Demonstration of theSoftware Prototypes
PRIME PROJECT
17 December 2004
Overview Software Prototypes
• D7.1.a: Ontology early prototype
• D8.1.a: Authorization early prototype
• D9.1.a: Cryptography early prototype
• D10.1.a: Communication early prototype
• D11.1.a: User-side IDM early prototype
• D12.1a: Services-side IDM early prototype
Relationship Software Prototypes
D11: User-side IDM D12: Services-side IDM
D7: Ontology
D8: Authorization
D9: Cryptography
D10: Communication
• Goal:– Prototype solution to enable the user to manage
the disclosure of personal data under numerous circumstances.
Deliverable 11.1a User-side IDM Prototype
User-side IDM
Anonymous
Pseudonym
Fully detailed
Data Disclosure
Data tracking
Client Roles
Software agent
Disclosure Conditions
Third Party
Deliverable 11.1a User-side IDM Prototype
• Demonstration: Web shop use case
• Software agent for managing data disclosure– User can assume different roles : anonymous,
pseudonym, full identification– Selectively release personal data to third parties– Keep track of personal data disclosed – Update and/or delete data on the Web-shop server
Deliverable 11.1a User-side IDM Prototype
Deliverable 12.1a Services-side IDM Prototype
• Prototype consists of 3 core concepts– XML Credential Mechanism– Obligation Management System.– Authorization Service
Deliverable 12.1a Services-side IDM Prototype
• Users control disclosure of PII (personal identifiable information).
• Management, enforcement and monitoring of privacy obligations.
• Flexible, policy-driven authorization.
Deliverable 12.1a Services-side IDM Prototype
• Airline scenario:– Client side: customer books flight ticket and is
able to check flight and PII handling– Services side: check XML credentials,
obligation management and access control to database
Deliverable 12.1a Services-side IDM Prototype
Deliverable 12.1a Services-side IDM Prototype
• Demonstration: Airline scenario
Deliverable 7.1a
Ontology Early Prototype • Ontology: specification of a conceptualization.
• Two parties achieving agreement on ruleset (P3P).
• Goal: demonstrate how formal ontologies can fit into the context of the PRIME architecture.
• Features:– Automated reasoning – Derivations – Extensional knowledge sharing – Generic rules
Deliverable 7.1a
Ontology Early Prototype
Deliverable 8.1a
Authorization early prototype
• Goal: devise and implement privacy-aware access control solution covering both aspects, namely, data collection and access control.
Deliverable 8.1a Authorization early prototype
• Demonstration
• Access Control component:
‘Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied.’
Deliverable 8.1a
Authorization early prototype
• Access control without requiring authentication of the client.
• Managing privacy policies
• Maintaining anonimity, pseudonimity, unlinkability and unobservability
Deliverable 8.1a
Authorization early prototype
• Features
– Specification of the ontologies/profiles of subjects and resources.
– Specification of the access control rules for protecting resources.
Deliverable 8.1a Authorization early prototype
• Anonymous Credential System: IDEMIX– Use different pseudonyms with different
organizations, through the issue of credentials the user is still able to complete transactions
– Maintenance of anonimity
Deliverable 9.1a
Cryptography Early Prototype
Deliverable 9.1a Cryptography Early Prototype
• Demonstration
• Features:– Consistency of credentials.– Optional anonymity revocation.– Encoding of attributes.– Revocation of credential.– One-show credentials.
Deliverable 9.1a Cryptography Early Prototype
• How is anonymity maintained?– Use of cryptographic techniques
• Trusted third parties are used for revocation of anonymity in case of misuse
• All credentials and pseudonyms are interleaved together.
Deliverable 9.1a Cryptography Early Prototype
Deliverable 10.1a Communication Early Prototype
• IP-based privacy in the internet.
• Ability to surf the net anonymously.
• TOR Anonymizer changes the IP-adress received by the website on every visit.
End of Presentation
• Questions??