Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004

Demonstration of theSoftware Prototypes

PRIME PROJECT

17 December 2004

Overview Software Prototypes

• D7.1.a: Ontology early prototype

• D8.1.a: Authorization early prototype

• D9.1.a: Cryptography early prototype

• D10.1.a: Communication early prototype

• D11.1.a: User-side IDM early prototype

• D12.1a: Services-side IDM early prototype

Relationship Software Prototypes

D11: User-side IDM D12: Services-side IDM

D7: Ontology

D8: Authorization

D9: Cryptography

D10: Communication

• Goal:– Prototype solution to enable the user to manage

the disclosure of personal data under numerous circumstances.

Deliverable 11.1a User-side IDM Prototype

User-side IDM

Anonymous

Pseudonym

Fully detailed

Data Disclosure

Data tracking

Client Roles

Software agent

Disclosure Conditions

Third Party


• Demonstration: Web shop use case

• Software agent for managing data disclosure– User can assume different roles : anonymous,

pseudonym, full identification– Selectively release personal data to third parties– Keep track of personal data disclosed – Update and/or delete data on the Web-shop server


Deliverable 12.1a Services-side IDM Prototype

• Prototype consists of 3 core concepts– XML Credential Mechanism– Obligation Management System.– Authorization Service


• Users control disclosure of PII (personal identifiable information).

• Management, enforcement and monitoring of privacy obligations.

• Flexible, policy-driven authorization.


• Airline scenario:– Client side: customer books flight ticket and is

able to check flight and PII handling– Services side: check XML credentials,

obligation management and access control to database



• Demonstration: Airline scenario

Deliverable 7.1a

Ontology Early Prototype • Ontology: specification of a conceptualization.

• Two parties achieving agreement on ruleset (P3P).

• Goal: demonstrate how formal ontologies can fit into the context of the PRIME architecture.

• Features:– Automated reasoning – Derivations – Extensional knowledge sharing – Generic rules

Deliverable 7.1a

Ontology Early Prototype

Deliverable 8.1a

Authorization early prototype

• Goal: devise and implement privacy-aware access control solution covering both aspects, namely, data collection and access control.

Deliverable 8.1a Authorization early prototype

• Demonstration

• Access Control component:

‘Access control is the process of mediating every request to resources and data maintained by a system and determining whether the request should be granted or denied.’

Deliverable 8.1a


• Access control without requiring authentication of the client.

• Managing privacy policies

• Maintaining anonimity, pseudonimity, unlinkability and unobservability

Deliverable 8.1a


• Features

– Specification of the ontologies/profiles of subjects and resources.

– Specification of the access control rules for protecting resources.

Deliverable 8.1a Authorization early prototype

• Anonymous Credential System: IDEMIX– Use different pseudonyms with different

organizations, through the issue of credentials the user is still able to complete transactions

– Maintenance of anonimity

Deliverable 9.1a

Cryptography Early Prototype

Deliverable 9.1a Cryptography Early Prototype

• Demonstration

• Features:– Consistency of credentials.– Optional anonymity revocation.– Encoding of attributes.– Revocation of credential.– One-show credentials.


• How is anonymity maintained?– Use of cryptographic techniques

• Trusted third parties are used for revocation of anonymity in case of misuse

• All credentials and pseudonyms are interleaved together.


Deliverable 10.1a Communication Early Prototype

• IP-based privacy in the internet.

• Ability to surf the net anonymously.

• TOR Anonymizer changes the IP-adress received by the website on every visit.

End of Presentation

• Questions??

Documents

Demonstration of the Software Prototypes PRIME PROJECT 17 December 2004