350 likes | 529 Views
HTTPA (Accountable Hyper Text Transfer Protocol) PhD Proposal Talk. Oshani Seneviratne DIG, MIT CSAIL May 31, 2011. Problems Addressed. Personal Information on the Web. Increasing amounts of personal information on the Social Web Often times there are unforeseen adverse consequences
E N D
HTTPA (Accountable Hyper Text Transfer Protocol) PhD Proposal Talk Oshani Seneviratne DIG, MIT CSAIL May 31, 2011
Personal Information on the Web • Increasing amounts of personal information on the Social Web • Often times there are unforeseen adverse consequences • Users become victims of poor design choices: E.g. Facebook Beacon, Google Buzz, etc
Reuse of Creative Works • Reuse is good, but unauthorized content use is bad • How can you prove that someone has violated your usage restrictions?
Web Ecosystem that supports Accountability • Build an accountable protocol and applications that use it • Evaluate the adoption and the usability of the protocol • Provide a framework for information accountability within the context of Web Science research
Authentication • Access Control – Identifying the data consumer before serving data • Tracking and Auditing – Association of data with the entity that accessed/used them • Side Effect – HTTPA may not support anonymous access unless the data consumer uses the Provenance Tracker to hide her identity • Use WebID for authentication
Usage Restriction Specification • Initial Implementation of the protocol will use the RMP (Respect My Privacy) ontology • May also use the PPO (Privacy Preference Ontology) • Usage Restriction needs terms such as: • No cookies • No ownership transfer • No commercial use • No depiction • No employment use • No insurance use
Negotiation of Usage Restrictions and Intentions / Handshake • Uses HTTP headers ‘usage-restrictions’ and ‘intentions’ • Use ‘negotiate’ when the original usage restrictions and intentions do not match
Data Uploaded to Websites • Specify usage restrictions on data that belongs to the user. • Creative works • Personal data • Negotiate usage restrictions on the data uploaded to sites • Sites may have a terms that are not what the user wanted
Data Uploaded to Websites (I) POST picture Usage Restrictions: No Ownership Transfer HTTPA 412 Precondition Failed Intentions: Ownership Transfer POST picture
Data Uploaded to Websites (II) POST picture Usage Restrictions: No Ownership Transfer HTTPA 412 Precondition Failed Intentions: Ownership Transfer POST picture Negotiate: No Ownership Transfer HTTPA 204 No Content
Data Downloaded from Websites • Usage restrictions are sent along with the data • Smart clients help the user with proper (re)-usage
Data Downloaded from Websites HEAD Alice’s Photo Intentions: No-Commercial Usage Restrictions: No Ownership Transfer GET Alice’s Photo Intentions: No-Commercial, No Ownership Transfer HTTPA 200 OK Usage Aware Log: Log URI
Do Not Track • Users can accept cookies or reject them when dealing with certain websites • Usage restrictions are applied to the data collected on users and NOT on the data transferred from the website
Do Not Track: Accepting Cookies (I) HEAD /index.html HTTPA 200 OK Cookie1, Cookie2,… GET /index.html Intentions: No-Commercial, No-Employment HTTPA 200 OK Cookie1, Cookie2,… Data Content GET /index.html Cookie1, Cookie2,…
Do Not Track: Accepting Cookies (II) HEAD /index.html Usage Restrictions: No-Cookies HTTPA 412 Precondition Failed Intentions: Cookies? GET /index.html Intentions: No-Commercial, No-Employment HTTPA 200 OK Cookie1, Cookie2,… Data Content GET /index.html Cookie1, Cookie2,…
Do Not Track: Not Accepting Cookies (I) HEAD /index.html HTTPA 200 OK Cookie1, Cookie2,… GET /index.html Negotiate: No-cookies, No-Commercial, No-Employment HTTPA 200 OK Data Content
Do Not Track: Not Accepting Cookies (II) HEAD /index.html Intentions: No-Cookies HTTPA 200 OK Data Content
Provenance Trackers • Trusted intermediary • Determination of trust: • Based on hierarchy • Other means of trust to be investigated • Stores the accountability logs • Mechanism of communication within the Provenance Tracker Network TBD
Logging • Accountability Logs • Available at the Provenance Trackers • Contains the details of the HTTPA transaction • Encrypted • Can only be read by protocol components • Usage Aware Logs • Available at the Smart Client • Guides the Smart Client on reuse • Data Provenance Logs • Available at the Smart Client • Keeps track of the subsequent modifications
Accountability Checking • User can ‘complain’ about violations via the smart client • Smart client requests for a provenance trail from the provenance tracker network • Provenance Trackers communicate with each other and provides a proof with: • URIs of subsequent derivatives • Usage restrictions attached at each reuse/modification/transmission • Identity of the violator
P3P Source: http://www.w3.org/P3P/brochure.html
Project DReaM • DRM everywhere/available • Plans on providing an interoperable DRM architecture • Interface allows to assert fair use • Has an identity management focus
Expected Contributions • Development of a protocol that will change the way users access and use data on the web • Evaluation of user behavior with smart clients that help them • improve decision making when disclosing private data • reuse content properly • find out who may have violated their usage restrictions • Recommendations for future accountability research