Privacy Enhancing Identity Management Using the Semantic Web

Objectives:

To investigate whether the W3C’s semantic web suite of standards may be used to improve privacy protection in identity management scenarios.

Contact:

The contact for this research project is here.

PhD Thesis:

The research project has been summarized as part of a PhD thesis defended at the Gdansk University of Technology in 2010:

Giles Hogben:
"A privacy enhancing identity management framework using the semantic web"
(The Polish title: " Wspomagająca prywatność struktura ramowa zarządzania tożsamością z wykorzystaniem Semantic Web”)
Download PDF (2.7 MB)


Rationale:

The domain of this report is the protection of privacy in the request and disclosure of personally identifiable data: privacy enhancing electronic identity management. The report identifies a set of requirements in this domain, which are not satisfied by existing identity management frameworks. This includes important requirements imposed by European data protection legislation as well as those for integrating privacy protection frameworks into enterprise data architectures and common data exchange scenarios.

The report shows how a new model of identity, along with a proposed Semantic Web Identity Management (SWIM) Framework, can be used to satisfy these requirements.

Approach:

The report achieves this through the following steps:

  • The definition of a set of scenarios as a basis for deriving requirements for privacy and identity management frameworks.

  • A review of existing technologies and frameworks related to the proposition. There is a particular focus on W3C’s P3P 1.0 and P3P 1.1 specifications since these are the most important existing standards in the problem space.

  • A review of the legal and regulatory environment in which these scenarios take place. This is an important source of requirements for the framework.

  • A formal model of important concepts used in Identity Management and their relationships.

  • On the basis of the above scenarios, the above identity model the derivation of a set of legal and technical requirements for a privacy and identity management framework.

  • A gap analysis with existing available technologies applicable to these scenarios.

  • A proposal for semantics, syntax, architecture and technologies for prototype implementation, which satisfy the requirements, that is, the SWIM framework.

  • An experimental validation of the SWIM framework via a prototype implementation and a set of key test cases focusing on the satisfaction of the requirements.

  • Review of the SWIM framework and benchmarking against the requirements.

Schedule:

  • The thesis project was officially begun in 2006.

  • The main research was conducted as part of the EU’s PRIME (Privacy and Identity Management in Europe) project between 2004 and 2006.

  • Between 2006 and 2009, the work done as part of the PRIME project was refined and enhanced into a holistic framework, called the SWIM (Semantic Web Identity Management) framework, described in the report.

  • The thesis was defended in March 2010.

Results:

The most innovative contribution of this thesis is a framework which provides:

  • A formal, consistent and comprehensive model of identity concepts with many important implications.

  • The ability to manage private credentials as evidence for identity data.

  • The expressivity to allow truly minimised requests for data.

  • Policy evaluation over inferences from data.

  • Consistent and user-friendly display of human-readable information.

  • The ability to define rules governing for credential release based on usage history and linkability implications.

Publications:

The work presented in this thesis has been published by the author in the proceedings of several international conferences, as well as research reports. The following describes the most important mappings between these publications and the report:

  • Scenario: Ambient intelligence based on:

    • Giles Hogben (section): PRIME Framework Public Deliverable, Section 6.6, P.87.

  • P3P description and text on P3P base data schema published in:

    • Giles Hogben, Tom Jackson, Marc Wilikens: A Fully Compliant Research Implementation of the P3P Standard for Privacy Protection: Experiences and Recommendations, vol. LNCS 2502, pp.104-125 (2002).

    • Lorrie Cranor, Dobbs Brooks, Serge Egelman, Giles Hogben et al: W3C P3P 1.1 Specification (2006).

  • Formal model of identity and work on identity terminology based on:

    • Giles Hogben (section), PRIME Framework Document, Terminology Chapter, P.20.

    • Giles Hogben, Marc Wilikens, Ioannis Vakalis: On the ontology of digital identification. In : Proceedings of On the Move to Meaningful Internet Systems 2003, vol. LNCS 2889, pp.579-593 (2003).

  • Significant parts of chapters on implementation published in:

    • Giles Hogben, Dieter Sommer: A meta-data and reasoning framework for open assertion and evidence exchange and query. Research report RZ3674, IBM, Zurich (2006).

    • Giles Hogben: An open assertion and evidence exchange and query language - requirements and abstract syntax. In : W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement (2006).

    • Giles Hogben: Describing the P3P base data schema using OWL. In : Proceedings of Workshop on Policy Management for the Web at WWW2005, Chiba, Japan (2005).

  • Work in on data handling policies is published in:

    • Giles Hogben: P3P Using the Semantic Web, W3C Working Group Note (2004).

  • HCI Functionality based on contribution by the author to:

    • Giles Hogben: section of PRIME Project, HCI guidance and proposals.

    • Giles Hogben: An extensible policy editing API for privacy and identity management policies. In : Proceedings of Workshop on Policy Management for the Web at WWW2005, Chiba, Japan (2005).

  • The following works by the author are also influenced by the work in this report (and vice-versa):

    • Ingo Naumann, Giles Hogben: Privacy Features of European eID Card Specifications, ENISA (European Network and Information Security Agency) (2009).

    • Giles Hogben, Konstantinos Moulinos, Mapping IDABC Authentication Assurance Levels to SAML v2.0, ENISA (European Network and Information Security Agency) report, 2008.

    • Giles Hogben, An extensible policy editing API for privacy and identity management policies, Proceedings of PM4W at WWW2005, Chiba, Japan, W3C, 2005.

    • Thomas Roessler, Giles Hogben, Marco Cassasa-Mont, Siani Pearson, Rule Language Requirements for Privacy-Enabled Identity Management, Proceedings of W3C Workshop on Rule Languages for Interoperability, W3C, 2005.

    • Lorrie Cranor, Giles Hogben et al, The Platform for Privacy Preferences 1.1 (P3P1.1), W3C Specification Draft, W3C public document, 2005.

    • Giles Hogben, Combatting spAMI: Principles of design for privacy in the Ambient Intelligence world, Proceedings of conference - Tales of the Disappearing Computer Conference, CTI Press, 2003, pp.281-291.

    • Giles Hogben, A Technical Analysis of Problems with the Platform for Privacy Preferences v1.0 and Possible Solutions, Proceedings of W3C Future of P3P Workshop, W3C, 2002.