </AttributeReleasePolicy>

  9. ARP Rule Selection • Default Rule • Always included in effective ARPs derived from the enclosing ARP • <Target> • <AnyTarget /> • </Target>

  10. ARP Rule Selection • Selection by requester • Standard • <Target> • <Requester>urn:x-exampleServiceProvider</Requester> • </Target> • Match Function • <Target> • <Requester matchFunction=”urn:mace:shibboleth:arp:matchFunction:regexMatch”>^urn:x-.*$</Requester> • </Target>

  11. Example ARP (Redux) • <AttributeReleasePolicy> • <Rule> • <Target> • <Requester>urn:x-exampleServiceProvider</Requester> • </Target> • <Attributename="urn:mace:dir:attribute-def:eduPersonAffiliation"> • <Valuerelease="permit">member</Value> • </Attribute> • </Rule> • </AttributeReleasePolicy>

  12. Value Release • Releasing any value • <Attributename="urn:mace:dir:attribute-def:eduPersonAffiliation"> • <AnyValuerelease="permit" /> • </Attribute> • Implicit deny • Precedence (deny, permit, implicit deny)

  13. Value Release • Releasing a specific value • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <Valuerelease="permit">member@example.edu</Value> • </Attribute> • Match functions • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <Valuerelease="permit" matchFunction=”urn:mace:shibboleth:arp:matchFunction:regexMatch”> • ^.*@example.edu$</Value> • </Attribute>

  14. Value Release • Combining attribute specifications • <Attributename="urn:mace:dir:attribute-def:eduPersonPrincipalName"> • <AnyValuerelease="permit" /> • </Attribute> • <Attributename="urn:mace:dir:attribute-def:eduPersonAffiliation"> • <AnyValuerelease="permit" /> • </Attribute>

  15. Value Release • Precedence in action • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <AnyValuerelease="permit" /> • </Attribute> • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <Valuerelease="deny">faculty@example.edu</Value> • </Attribute>

  16. Combining Rules • <AttributeReleasePolicy> • <Rule> • <Target><AnyTarget /></Target> • <Attributename="urn:mace:dir:attribute-def:eduPersonScopedAffiliation"> • <AnyValuerelease="permit" /> • </Attribute> • </Rule> • <Rule> • <Target> • <Requester>urn:x-exampleServiceProvider</Requester> • </Target> • <Attributename="urn:mace:dir:attribute-def:eduPersonPrincipalName"> • <Valuerelease="permit">wassa@example.edu</Value> • </Attribute> • </Rule> • </AttributeReleasePolicy>

  17. Processing Model • Identify all applicable ARPs • Create an effective ARP • Include all default rules • Include all matching rules • Determine which attribute/value pairs will be released (compile a list of values with “permit” qualifier & subtract values with “deny” qualifiers)

  18. ARP Management • Present • Site & user level ARPs • Managed manually by system administrators with text editors • Near Future • Site, group, and user level ARPs • Managed by system and library administrators with web-based GUI utility • Down the road • Several management interfaces, including those for the end user

  19. The Technology of Privacy • Walter Hoehn • wassa@memphis.edu

More Related