demonstration of the software prototypes prime project 17 december 2004
TRANSCRIPT
![Page 1: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/1.jpg)
Demonstration of theSoftware Prototypes
PRIME PROJECT
17 December 2004
![Page 2: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/2.jpg)
Overview Software Prototypes
• D7.1.a: Ontology early prototype
• D8.1.a: Authorization early prototype
• D9.1.a: Cryptography early prototype
• D10.1.a: Communication early prototype
• D11.1.a: User-side IDM early prototype
• D12.1a: Services-side IDM early prototype
![Page 3: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/3.jpg)
Relationship Software Prototypes
D11: User-side IDM D12: Services-side IDM
D7: Ontology
D8: Authorization
D9: Cryptography
D10: Communication
![Page 4: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/4.jpg)
• Goal:– Prototype solution to enable the user to manage
the disclosure of personal data under numerous circumstances.
Deliverable 11.1a User-side IDM Prototype
![Page 5: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/5.jpg)
User-side IDM
Anonymous
Pseudonym
Fully detailed
Data Disclosure
Data tracking
Client Roles
Software agent
Disclosure Conditions
Third Party
![Page 6: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/6.jpg)
Deliverable 11.1a User-side IDM Prototype
• Demonstration: Web shop use case
![Page 7: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/7.jpg)
• Software agent for managing data disclosure– User can assume different roles : anonymous,
pseudonym, full identification– Selectively release personal data to third parties– Keep track of personal data disclosed – Update and/or delete data on the Web-shop server
Deliverable 11.1a User-side IDM Prototype
![Page 8: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/8.jpg)
Deliverable 12.1a Services-side IDM Prototype
• Prototype consists of 3 core concepts– XML Credential Mechanism– Obligation Management System.– Authorization Service
![Page 9: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/9.jpg)
Deliverable 12.1a Services-side IDM Prototype
• Users control disclosure of PII (personal identifiable information).
• Management, enforcement and monitoring of privacy obligations.
• Flexible, policy-driven authorization.
![Page 10: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/10.jpg)
Deliverable 12.1a Services-side IDM Prototype
• Airline scenario:– Client side: customer books flight ticket and is
able to check flight and PII handling– Services side: check XML credentials,
obligation management and access control to database
![Page 11: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/11.jpg)
Deliverable 12.1a Services-side IDM Prototype
![Page 12: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/12.jpg)
Deliverable 12.1a Services-side IDM Prototype
• Demonstration: Airline scenario
![Page 13: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/13.jpg)
Deliverable 7.1a
Ontology Early Prototype • Ontology: specification of a conceptualization.
• Two parties achieving agreement on ruleset (P3P).
• Goal: demonstrate how formal ontologies can fit into the context of the PRIME architecture.
![Page 14: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/14.jpg)
![Page 15: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/15.jpg)
![Page 16: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/16.jpg)
• Features:– Automated reasoning – Derivations – Extensional knowledge sharing – Generic rules
Deliverable 7.1a
Ontology Early Prototype
![Page 17: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/17.jpg)
Deliverable 8.1a
Authorization early prototype
• Goal: devise and implement privacy-aware access control solution covering both aspects, namely, data collection and access control.
![Page 18: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/18.jpg)
Deliverable 8.1a Authorization early prototype
• Demonstration
![Page 19: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/19.jpg)
• Access Control component:
‘Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied.’
Deliverable 8.1a
Authorization early prototype
![Page 20: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/20.jpg)
• Access control without requiring authentication of the client.
• Managing privacy policies
• Maintaining anonimity, pseudonimity, unlinkability and unobservability
Deliverable 8.1a
Authorization early prototype
![Page 21: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/21.jpg)
• Features
– Specification of the ontologies/profiles of subjects and resources.
– Specification of the access control rules for protecting resources.
Deliverable 8.1a Authorization early prototype
![Page 22: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/22.jpg)
• Anonymous Credential System: IDEMIX– Use different pseudonyms with different
organizations, through the issue of credentials the user is still able to complete transactions
– Maintenance of anonimity
Deliverable 9.1a
Cryptography Early Prototype
![Page 23: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/23.jpg)
Deliverable 9.1a Cryptography Early Prototype
• Demonstration
![Page 24: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/24.jpg)
• Features:– Consistency of credentials.– Optional anonymity revocation.– Encoding of attributes.– Revocation of credential.– One-show credentials.
Deliverable 9.1a Cryptography Early Prototype
![Page 25: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/25.jpg)
• How is anonymity maintained?– Use of cryptographic techniques
• Trusted third parties are used for revocation of anonymity in case of misuse
• All credentials and pseudonyms are interleaved together.
Deliverable 9.1a Cryptography Early Prototype
![Page 26: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/26.jpg)
Deliverable 10.1a Communication Early Prototype
• IP-based privacy in the internet.
• Ability to surf the net anonymously.
• TOR Anonymizer changes the IP-adress received by the website on every visit.
![Page 27: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/27.jpg)
![Page 28: Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004](https://reader036.vdocuments.site/reader036/viewer/2022062422/56649e755503460f94b76560/html5/thumbnails/28.jpg)
End of Presentation
• Questions??