University of British Columbia

Towards Web 2.0 Content Sharing Beyond Walled Gardens

San-Tsai SunSupervisor: Kosta Beznosov

Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University of British Columbia

practical problem

2

lack of usable mechanisms for secure Web 2.0 user content sharing across content and service

providers (CSPs)

content sharing scenario

3

CCA scouts only

Colonial Coast Adventures (CCA)Girl Scouts

Alice Jenny

Picasa WebAlice’s CCA scout friends in Picasa Web

question

4

• how to enable useful sharing of Web 2.0 content across CSPs?

• can existing technologies enable this type of sharing?

secret-link approach

5

AlicePicasa Web

jenny@aol.com

Jenny

http://picasaweb.google.com/Alice?authkey=Gv1sRgCOzuv

usable for Web users easy to implement by CSPs

Alice does not have control over Jenny’s sharing of secret link with othersAlice has to know Jenny’s email

secret-link

design goals• content sharing useful for average users• user-centric, i.e., access policy and identity

follow the user• only use browser, no special software or

crypto on the user computer• CSPs

– separation of content hosting and content sharing– not required to change their existing access-

control mechanism

6

approach• OpenIDemail extension [1] to enable OpenID IdPs

to use email as an alternative identifier– www.alo.com/santsai vs. santsas@alo.com

• policy hosting service– role-based trust-management policy language (RT)

for credentials and policies [2] – distributed membership and containment queries

7

[1] B. Adida, “EmID: Web authentication by email address,” in The Proceedings of Web 2.0 Security and Privacy Workshop 2008, Oakland, California, USA, 2008.

[2] N. Li, J. C. Mitchell, and W. H. Winsborough, “Design of a role-based trust-management framework,” in SP ’02 Proceedings of the 2002 IEEE Symposium on Security and Privacy, 2002

sharing scenario

8

CCA

AlicePicasa Web

policy service Gmail

Alice@gmail.com.scout CCA.@yahoo.scout

CCA.scout Alice@gmail.com

CCA.scout Jenny@aol.com

CCA.scout Betty@hotmail.com

policy service Yahoo

Alice@gmail.com.scout

Alice@gmail.com.scout

secret-link, Alice@gmail.com.scout

memberships

secret-link

access scenario

9

Picasa Web

policy service Gmail

Alice@gmail.com.scout CCA.@yahoo.scout

CCACCA.scout Alice@gmail.com

CCA.scout Jenny@aol.com

CCA.scout Betty@hotmail.com

policy service Yahoo

Alice@gmail.com.scout

Jenny@aol.com, Alice@gmail.com.scout

containment

Jenny

secret-link

OpenIDemail

AOL

Jenny@aol.com

yes/no

content sharing scenario 2

10

CCA scouts and their parents only

Colonial Coast Adventures (CCA)Girl Scouts

MaryAlice Jenny

Picasa WebAlice’s scout friends in Picasa Web

sharing scenario 2

11

CCA

Alice

Picasa

policy service Gmail

Alice@gamil.com.scout CCA.@yahoo.scout

Alice@gamil.com.scout_parent Alice@gamil.com.scout.parent

CCA.scout Alice@gamil.com

CCA.scout Jenny@aol.com

CCA.scout Betty@hotmail.com

policy service Yahoo

Alice@gamil.com.scout_parent

Alice@gamil.com.scoutAlice@gamil.com.scout_parent

Jenny

policy serviceAOL

Jenny@aol.com.parent Mary@hotmail.com

Alice@gamil.com.scout CCA.@yahoo.scout

Alice@gamil.com.scout_parent Alice@gamil.com.scout.parent

access scenario 2

12

Picasa

CCACCA.scout Alice@gamil.com

CCA.scout Jenny@aol.com

CCA.scout Betty@hotmail.com

policy service Yahoo

Alice@gamil.com.scout_parent ,Mary@hotmail.com

memberships

secret-link

yes/no

policy serviceAOL

Jenny@aol.com.parent Mary@hotmail.com

Alice@gamil.com.scoutAlice@gamil.com.scout_parent

cont

ainm

ent

Jenny

secret-link

Mary

policy service Gmail

progress up-to-date

• protocols/algorithms for distributed memberships and containment queries

• preliminary prototype• initial performance evaluation

13

open questions• what is the expressiveness of sharing control

that users need?• how to design useable interface for controlled

sharing?• how to limit transitive trust?

– A trusts B B trusts C A trusts C• how to preserve the confidentiality of

credentials and policies?– CCA does not want everybody to know email

addresses of its scouts14

future work

• investigate user needs in controlled sharing • design user interface• evaluate usability • investigate an approach for limiting transitive

trust• preserve the confidentiality of credentials and

policies• investigate phishing/spam prevention• improve performance

15

San-Tsai Sun <santsais@ece.ubc.ca>

16

San-Tsai Sun and Konstantin Beznosov. Open problems in Web 2.0 user content sharing. Presented at iNetSec Workshop, April 23th 2009.

San-Tsai Sun, Kirstie Hawkey, and Konstantin Beznosov. Towards enabling web 2.0 content sharing beyond walled gardens. To be presented at the Workshop on Security and Privacy in Online Social Networking, August 29th 2009