Languages
Pages
Legal
HTTPA (Accountable Hyper Text Transfer Protocol)
PhD Proposal Talk
Oshani SeneviratneDIG, MIT CSAILMay 31, 2011
Problems Addressed
Personal Information on the Web
• Increasing amounts of personal information on the Social Web
• Often times there are unforeseen adverse consequences
• Users become victims of poor design choices: E.g. Facebook Beacon, Google Buzz, etc
Reuse of Creative Works
• Reuse is good, but unauthorized content use is bad
• How can you prove that someone has violated your usage restrictions?
User Behavior Tracking Across Websites
Proposed Solution
Web Ecosystem that supports Accountability
• Build an accountable protocol and applications that use it
• Evaluate the adoption and the usability of the protocol
• Provide a framework for information accountability within the context of Web Science research
Protocol Components
Authentication
• Access Control – Identifying the data consumer before serving data
• Tracking and Auditing – Association of data with the entity that accessed/used them
• Side Effect – HTTPA may not support anonymous access unless the data consumer uses the Provenance Tracker to hide her identity
• Use WebID for authentication
Usage Restriction Specification
• Initial Implementation of the protocol will use the RMP (Respect My Privacy) ontology
• May also use the PPO (Privacy Preference Ontology)
• Usage Restriction needs terms such as:
– No cookies– No ownership transfer– No commercial use
– No depiction– No employment use– No insurance use
Negotiation of Usage Restrictions and Intentions / Handshake
• Uses HTTP headers ‘usage-restrictions’ and ‘intentions’
• Use ‘negotiate’ when the original usage restrictions and intentions do not match
Motivating Scenarios for the Handshake
Data Uploaded to Websites
• Specify usage restrictions on data that belongs to the user.– Creative works– Personal data
• Negotiate usage restrictions on the data uploaded to sites– Sites may have a terms that are not what the user
wanted
Data Uploaded to Websites (I)
POST pictureUsage Restrictions: No Ownership Transfer
HTTPA 412 Precondition FailedIntentions: Ownership Transfer
POST picture
Data Uploaded to Websites (II)
POST pictureUsage Restrictions: No Ownership Transfer
HTTPA 412 Precondition FailedIntentions: Ownership Transfer
POST pictureNegotiate: No Ownership Transfer
HTTPA 204 No Content
Data Downloaded from Websites
• Usage restrictions are sent along with the data• Smart clients help the user with proper (re)-
usage
Data Downloaded from WebsitesHEAD Alice’s PhotoIntentions: No-Commercial
Usage Restrictions: No Ownership Transfer
GET Alice’s PhotoIntentions: No-Commercial, No Ownership Transfer
HTTPA 200 OKUsage Aware Log: Log URI
Do Not Track
• Users can accept cookies or reject them when dealing with certain websites
• Usage restrictions are applied to the data collected on users and NOT on the data transferred from the website
Do Not Track: Accepting Cookies (I)
HEAD /index.html
HTTPA 200 OKCookie1, Cookie2,…
GET /index.htmlIntentions: No-Commercial, No-Employment
HTTPA 200 OKCookie1, Cookie2,…Data Content
GET /index.htmlCookie1, Cookie2,…
Do Not Track: Accepting Cookies (II)
HEAD /index.htmlUsage Restrictions: No-Cookies
HTTPA 412 Precondition FailedIntentions: Cookies?
GET /index.htmlIntentions: No-Commercial, No-Employment
HTTPA 200 OKCookie1, Cookie2,…Data Content
GET /index.htmlCookie1, Cookie2,…
Do Not Track: Not Accepting Cookies (I)
HEAD /index.html
HTTPA 200 OKCookie1, Cookie2,…
GET /index.htmlNegotiate: No-cookies, No-Commercial, No-Employment
HTTPA 200 OKData Content
Do Not Track: Not Accepting Cookies (II)
HEAD /index.htmlIntentions: No-Cookies
HTTPA 200 OKData Content
Protocol Components Contd.
Provenance Trackers
• Trusted intermediary– Determination of trust:• Based on hierarchy• Other means of trust to be
investigated
• Stores the accountability logs• Mechanism of communication within the
Provenance Tracker Network TBD
Logging
• Accountability Logs– Available at the Provenance Trackers– Contains the details of the HTTPA transaction– Encrypted– Can only be read by protocol components
• Usage Aware Logs– Available at the Smart Client– Guides the Smart Client on reuse
• Data Provenance Logs– Available at the Smart Client– Keeps track of the subsequent modifications
Accountability Checking
• User can ‘complain’ about violations via the smart client
• Smart client requests for a provenance trail from the provenance tracker network
• Provenance Trackers communicate with each other and provides a proof with:– URIs of subsequent derivatives– Usage restrictions attached at each
reuse/modification/transmission– Identity of the violator
Related Work
Project DReaM
• DRM everywhere/available• Plans on providing an interoperable DRM
architecture• Interface allows to assert fair use• Has an identity management focus
Timeline
Expected Contributions
• Development of a protocol that will change the way users access and use data on the web
• Evaluation of user behavior with smart clients that help them – improve decision making when disclosing private data– reuse content properly– find out who may have violated their usage restrictions
• Recommendations for future accountability research
Questions?
Top Related