Negotiated Privacy and Security Policies for Web Services

1
Negotiated Privacy and Security Policies for Web
Services

• George Yee
• (Joint work with Larry Korba)
• www.iit-iti.nrc-cnrc.gc.ca/personnel/yee_george_e.
  html
• www.georgeyee.ca

2
Contents

• Introduction
• The current landscape
• Personal privacy policy
• E-services security policy
• Negotiation requirements
• Help for negotiation
• Policy negotiation for web services
• Related work
• Conclusions

3
Introduction

• Drivers for personal privacy policies
• Growth of the Internet ? greater consumer
  exposure to e-services (e-commerce, e-govt,
  e-health, etc.) ?growth of consumer awareness to
  lack of privacy
• Privacy legislation ? greater consumer awareness
  of privacy rights
• Drivers for personal security policies
• Nature of e-service consumers business (e.g.
  defense contractor)
• Consumers resources (e.g. mobile device)
• Negotiation required if mismatch between consumer
  and provider polices

4
The current landscape

• Privacy and security policies on the Internet
• Posted privacy policies
• P3P privacy policies for web sites
• Browser plug-in allows checking of personal
  privacy preferences against web sites policy
• Privacy Bird check preferences, display policy
  in easy to understand language, customizable
  warnings
• No negotiation, take it or leave it
• No personal security policies for e-services
• Web services
• Some elements to allow policies and negotiation
  are in place WS-Policy, WS-SecurityPolicy,
  WS-Agreement
• No negotiation protocol

5
Personal privacy policy

• Necessary content implied by privacy legislation
• Simple so that it can be understood by the
  average e-service consumer
• Machine processable, e.g. using XML-based
  language such as APPEL

Policy Use E-learning Owner Alice
Consumer Valid unlimited Collector Any What
name, address, tel Purposes identification Retent
ion Time unlimited Disclose-To none Collector
Any What Course Marks Purposes
Records Retention Time 2 years Disclose-To none
Header

Privacy Rule

Privacy Rule
6
E-Services security policy

• ISO 7498-2 (Reference Model for Security
  Architectures), ITU-T X800 (Security Architecture
  for Open Systems Interconnection) suggest the
  following security services
• 1. Authentication,
• 2. Access Control,
• 3. Data Confidentiality,
• 4. Data Integrity,
• 5. Non-repudiation
• We add
• 6. Secure Logging,
• 7. Certification,
• 8. Malware Detection,
• 9. Application Monitoring

7
E-Services security policy

• Security mechanisms (e.g. digital signature) are
  used to support security services.
• Negotiation can be over security services or
  security mechanisms but since the security
  services are usually required, negotiation tends
  to be over mechanisms.

8
E-Services security policy - example
9
Negotiation requirements

• The policy measures to be negotiated must be
  clear and understandable.
• The consumer may negotiate any subset of measures
  in the policy.
• There needs to be some form of trusted online
  help for the consumer in cases where it is
  difficult to know what choice to make in a
  particular step in the negotiation.
• The consumer normally initiates negotiation after
  finding the e-service that he wants to use.
  However, when a provider changes its service and
  requires new measures, it may initiate a policy
  negotiation with the consumer.
• Negotiation may be terminated by either the
  consumer or the provider, at any step in the
  negotiation. If so terminated, the associated
  e-service may not proceed.
• The user interface for the negotiation must be
  easy to use, intuitive, and trustable (i.e. give
  the user a sense of ease that everything is
  working as stated or planned).

10
Negotiation requirements

• Each side is represented by a software agent.
  Agent acts on behalf of the consumer to
  receive/send negotiation messages from/to the
  provider. Another agent serves the provider in
  the same way. These agents also perform
  validation checks on the information to be sent.

11
Negotiation requirements

• Steps in negotiations

• Order of negotiations

Consumer
Provider
Req SP
SP
Consumer compares SP to his security preferences,
finds mismatch
SP1
SP2
SP3
SPn
SPn
Successful negotiation after n steps (SPn SPn)
12
Help for negotiation

• Fulfilling negotiation requirement 3
• For privacy policy negotiation, help for the
  consumer to know what offer to make can be
  obtained using the experience of reputable others
  who have negotiated the same or similar items
  before.
• For security policy negotiation, similar help can
  be obtained by looking at policies that have been
  successful in thwarting attacks and then using
  these policies to guide what offers to make.

13
Policy negotiation for Web Services

• The SOAP message that initiates a web service
  would instead request a comparison of policies
  and then if necessary carry on with the above
  negotiation steps through an exchange of SOAP
  messages.
• Only after the privacy policy negotiation is
  successful would the SOAP message to execute the
  service be sent. Where a negotiation fails, the
  consumer would access the UDDI directory again to
  find another provider and start the negotiation
  stages all over again (or find ways to satisfy
  the providers security policy).
• Provider privacy and security policies could be
  stored in the UDDI.

14
Other related work

• Semi-automated generation of personal privacy
  policies uses community consensus to normalize
  privacy levels which are then used to map privacy
  rules as selected by the consumer using a privacy
  slider.
• Comparing and matching personal privacy policies
  by comparing and matching privacy levels assigned
  to privacy rules through community consensus.
• Use of a Privacy Policy Compliance System (PPCS)
  for ensuring privacy policy compliance.
• Prototype for negotiating privacy and security
  policies.

15
Conclusions

• Consumers will want their privacy and security
  preferences respected. Providers will have to
  comply or loose business. Negotiation of personal
  privacy and security policies is a good way for
  providers to respect consumer preferences.
• Personal privacy and security policies have to be
  understandable by consumers and therefore should
  not be obscure or too complex. They should
  resemble as much as possible processes with which
  consumers are already familiar.
• The approach given above for policy negotiation
  can be implemented in web services.

16
About Us

• National Research Council Canada
• Herzberg Institute of Astrophysics
• Institute for Aerospace Research
• National Institute for Nanotechnology
• Institute for Information Technology
• Software Engineering
• Computational Video
• Visual Information Technology
• Integrated Reasoning
• Interactive Information
• High Performance Computing
• Information Security (4 full-time researchers)

17

• Thank-you