Open-Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets. “Open-Source, Web-Based, Framework for Integrating Applications with Social Media Services and Personal Cloudlets” www.openi-ict.eu IMPLEMENTING A USER-CENTRIC DATASTORE WITH PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS Paul Malone, Waterford Institute of Technology
1. Open-Source, Web-Based, Framework for Integrating
Applications with Cloud-based Services and Personal Cloudlets.
Open-Source, Web-Based, Framework for Integrating Applications with
Cloud-based Services and Personal Cloudlets. Open-Source,
Web-Based, Framework for Integrating Applications with Social Media
Services and Personal Cloudlets www.openi-ict.eu IMPLEMENTING A
USER-CENTRIC DATASTORE WITH PRIVACY AWARE ACCESS CONTROL FOR CLOUD-
BASED DATA PLATFORMS Paul Malone, Waterford Institute of
Technology
2. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. OPENi Project The OPENi research project aims to inspire
innovation in the mobile applications industry through the
development of an open-source platform for consumer-centric mobile
cloud applications. AppSecEU 2015
3. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. AppSecEU 2015 OPENi project software is released as PEAT
(http://peat-platform.org)
4. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. AppSecEU 2015 Architecture
5. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Mobile Client Library To provide convenient access to
the API, security, and Personal Cloudlet frameworks, OPENi provides
the following mobile client libraries. A cross-platform
HTML/JavaScript library for use in HTML5 and Apache Cordova mobile
web-apps A native Android client library. AppSecEU 2015
6. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Security framework The security framework is responsible
for access control functionality and is tightly coupled with the
Cloudlet and API Frameworks. It provides users more control over
their personal data and the cloud-based services that they interact
with. AppSecEU 2015
7. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. API framework An open framework that is capable of
interoperating with a variety of cloud-based services. Promotes
innovation by offering application developers a framework that will
enable them to design and build complex applications involving the
combinations of independent cloud-based services. AppSecEU
2015
8. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Personal Cloudlet framework Provides application
consumers with a single location to store and control their
personal data. In conjunction with the security framework, empowers
application consumers to remain in control of their data. Consumers
are assured their data is not being used without their consent.
AppSecEU 2015
9. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Personal Cloudlet Objectives 1. To build key
technological enablers to ensure the practical applicability and
efficient use of the OPENi platform. 2. To deliver an open source
platform that will allow application consumers to create, deploy
and manage their personal space in the cloud (Personal Cloudlet).
Each Personal Cloudlet constitutes an entity that will be linked to
its user's identity. AppSecEU 2015
10. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Personal Cloudlet Objectives 3. To provide and promote a
novel, consistent, user-centric application experience of
cloud-based services not only across different devices but also
across different applications. 4. To ensure the OPENi platform
maintains a low barrier to entry for application developers and
service providers. AppSecEU 2015
11. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. How should a secure and privacy concerned web based
framework be developed in order to provide user-centric management
to dynamic data and APIs, while providing the developer with the
ability to access the data in a privacy concerning manner? AppSecEU
2015
12. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Implementation AppSecEU 2015
13. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Key Technologies JavaScript/Node.js Mongrel2 (Web
server) ZMQ (Message Bus) JWT (State) Swagger (REST Definitions)
CouchBase (NoSQL Datastore) JSON (Data format, used in transport
and at rest) Micro-services/Distributed Application AppSecEU
2015
14. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Personal Cloudlet Framework AppSecEU 2015
15. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Data Storage Component Capable of storing user,
app-specific, and internal cloudlet data. Data may be in various
forms such as text, graphical, audio etc. therefore the data
storage component of the cloudlet framework is capable of
accommodating binary files as well as structured JSON data.
AppSecEU 2015
16. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Notification This component is responsible for
communicating with the platforms users. Current message transport
mechanisms supported are: email SMS REST call Server Side Events
(SSEs) Google Cloud Messaging(GCM) AppSecEU 2015
17. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Authentication, Authorisation, and Accounting
Authentication and authorisation mechanisms are handled by the
security framework, however accounting and auditing is handled in
the cloudlet framework. The details of all access requests,
subsequent actions and cloudlet responses is monitored and logged
by the accounting component. These logs are available in the
cloudlet GUI for the cloudlet owner to inspect. AppSecEU 2015
18. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Data Access All data is accessed via a set of APIs,
namely Data API and Type API. They ensure a consistent access point
for all services such as apps, the API framework, and 3rd party
services. In conjunction with the Authentication, Authorisation,
Accounting component and permissions, the cloudlet owner is in full
control of who and what can access each piece of data in their
Personal Cloudlet. AppSecEU 2015
19. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Cloudlet GUIs To empower Cloudlet owners in the
management of their cloudlets they have a standalone GUI, separate
to the on app interface. GUI features include: access logs viewing
preference editing permissions editing. AppSecEU 2015
20. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. User Centric & Privacy Preserving Features JSON Web
Tokens Base64 encoded JSON objects Enable REST based frameworks
manage sessions and claims In OPENi used to apply context to 3rd
party access to personal cloudlets AppSecEU 2015
21. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Types of Tokens Session Token: user and developers can
log into the system and interact with the data in their cloudlets
Auth token is generated through the SDK. Combined user and
developer login. User through GUI & developer through API and
secret keys. AppSecEU 2015
22. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Types of Tokens AppSecEU 2015 Auth token restricts data
access to data common to both app developer and user as dictated
through permissions mechanism.
23. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. User Centric & Privacy Preserving Features Data
Reusability; App Interoperability Data persisted in a NoSQL
document store Cloudlet is composed of a set of JSON Objects All
objects (user data) adhere to a predefined OPENi Type All types are
public and can be reused by developers across applications AppSecEU
2015
24. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Data Reusability - Types User data is stored as JSON
objects. Types describe and set rules for objects. Types are used
by the system to validate data as is it added Types are used to
give users better understanding of their data. AppSecEU 2015
25. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Data Reusability - Types @reference is a human readable
description of the type e.g. User profile @context contains an
array of object members and their rules. Dictates if the member is
required, if it is a single value or an array, it can even restrict
the possible values. The members primitive type must also be
listed. Supports int, string, data, timestamp, float, base64, url,
gps, and other Types. @context is a human readable description of
the object member. AppSecEU 2015
26. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Data Reusability - Types Types are public and reusable
by the developer community. Types are immutable, once they are
created they cannot be altered. Types are tightly integrated with
the Auth dialogs and permissions mechanism. A Type Builder GUI is
provided to make it easier to build types. (Next Slide) AppSecEU
2015
27. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Type Builder AppSecEU 2015
28. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. User Centric & Privacy Preserving Features Fine
Grained Access Control Cloudlet objects have an associated
permissions object Permissions objects provide information on which
apps are allowed access the object App developer can request access
by object or type Requests can be be scoped by app and cloudlet
Cloudlet owner can edit permissions based on type, app etc AppSecEU
2015
29. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. AppSecEU 2015
30. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. User Centric & Privacy Preserving Features User
Dashboard Data Browsing View data categorised by type or app
Auditing A view of access request/response Permissions View and
edit permissions Notifications Set notifications for data access
requests AppSecEU 2015
31. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Use Case: Ayda Fertility Tracker Ayda is IoT startup
which deals with private personal data. Wearable device monitors
users body. Daily device log is augmented with user provided
information. Data persisted to OPENi/PEAT backend AppSecEU
2015
32. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Ayda Android App Integration Use utility classes to
persist data to the backend. User Auth and session management is
automatically handled by the client lib. Add a number of types
through admin portal. Create permissions manifest with types.
Include client lib in android application AppSecEU 2015
33. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Ayda Android App: Sample Types AppSecEU 2015
34. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Permissions Dialog Permissions combined with data in
type objects to build meaningful auth dialogs. User can choose to
approve or cancel request. Approval can be revoked later through
user dashboard. AppSecEU 2015
35. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. User Dashboard Link to User Dashboard embedded in SDK.
Swipe to the right to bring up menu. The user is taken off app for
security reasons. Data displayed on a per type basis. Information
is presented in a more user friendly manner by using the content of
the the Types. AppSecEU 2015
36. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. User Dashboard User can manipulate their data and
permissions directly through the dashboard AppSecEU 2015
37. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. User Dashboard Permissions are listed on a per
application basis. Piwik analytics engine was integrated into the
platform. Applied it in a non- traditional manner. Instead of
showing app developers how often a user engages with their service
we inform users when app developers access their data. AppSecEU
2015
38. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open Source Website http://peat-platform.org/ GitHub:
https://github.com/peat-platform/ Cloudlet deployment script:
https://github.com/peat-platform/peat-deploy-script AppSecEU
2015
39. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Conclusion OPENi has developed a Personal Cloudlet
Framework Developers can define (or reuse pre-existing ) types and
permissions manifests for those types per application Users can
view and edit permissions on a per-app or per- cloudlet level Users
can view access requests and responses Open source implementation
(http://peat-platform.org)
40. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Open-AppSecEU 2015 Source, Web-Based, Framework for
Integrating Applications with Cloud-based Services and Personal
Cloudlets. Thank You ? AppSecEU 2015