News Feed
Forgot your password?
New user?
WP4 Information Protection
D4.1- TAS3 Identifiers and Discovery.pdf
TAS3 Identifiers and Discovery Accepted by European Commission in June 2009. Identifiers and Discovery Executive Summary: This document describes identifier and token issuance considerations and services. It describes two principal categories of privacy friendly identifiers, the persistent and transient Name IDs that are difficult to guess and not shared across participants of a federation. The data model of the federation databases is discussed and it is noted that the databases of an Identity Provider, discovery, linking service, and ID Mapper are highly similar and that a common implementation choice is to have the same system entity offer all these interfaces from a single database. However, to support separation of duties, an alternate model with separate databases and controlled synchronization is presented as well. The issuance of tokens by an ID Mapper in various specific situations is discussed. The properties of the tokens and the necessary policy and audit safeguards are presented. We cover user-present, pre-authorized, and not-present cases as well as token based delegation. A conclusion about token revocations is that most short term tokens do not need a revocation mechanism. In case of the Identity Mapper (IM) bootstrap token, which due to the logistics has to be long lived, specific risk mitigation strategies are adopted. In any case all derived tokens will be short lived and authorized upon token creation, effectively providing revocation of the IM bootstrap. The role of the Registry Server in locating per-user resources is discussed. We also discuss how the Registry Server integrates with the On-line Compliance Testing and Trust Network’s partner intake process. Finally an exposition of the Trust and Privacy Negotiation functionality is presented, including user interface driven front channel and discovery driven back channel approaches. Gap analysis is provided to see how the two phases of the back channel approach, discovery and service call, satisfy the essential needs to communicate policy pledges and policy requirements.
TAS3_D4p2.pdf
TAS3 Specification of secure data repositories and authoritative sources Accepted by European Commission in June 2009. - Executive Summary: This document describes the security mechanisms that are needed to control access to data repositories. Data repositories (or repositories for short) are web based resources that hold data in a secure and privacy preserving manner. They provide web services interfaces that allow the data to be input, updated, retrieved and deleted. Repositories will hold data of varying sensitivity levels. They may store publicly readable data, or they may store very sensitive data such as medical records. The data may be accessed by the data owner, the data subject, or by third parties. In particular this document describes how data subjects can delegate their access rights to third parties, regardless of whether those third parties are already known to the data repository or not. The TAS3 project is primarily concerned with data that is personal, so called personal identifying information (PII). PII can generically be thought of as the attributes of a person, such as their age, name, address, qualifications, medical details etc. This deliverable introduces the concept of an authoritative source (or authentic source – the terms are synonymous) which is the trusted source of a particular data item (or personal attribute). It is preferable that relying parties who wish to access the PII assets of subjects, obtain them from their authoritative sources rather than from “any old” data repository. In this context, it is preferable that personal information from a set of different authoritative sources can be merged together to form a composite data object, without actually copying the data from its authoritative sources to a third party repository. This document describes how such composite objects can be built and secured by using “proof of ownership” references to the authoritative sources. The use of references honours the principle of data collection minimization. It also alleviates the integrity problems associated with data duplication and the existence of multiple distributed copies (replicas and/or caches). Appendix 1 of this document presents a set of use cases for using secure repositories and indicates the steps involved when a user: first registers with a repository, creates a PII asset in a repository (including the sticky policy to go with it), delegates access rights to a third party, and deletes her account and PII asset from the repository. It also shows the step involved when a third party accesses the repository to either read or append information to the PII asset, and follows the proof of ownership references to retrieved embedded PII assets. Finally this deliverable shows how secure repositories can be mapped onto the TAS3 architecture and the recommended service oriented protocols.
TAS3_D04p3 WP4_Implementation V2p1.pdf
TAS3 D4.3 Accepted by European Commission in March 2010. Executive Summary: The requirements assessment report (D1.2) has pointed out that WP4 Information Protection has two central high-level requirements. The first refers to the possibility to demonstrate to lay users the complex security and trust features of the TAS3 system. The second refers to the ability of providers to prove that they processed the information and services in accordance to the required policies. The present version of the deliverable version introduces trust and privacy negotiation and its integration into K.U.Leuven prototype, as described in the previous version of the deliverable. The deliverable has been re-organised as follows. Section 2 introduces trust negotiation concepts and the extension of the TrustBuilder2 framework Section 3 introduces the prototype software Section 4 provides a tutorial on how to use the prototype Section 5 describes the integration of trust negotiation into the prototype Section 6 describes how to execute the “break the glass” scenario, and Section 7 provides a roadmap for future releases Section 8 illustrates an example of the source code of the prototype The present version of this deliverable builds on the system independent and protocol agnostic prototype of the TAS3 ecosystem that has been presented in the first version of this deliverable. Future versions of this deliverable will bridge the dummy functionality of the demonstrator framework with the TAS3 actors to illustrate that the information that has been processed within a TAS3 system has been processed according to and in compliance with the user-centric policies.
TAS3_D4p3_v1p1.pdf (deprecated)
TAS3 WP4 Implementation (Integrated secure repositories) Accepted by European Commission in June 2009. - Executive Summary: The requirements assessment report (D1.2) has pointed out that WP4 Information Protection has two central high-level requirements. The first refers to the possibility to demonstrate to lay users the complex security and trust features of the TAS3 system. The second refers to the ability of providers to prove that they processed the information and services in accordance to the required policies. The present version of this deliverable introduces a system independent and protocol agnostic prototype of the TAS3 ecosystem which addresses the first requirement. Future versions will extend this prototype to address the other WP4 requirements. This prototype is built using the demonstrator framework of K.U.Leuven that provides an ecosystem within which different actor types can be defined and instantiated. These actors provide dummy functionality by default, but can easily be linked to real life instances of genuine service providers. Each of these actors (e.g., an information repository, a medical doctor, a hospital, an employment agency…) is able to communicate through the framework with each other actor. The security level of this communication (insecure, authenticating all outbound traffic, encrypting all communication, or authenticating and encrypting all communication), is specific to the policy of the actor, i.e., whether the actors can effectively communicate with one another is subject to both actors’ respective policies. The demonstrator framework provides this communication policy enforcement by default. The actors that have been specifically defined and instantiated for the TAS3 ecosystem (cf. section 5) are those necessary to illustrate the break-the-glass principle that has been elaborated on in D7. In addition to these actors, the TAS3 specific functionality has been developed and integrated in this framework.
