1 / 35

HTTPA (Accountable Hyper Text Transfer Protocol) PhD Proposal Talk

HTTPA (Accountable Hyper Text Transfer Protocol) PhD Proposal Talk. Oshani Seneviratne DIG, MIT CSAIL May 31, 2011. Problems Addressed. Personal Information on the Web. Increasing amounts of personal information on the Social Web Often times there are unforeseen adverse consequences

jess
Download Presentation

HTTPA (Accountable Hyper Text Transfer Protocol) PhD Proposal Talk

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. HTTPA (Accountable Hyper Text Transfer Protocol) PhD Proposal Talk Oshani Seneviratne DIG, MIT CSAIL May 31, 2011

  2. Problems Addressed

  3. Personal Information on the Web • Increasing amounts of personal information on the Social Web • Often times there are unforeseen adverse consequences • Users become victims of poor design choices: E.g. Facebook Beacon, Google Buzz, etc

  4. Reuse of Creative Works • Reuse is good, but unauthorized content use is bad • How can you prove that someone has violated your usage restrictions?

  5. User Behavior Tracking Across Websites

  6. Proposed Solution

  7. Web Ecosystem that supports Accountability • Build an accountable protocol and applications that use it • Evaluate the adoption and the usability of the protocol • Provide a framework for information accountability within the context of Web Science research

  8. Protocol Components

  9. Authentication • Access Control – Identifying the data consumer before serving data • Tracking and Auditing – Association of data with the entity that accessed/used them • Side Effect – HTTPA may not support anonymous access unless the data consumer uses the Provenance Tracker to hide her identity • Use WebID for authentication

  10. Usage Restriction Specification • Initial Implementation of the protocol will use the RMP (Respect My Privacy) ontology • May also use the PPO (Privacy Preference Ontology) • Usage Restriction needs terms such as: • No cookies • No ownership transfer • No commercial use • No depiction • No employment use • No insurance use

  11. Negotiation of Usage Restrictions and Intentions / Handshake • Uses HTTP headers ‘usage-restrictions’ and ‘intentions’ • Use ‘negotiate’ when the original usage restrictions and intentions do not match

  12. Motivating Scenarios for the Handshake

  13. Data Uploaded to Websites • Specify usage restrictions on data that belongs to the user. • Creative works • Personal data • Negotiate usage restrictions on the data uploaded to sites • Sites may have a terms that are not what the user wanted

  14. Data Uploaded to Websites (I) POST picture Usage Restrictions: No Ownership Transfer HTTPA 412 Precondition Failed Intentions: Ownership Transfer POST picture

  15. Data Uploaded to Websites (II) POST picture Usage Restrictions: No Ownership Transfer HTTPA 412 Precondition Failed Intentions: Ownership Transfer POST picture Negotiate: No Ownership Transfer HTTPA 204 No Content

  16. Data Downloaded from Websites • Usage restrictions are sent along with the data • Smart clients help the user with proper (re)-usage

  17. Data Downloaded from Websites HEAD Alice’s Photo Intentions: No-Commercial Usage Restrictions: No Ownership Transfer GET Alice’s Photo Intentions: No-Commercial, No Ownership Transfer HTTPA 200 OK Usage Aware Log: Log URI

  18. Do Not Track • Users can accept cookies or reject them when dealing with certain websites • Usage restrictions are applied to the data collected on users and NOT on the data transferred from the website

  19. Do Not Track: Accepting Cookies (I) HEAD /index.html HTTPA 200 OK Cookie1, Cookie2,… GET /index.html Intentions: No-Commercial, No-Employment HTTPA 200 OK Cookie1, Cookie2,… Data Content GET /index.html Cookie1, Cookie2,…

  20. Do Not Track: Accepting Cookies (II) HEAD /index.html Usage Restrictions: No-Cookies HTTPA 412 Precondition Failed Intentions: Cookies? GET /index.html Intentions: No-Commercial, No-Employment HTTPA 200 OK Cookie1, Cookie2,… Data Content GET /index.html Cookie1, Cookie2,…

  21. Do Not Track: Not Accepting Cookies (I) HEAD /index.html HTTPA 200 OK Cookie1, Cookie2,… GET /index.html Negotiate: No-cookies, No-Commercial, No-Employment HTTPA 200 OK Data Content

  22. Do Not Track: Not Accepting Cookies (II) HEAD /index.html Intentions: No-Cookies HTTPA 200 OK Data Content

  23. Protocol Components Contd.

  24. Provenance Trackers • Trusted intermediary • Determination of trust: • Based on hierarchy • Other means of trust to be investigated • Stores the accountability logs • Mechanism of communication within the Provenance Tracker Network TBD

  25. Logging • Accountability Logs • Available at the Provenance Trackers • Contains the details of the HTTPA transaction • Encrypted • Can only be read by protocol components • Usage Aware Logs • Available at the Smart Client • Guides the Smart Client on reuse • Data Provenance Logs • Available at the Smart Client • Keeps track of the subsequent modifications

  26. Accountability Checking • User can ‘complain’ about violations via the smart client • Smart client requests for a provenance trail from the provenance tracker network • Provenance Trackers communicate with each other and provides a proof with: • URIs of subsequent derivatives • Usage restrictions attached at each reuse/modification/transmission • Identity of the violator

  27. Related Work

  28. P3P Source: http://www.w3.org/P3P/brochure.html

  29. Project DReaM • DRM everywhere/available • Plans on providing an interoperable DRM architecture • Interface allows to assert fair use • Has an identity management focus

  30. Timeline

  31. Expected Contributions • Development of a protocol that will change the way users access and use data on the web • Evaluation of user behavior with smart clients that help them • improve decision making when disclosing private data • reuse content properly • find out who may have violated their usage restrictions • Recommendations for future accountability research

  32. Questions?

More Related