Applications Through a PrivacyLens:Overview Deck

“what you release is who you are”

Topics

• Background and acknowledgments• Several application demonstrations, showing the impacts

of attribute release on privacy, personalization, capabilities and other parts of application behavior– Yourtown Confluence Wiki– PL Drupal – Web-based content management

• What comes next– User managed notifications, revocation of consent, enterprise

management console, integration of metadata, etc• Takeaways

Background and Acknowledgments• Part of the Original Vision• A key deliverable of the NIST NSTIC Scalable Privacy Grant• Lujo Bauer and the CMU development group in ECE• The many groups and folks supporting this effort, including Internet2,

Mike Grady and Unicon, Jimmy Vucculo and PSU, Nate Klingenstein, the early experimenters, etc.

– This work is partially supported by the National Strategy for Trusted Identities in Cyberspace (NSTIC) National Program Office and the National Institute of Standards and Technology (NIST). The views in this presentation do not necessarily reflect the official policies of the NIST or NSTIC, nor does mention by trade names, commercial practices, or organizations imply endorsement by the U.S. Government.

Demonstrations

• Several applications demonstrating different behaviors depending upon what attributes are released by the user– Drupal – a content management system– Confluence – a wiki– Revocation – an administrative process – Web access control to content

• Demo decks for the apps are available on the same web site that this file was captured from.

What comes next

• Easing the privacy management burden for the user– Forward consent with notifications and revocation, use

of trust-marks, wildcard settings, etc.• Building a scalable infrastructure– IdP enterprise management console, leveraging

metadata, external interfaces, porting to other protocols, UMA integration for asynchronous authorization, etc.

– Support identity portability, medical consent use cases, etc.

Easing the burden

Easing the burden

Takeaways

• Consent management is viable– A solution to the major challenge in R&E federations– Comes with unexpected benefits – time stamps, audits, etc

• Users can manage privacy– Provided that the needed information is all presented in a well-

integrated and immediate manner– Provided that tools are engineered to minimize the user’s overhead

• Applications are bad in their attribute awareness, a key aspect of privacy – Most applications expect to own the users attributes– Progressive applications expect the attributes to come from

elsewhere but to know everything they want to know