Thursday, July 10, 2014

Enterprise Mobility: Secure Containerization


Last week, I've presented at the event “Small Device - Big Data: sicurezza in un mondo senza fili” organized by
department of Computer Science of the Sapienza University of Rome, related to the Master in Information Security.

My speech was about the enterprise mobility and Bring Your Own Device (BYOD) paradigm. I’ve introduced the new challenges related the enterprise mobility, the risks associate with devices mobile and the new security requirements that the enterprise needs to address, including the main aspects of the secure containerization: application wrapping, secure communication, encryption at rest and Data Leakage prevention (See slideshare presentation below).









Monday, June 23, 2014

User-Managed Access awarded 2014 Best Innovation in Information Security

I'm happy to announce that User-Managed Access (UMA) has won the 2014 Best Innovation/New Standard in Information Security award from the European Identity & Cloud Conference (EIC). More details about the award are available at Kantara press release page.
After almost a year since I've published a blog post about how UMA can be applied to the Life Management Platforms (LMPs) concept, last May, I presented, along with Maciej Machulak, Vice-chair at UMA WG (on the right in the picture below), this approach at the European Identity and Cloud Conference (EIC) 2014, in the track session "Standards for an Open Life Management Infrastructure", with the title "User-Managed Access: key to Life Management Platforms".
During the session, we have given a complete vision and an architectural approach how UMA fits very well with the new emerging trends related to Personal Clouds and in particularly to LMPs, as authorisation system for online personal data sharing model (see slideshare below).

I'm very happy for helping the UMA WG to receive the award!




Thursday, June 6, 2013

User-Managed Access for Life Management Platforms

The concept of Life Management Platform (LMP) was introduced last year in the Kupping-Cole's advisory note "Life Management Platforms: Control and Privacy for Personal Data".
The platform concept provides the tools to manage the essential information of every person’s life and making it usable for other parties through privacy-enhanced applications, thus meeting the privacy and security requirements.
LMP is about Personal Information Sharing which is an emerging trend for online personal daily life activities, including the interaction with financial credit, insurance, healthcare, etc..
Very similar to concepts like Personal Cloud, or Personal Data Store (PDS), LMP encourages the individual to control own data and for some aspects close to a Vendor Relationship Management (VRM) vision.

The key features of this new concept includes:
  • Secure store of the information
  • Granular access control for data
  • Information control remains with individual
  • Informed Pull and Controlled Push mechanisms for sharing data (see details below)
In the "Take Control of your Personal Data: An UMA perspective" blog post, I've explained how UMA protocol (also see the UMA spec) addresses the individual's privacy requirements in today's data sharing challenges, that includes social network, personal data store, personal cloud and emerging participatory data store.
UMA defines how an individual can control protected-resource access by clients operated by arbitrary requesting parties, where the resource reside on any number of resource servers, and where a centralized authorization server governs access based on individual policy.
For this features, I think that UMA protocol, which is a OAuth profile, is well suitable to be part of Life Management Platform for managing Privacy and Security requirements. (Also see the UMA case study on “subscribing to a friend’s personal cloud”.)
To give you an idea of this approach, the following diagram shows a possible (high level) LMP architecture integrated with UMA protocol. 

  • The individual (the resource owner) interacts with the LMP for managing own data.
  • LMP acts as Resource Server for the individual's data, protected by the UMA Authorization Server (AS).
  • UMA Authorization Server acts as centralized policy decision point where the individual control the authorization of data sharing and service access.
  • Clients act as data producer and data consumer respectively for "Informed Pull" and "Controlled Push" scenarios.
Apart of secure store of the information which is a specific feature of the platform, the others key features could be aspects of UMA features.
In LMP scenarios, an individual interacts for sharing life data with parties through two specific way:
  1. Informed Pull - LMP allows to consume information from other parties (i.e an individual issues a request for information to a group of banks to obtain the best offer for a personal loan).
  2. Controlled Push - LMP is a producer of individual data for other parties (i.e. an individual requestes access to a online insurance service to buy a car insurance, providing personal information and car details).
In the Informed Pull scenario, UMA AS is able to provide a LMP Consumer API protection, forcing the client to be authorized before that the LMP consumes the data published by the client on behalf of a Subject (i.e. a loan offer provided by a bank).

In the Controlled Push scenario, UMA AS is able to provide a control about how personal information will be disseminate with which parties in order to access to online service. 
In this case, the authorization process starts when the client on behalf of the requesting party (i.e the insurance company) requests access to individual data which are stored or produced by the LMP.

The authorization process is based on UMA Connection concept (see details about UMA Connection concept here), by which the client must be identified and invited to negotiate the individual's access policies (they may include trusted claims, individual terms and constraints).

The following picture shows an example of user interface where is visible the two approaches for managing life connections and life events respectively for Controlled Pull and Informed Push models.


Benefits of UMA approach for LMPs:
  • Inspired by Privacy By Design concept.
  • Built on top of OAuth v2 specification.
  • Provide a centralized and granular access control system.
  • Interoperable with trusted ecosystems.
UMA Implementations 
There are several active UMA implementations in different space of the data sharing models, including Personal Data Store, Life Management Platforms and at enterprise level. For more details refer to UMA Implementations page.



Thursday, March 7, 2013

A theoretical approach to the Right to be forgotten

Imagine a world where individuals can share personal information online with the possibility to control where the information are located, track all the copies of information derived, managing the right to request removal of data and effecting the erasure of removal of all exact or deviated copies of the items. This is called "right to be forgotten".

The right to be forgotten is included in the proposed regulation on data protection published by the European Commission in January 2012.

Despite the debates about this topic, related to the fact that in an open system like internet, the right to be forgotten cannot be enforced by technical means alone (see ENISA report about Right to be forgotten), I would like to demonstrate a theoretical model to address this regulation.
The model is inspired by the "Chain-link confidentiality approach" which can realistically be applied to the User-Managed Access (UMA) protocol.

A chain-link confidentiality regime would contractually link the disclosure of personal information to obligations to protect that information as the information moves downstream.The system would focus on the relationships not only between the discloser of information and the initial recipient, but also between the initial recipient and subsequent recipients.

UMA defines how resource owners (an individual) can control protected-resource (personal information) access by clients operated by arbitrary requesting parties (the recipients), where the resources reside on any number of resource servers (the provider of the personal information), and where a centralized authorization server governs access based on resource owner policy.

Applying Chain-link confidentiality approach to UMA, means to enforce the requester (client) to be itself a protected resource. The result is that the Client becomes a resource server for any personal information derived from the initial recipient (resource server), creating a chain of protection.
The assumption here is that the personal information at each chain node are exposed as web resource.

As result, an individual has the possibility to control where information are stored at the initial recipient, and track all the copies of information derived from it, following the chain of protection.
Through the UMA's Authorization Server, an individual has the possibility to manage the right to remove data from the resource servers, and delete any relationship with them.

The diagram below show how the proposed model addresses the complexity to represent the relationships and the control on the individual’s personal information distributed among different initial recipients and subsequent recipients. In the example is showed (in dotted line) a chain of protection, where the Bank (resource server) is the initial recipient for bank account information, and the Employer and the Loan Service are requesting parties as subsequent recipients which become protected resources.


Thursday, January 31, 2013

UMA Approach to Protect and Control Online Reputation

Reputation plays an important and crucial role in the today economy. According to the Wikipedia definition, Reputation of a social entity (a person, a group of people, an organization) is an opinion about that entity, typically a result of social evaluation on a set of criteria.

Rachel Botsman delivered an interesting talk at TEDGloab 2012, where she stated that the concept of trust, across multiple platforms, would constitute the currency of a new collaborative economy, asserting that "reputation capital creates a massive positive disruption in who has power, influence and trust."

Nevertheless, Prof. Giovanni Sartor in his article "Privacy, Reputation and Trust: Some Implication for Data Protection", analyzes the privacy versus reputation-based trust, where the privacy, as self-determination over one's own personal data, seems to conflict with reliance based upon reputation.

In order to mitigate and balance the privacy issues, providing a better control on own personal data and encourage a collaborative economy, it is possible formalize a new approach based on UMA protocol.

This approach assumes the support of a legal framework for data sharing and data protection, harmonized with the legal requirements and obligations needed for the proposed model.  More details about Binding Obligation on UMA participant are available here.

UMA Approach

User-Managed Access (UMA) is a profile of OAuth 2.0. UMA defines how resource owners can control protected-resource access by clients operated by arbitrary requesting parties, where the resources reside on any number of resource servers, and where a centralized authorization server governs access based on resource owner policy.

Consider the following scenario:
  • Alice (Resource Owner) is an active user of e-commerce sites: eBaj and e-Selling.
  • Both e-commerce sites (Resource Services) provide a reputation ranking mechanism and the possibility to protect this information with Global Reputation System (Authorization Server) with which Alice maintains the control on her own data.
  • In her e-commerce experience, Alice has had good and bad experiences, so she has an average reputation ranking for both sites equal to 3 of 5.
  • Bob is a buyer (Requesting Party), and he would buy a camera from eBaj site (Client), and he finds that Alice is selling that article.
  • Before adding the article in the shopping cart, Bob want be sure about the seller’s reputation.
The picture below shows an example e-Commerce UI that allows Bob to request and view the Alice's reputation ranking.

Bob adheres to Alice’s term of authorization, showing he’s a registered user at the ecommerce site.


Bob can view Alice’s global reputation ranking according to Sharing Policy controlled by Alice.


Based on UMA approach, the Resource Owner (Alice) is able to control all online reputation info through specific sharing policy or terms of authorization, called connection.
You can find more details about UMA Connection on the study which explores visualization techniques to enhance privacy control user experience for UMA protocol, as part of my work at Newcastle University, contributing on the Smart Project.

The following diagram describes an example of the connection structure applied to protect reputation data.

A Connection includes:
  • Protected resource - this is the ranking info end-point, or an aggregation of them if they are available on multiple e-commerce sites (resource servers). 
  • Requesting party - is the entity who is requesting to view the ranking. It's possible to define anonymous entities, registered users or users which provides specific trusted claims. 
  • Client or App which is allow to request access to the ranking reputation data. 
  • Constraints can be used to limit the access to the info, temporary access based, or based on scopes (i.e read review or see only the ranking points).

Benefits

UMA approach and the meccanism to centralize the policy decision for sharing reputation data provides three main important benefits:

Firstly, it provides a fundamental alignment with Privacy requirements to determine what information will be revealed to which parties and for what purposes, how trustworthy those parties are and how they will handle the information, and what the consequences of sharing their information will be. More details about this aspect can be found here.

The second benefit, that can be considered an innovative driver for encouraging a collaborative economy is the possibility and the capability to aggregate reputation data from different service provider to provide a more complete and consistent data.

The third benefit is related to the analytic capability which provides the ability to create a graph of the trust relationship among the parties involved on reputation data for a better reputation management. For more details about this topic, please see The Role of Data visualization here.

About UMA

Follow the links below for more info about UMA:

Friday, October 12, 2012

User-Managed Access for Higher Education

If you are interested on data sharing challenges about security and privacy, don't miss the next UMA work group webinar. 
Next week, the 17th of October (8am PT), UMA Work Group will conduct a free public webinar to discuss and provide live demonstrations of UMA’s benefits for the higher education community and other communities where data sharing presents security and privacy challenges. 

It will be show an extensive demo of how students can manage access by a variety of prospective employers to distributed, trusted information about their educational achievements.

One UMA implementation, the SMART system developed at Newcastle University, is working to help students control the sharing of Transcripts of Records and other personal data hosted on University systems with future employers. Recently, the system was integrated with the UK Federation to provide these benefits to other British universities.

Join us!

Find webex information at http://tinyurl.com/umawg. 
Follow the group on Twitter at @UMAWG, hashtag #UMAedu for news.

Tuesday, June 26, 2012

UMA at Oracle Community for Security

Last week I had the opportunity to spread the word about User-Managed Access (UMA) at the Oracle Community for Security in Italy.
Oracle Community for Security is an Italian community of qualified Oracle's partners. They have the goal to provide technical and business awareness to the enterprise and for the market. Last years they contributed on interesting studies (Italian) about the "Return on Security Investiments", "Healthcare Record Management", and "Privacy on Cloud and Mobile".
Since in the community there is a convergence of interests on Privacy and Persona Data Protection, I've explained UMA's concepts and benefits in this field, starting from the today's challenges: 
  • Privacy in the Social Networks, 
  • The emerging of the personal cloud, Personal data store (PDS),
  • The Participatory Personal Data.
All these phenomenas along with the mobile and pervasive computing are the main drivers of personal data collection, processing and data sharing, with a sensible impact for the privacy of the individuals.
This brief presentation (see slideshow below) describes these scenarios, and how UMA helps user to manage their personal data and sharing decisions.

Take Control of your Personal Data