• No results found

PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "PRIVACY AWARE ACCESS CONTROL FOR CLOUD-BASED DATA PLATFORMS"

Copied!
23
0
0

Loading.... (view fulltext now)

Download now ( 23 Page )

Full text

(1)

Open-Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

“Open-Source, Web-Based, Framework for Integrating Applications with Social Media Services and Personal

Cloudlets”

www.openi-ict.eu

PRIVACY AWARE ACCESS CONTROL

FOR CLOUD-BASED DATA

(2)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

OPENi Project

The OPENi research project aims to inspire innovation in

the mobile applications industry through the development

of an open-source platform for consumer-centric mobile

cloud applications.

(3)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

CSP Forum 2015

(4)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Mobile Client Library

To provide convenient access to the API, security,

and Personal Cloudlet frameworks, OPENi

provides the following mobile client libraries.

A cross-platform HTML/JavaScript library for use in

HTML5 and Apache Cordova mobile web-apps

A native Android client library.

(5)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Security framework

The security framework is responsible for access

control functionality and is tightly coupled with the

Cloudlet Framework.

It provides users more control over their personal

data and the cloud-based services that they

interact with.

(6)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

API framework

An open framework that is capable of interoperating

with a variety of cloud-based services.

Promotes innovation by offering application developers

a framework that will enable them to design and build

complex applications involving the combinations of

independent cloud-based services.

(7)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Personal Cloudlet Framework

Provides application consumers with a single location

to store and control their personal data.

In conjunction with the security framework, empowers

application consumers to remain in control of their data.

Consumers are assured their data is not being used

without their consent.

(8)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Personal Cloudlet Objectives

1.

To build key technological enablers to ensure the

practical applicability and efficient use of the OPENi

platform.

2.

To deliver an open source platform that will allow

application consumers to create, deploy and manage

their personal space in the cloud (Personal Cloudlet).

Each Personal Cloudlet constitutes an entity that will

be linked to its user's identity.

(9)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Personal Cloudlet Objectives

3.

To provide and promote a novel, user-centric

application experience of cloud-based services not

only across different devices but also inherently across

different applications.

4.

To ensure the OPENi platform maintains a low barrier

to entry for application developers and service

providers.

(10)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

How should a secure and privacy concerned web based

framework be developed in order to provide user-centric

management to dynamic data and APIs, while providing

the developer with the ability to access the data in a

privacy concerning manner?

(11)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Personal Cloudlet Framework

(12)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Data Storage Component

Capable of storing user, app-specific, and internal

cloudlet data.

Data may be in various forms such as text, graphical,

audio etc. therefore the data storage component of the

cloudlet framework is capable of accommodating

binary files as well as structured JSON data.

(13)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Notification

This component is responsible for communicating with

the platforms users. Current message transport

mechanisms supported are:

email

SMS

REST call

Server Side Events (SSEs)

Google Cloud Messaging(GCM)

(14)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Authentication, Authorisation, and

Accounting

Authentication and authorisation mechanisms are

handled by the security framework, however

accounting and auditing is handled in the cloudlet

framework.

The details of all access requests, subsequent actions

and cloudlet responses is monitored and logged by the

accounting component. These logs are available in the

cloudlet GUI for the cloudlet owner to inspect.

(15)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Data Access

All data is accessed via a set of APIs, namely Data API

and Type API. They ensure a consistent access point

for all services such as apps, the API framework, and

3rd party services.

In conjunction with the Authentication, Authorisation,

Accounting component and permissions, the cloudlet

owner is in full control of who and what can access

each piece of data in their Personal Cloudlet.

(16)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Cloudlet GUIs

To empower Cloudlet owners in the management of

their cloudlets they have a standalone GUI, separate to

the on app interface. GUI features include:

access logs viewing

preference editing

permissions editing.

(17)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Data Aggregator

The data aggregation component will offer 3rd parties

the ability to view aggregated user data from multiple

cloudlets while concealing the individual cloudlet

owner’s identity.

(18)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

User Centric & Privacy Preserving Features

JSON Web Tokens

Base64 encoded JSON objects

Enable REST based frameworks manage sessions and

claims

In OPENi used to apply context to 3

rd

party access to

personal cloudlets

Provide an OAuth 2.0 compliant workflow

(19)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

User Centric & Privacy Preserving Features

Data Reusability; App Interoperability

Data persisted in a NoSQL document store

Cloudlet is composed of a set of JSON Objects

All objects (user data) adhere to a predefined OPENi

Type

All types are public and can be reused by developers

across applications

(20)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

User Centric & Privacy Preserving Features

Fine Grained Access Control

Cloudlet objects have an associated permissions object

Permissions objects provide information on which apps

are allowed access the object

App developer can request access by object or type

Requests can be be scoped by type or app

Cloudlet owner can edit permissions based on type, app

etc

(21)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

User Centric & Privacy Preserving Features

User Dashboard

Data Browsing

View data categorised by type or app

Auditing

A view of access request/response

Permissions

View and edit permissions

Notifications

Set notifications for data access requests

(22)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open Source

GitHub:

https://github.com/OPENi-ict/

Cloudlet deployment script:

https://github.com/OPENi-ict/openi-deploy-script

https://github.com/OPENi-ict/openi-docker

(23)

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Open-CSP Forum 2015

Source, Web-Based, Framework for Integrating Applications with Cloud-based Services and Personal Cloudlets.

Thank You

References

Download now ( PDF - 23 Page - 806.69 KB )

Related documents

Novel actinobacterial diversity in arid Atacama Desert soils as a source of new drug leads

Nucleotide similarities (%) and differences based on almost complete 16S rRNA gene sequences showing relationships between strains isolated from a hyper-arid Atacama Desert soil

El Niño Southern Oscillation from the pre-instrumental era: development of logbook-based reconstructions; and evaluation of multi-proxy reconstructions and climate model simulations

6.11 Mean DJF surface temperature anomaly from ERA-Interim reanalysis and climate model simulations during El Niño (left) and La Niña events (right) years defined by one

Omicron Protection

Step 5: Performing a trip time test using the Hold function The timing functionality in the QuickCMC records the time from the last change applied to any of the outputs until any

Subtitle I Sense of the Senate Regarding Medical Malpractice

of beginning negotiations under subparagraph (A), the sub­ section (k) applicant and the reference product sponsor fail to agree on a final and complete list of which, if any,

CENTRAL NEW MEXICO ELECTRIC COOPERATIVE, INC. FIRST REVISED RULE NO. 14 CANCELLING ORIGINAL RATE NO. 14 LINE AND SERVICE EXTENSIONS

For a full-time residential home, set on a permanent foundation which complies with Local zoning requirements, and with a permanent water system and sewer or septic tank

Abstraction in ecology : reductionism and holism as complementary heuristics

The suggestion is to view traditional holistic ecological models, such as the Lotka-Volterra competition and predation models utilizing abstract resources or competition

Técnicas de criação, em latoratório, de Mahanarva fimbriolata (Stål) (Hemiptera: Cercopidae)

Figures: (1) cylindrical plastic cage to maintain adults; (2) sexual dichromism: male (left) and female (right); (3) detail of cotton disc (indicated by the arrow) for oviposition

Telemedicine MD consultations: satisfaction rates and use patterns among working-age adults

10 In order to compare the TelaDoc per consultation fees to the conventional care that patients would have used had TelaDoc not been available, Mercer assigned