Note: this blog is a mirror of my HP Labs Blog, on the same topic, accessible at: http://h30507.www3.hp.com/t5/Research-on-Security-and/bg-p/163

Monday, January 9, 2012

Call for Proposals: HP Labs Innovation Research Program 2012 – Deadline: January, 27th

HP Labs' Innovation Research Program (IRP) is designed to create opportunities at colleges, universities and research institutes around the world for collaborative research with HP. Through an annual, open Call for Proposals (CfP), we solicit your best ideas on a range of targeted research topics with the goal of establishing new research collaborations.

The Guide to the 2012 IRP has been published; please read it carefully before submitting your proposal. The submission deadline is January, 27th .

Specifically I am encouraging proposals in the space of The Cloud and Security – see the Guide at Page 5.


--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---

HP Labs: Innovation and Delivery in the areas of Dynamic Consent and Privacy Management

During the last 6 months, HP Labs provided key contributions involving the overall coordination of the UK collaborative EnCoRe project, the release of public architectural documents and the development of fully working R&D solutions in the areas of dynamic consent and privacy management.

Specifically this includes:

1. The Third EnCoRe Technical Architecture (D2.3) document;
2. The final HP Labs’ EnCoRe Service Framework: a General, Reference Implementation for Dynamic Consent and Privacy Management;
3. The HP Labs Demonstrator for Cabinet Office/Identity Assurance;
4. HP Labs papers on EnCoRe, dynamic consent and privacy management.
My previous blog posts provide the details.



--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---

EnCoRe: Third Technical Architecture D2.3

HP Labs led the overall design and delivery of the third EnCoRe Technical Architecture along with the release of a related EnCoRe public architectural document, D2.3 [1]. This architecture focuses on the third EnCoRe case study, centered on the UK Cabinet Office/Identity Assurance Programme [2].

The first EnCoRe Technical Architecture [3] was designed to fulfill the basic privacy management requirements of the first EnCoRe case study, centred on employee data and focusing on an organisational context. The second EnCoRe Technical Architecture [4], based on a Biobank scenario, fulfilled additional requirements including: the need to support more flexible and compelling privacy-aware policies beyond access control such as obligation policies; the need to ensure that data subjects’ privacy preferences are taken into account and enforced when personal data is shared with third parties. This architecture was designed to support future needs such as the ones related to the third case study. The third EnCoRe Technical Architecture primarily refines and finalises previous specifications in the following areas: flexible expression of privacy preferences (choices); tracking of data whereabouts; privacy-aware access control policies and obligation policies; sticky policies; logging, auditing and compliance checking. These refinements are driven by additional knowledge and requirements gathered in EnCoRe, during the second and third case studies.

Various use cases, related to the UK Cabinet Office/Identity Assurance Programme, have been taken into account to illustrate how EnCoRe can provide the desired capabilities in terms of dynamic consent and privacy management.

The third Technical Architecture document describes the resulting final EnCoRe architecture. Although inspired by, and focused on, the specifics of the third EnCoRe case study, this architecture is much more widely applicable than to just that scenario, being suitable for use in other scenarios where an individual (the data subject) discloses his or her personal data to an organisation, which may wish to disclose it to other organisations. Its legal ability to do so may depend on the specific details of the consent, granted by the data subject at the time of disclosure. At that time, the data subject may not be fully aware of the implications of granting consent, and/or may select the simplest consent options offered by the organisation. Later, perhaps after becoming more aware of these implications, or having just changed her mind, the data subject may wish to revoke the previously granted consents and be sure that her new wishes will be respected by all the organisations that have (or have access to) copies of the personal data she disclosed. In order for this to happen, a complex set of interactions, between and within the involved organisations, is required. The EnCoRe architecture provides the framework for these.

The third EnCoRe Technical Architecture document also provides clear and refined guidelines towards the implementation of a related technical solution, consisting of secure and self-standing services to support dynamic consent and privacy management within and across organizations.

These guidelines have been taken into account in the HP Labs’s EnCoRe Service Framework, which provides a general, reference implementation of the EnCoRe architecture and its core capabilities, as well as a framework to carry out additional research & development activities.

[1] D2.3 Technical Architecture for the third realized Case Study,, http://www.encore-project.info/deliverables_material/D2_3_EnCoRe_Architecture_V1.0.pdf
[2] UK Cabinet Office, Identity Assurance (IdA) Programme Statements, http://services.parliament.uk/hansard/Commons/ByDate/20110518/writtenministerialstatements/part003.html
[3] D2.1 Technical Architecture for the first realized Case Study, http://www.encore-project.info/deliverables_material/D2.1%20EnCoRe%20Architecture%20V1.0.pdf
[4] D2.2 Technical Architecture for the second realized Case Study, http://www.encore-project.info/deliverables_material/D2_2_EnCoRe_Architecture_V1.0.pdf

--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---

HP Labs’ EnCoRe Service Framework: a General, Reference Implementation for Dynamic Consent and Privacy Management

HP Labs completed the development of the EnCoRe Service Framework for the management of dynamic consent and privacy within and across organisations [5]. This framework provides a general, reference implementation of EnCoRe technical capabilities, fully consistent and compliant with the third EnCoRe Technical Architecture [1].

The HP Labs Service Framework supports four general use cases that apply to all case studies explored in EnCoRe:

· A data subject (end-user) submits his/her personal data to an organization along with the expression of their consent preferences;
· An entity within the organisation trying to access personal data and being constrained (in so doing) by related data subjects’ consent preferences and policies. The organization uses EnCoRe to explicitly enforce (privacy) preferences and policies;
· The disclosure of personal data to a third party, along with associated consent preferences, via the sticky policy mechanism;
· A data subject subsequently changes their mind and modifies/revokes their consent. Changes are automatically propagated to all the involved parties;

More details about these use cases are available [1].

A fully working prototype has been built by HP Labs, to fully illustrate the capabilities of the EnCoRe Service Framework and the four general use cases.

Specifically, the Service Framework implements the following key EnCoRe Architectural capabilities [1]: module for the configuration of supported Privacy Preferences and Policies; the Consent/Revocation Provisioning module; the Data Registry module; the Privacy-aware Access Control module; the Obligation Management module; Internal and External Workflow Management modules; the Sticky Policy Management module; instantiation of types of Privacy Preferences, various Access Control and Obligation Policies.

The various components of the Service Framework have been implemented to run as self-standing, secure and distributed services within an organisation. The goal is to ensure that early adopters of the EnCoRe toolkits can use this framework to explore its privacy management capabilities and deploy an extended version of it within their IT operational environments.

The implementation uses state-of-the-art technologies based on the Java framework. It uses the REST [6] methodology and approach for a quick and flexible development of service interfaces and the exchange of information between the involved services. The EnCoRe components are implemented as self-standing RESTful services [7]. These service components can be distributed across different IT systems based on needs. Their implementation supports state-of-the art security, including encryption of data and secure SSL communication. The representation of information that is exchanged between these EnCoRe components uses the XML technology to support future extensions and quick adaptation to the needs of different organisations and their IT operational environments.

This framework has been used by HP Labs as a platform for experimentation of innovative privacy management and consent/revocation solutions. Specifically, HP Labs used it to develop and deploy advanced solutions for: the tracking of whereabouts of personal data (via an enhanced version of the Data Registry component); the management of sticky policies by means of a variety of possible technical approaches. The service framework now fully supports sticky policies as the mechanism to exchange personal data and privacy preferences across parties, in a safe and accountable way. A reference implementation is available as described in [8].

The HP Labs Service Framework is also an agile platform to develop demonstrators for a variety of needs, including prototypes of the overall system for the EnCoRe engagement with the Cabinet Office Identity Assurance Programme [2].

HP Labs are exploring the opportunity to release this Service Framework in the context of an Open Source initiative. This option is currently being discussed within EnCoRe and various involved organisations: a decision will be made towards the end of the project (April 2012).

[1] D2.3 Technical Architecture for the third realized Case Study,, http://www.encore-project.info/deliverables_material/D2_3_EnCoRe_Architecture_V1.0.pdf
[2] UK Cabinet Office, Identity Assurance (IdA) Programme Statements, http://services.parliament.uk/hansard/Commons/ByDate/20110518/writtenministerialstatements/part003.html
[3] D2.1 Technical Architecture for the first realized Case Study, http://www.encore-project.info/deliverables_material/D2.1%20EnCoRe%20Architecture%20V1.0.pdf
[4] D2.2 Technical Architecture for the second realized Case Study, http://www.encore-project.info/deliverables_material/D2_2_EnCoRe_Architecture_V1.0.pdf
[5] EnCoRe, HP Labs Service Framework, http://www.encore-project.info/newsletters/newsletter03/EnCoReAUG2011.html
[6] REST, http://en.wikipedia.org/wiki/Representational_state_transfer
[7] RESTLET, RESTful web framework for Java, http://www.restlet.org/
[8] Siani Pearson, Marco Casassa Mont, Sticky Policies: An Approach for Managing Privacy across Multiple Parties, IEEE Computer Magazine, Volume 44, Number 9, September 2011, 2011

--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---

EnCoRe Demonstrator for UK Cabinet Office/Identity Assurance Programme

HP Labs developed a fully working demonstrator to illustrate the EnCoRe capabilities (for dynamic consent and privacy management) in the context of the UK Cabinet Office/Identity Assurance Programme. This demonstrator fully leverages the EnCoRe third Technical Architecture [1] and the related HP Labs’s prototype based on the EnCoRe Service Framework [5].

The Identity Assurance Programme [2] aims to deliver a rich ecosystem of services and to use standard federated identity management solutions to enable the relevant interactions between citizens (users), Identity Providers (IdP), the Hub, Attribute Providers and Public/Private Service Providers (PSPs).

Specifically, a citizen, when trying to access an online PSP service, is redirected, via the Hub, to a trusted IdP of choice, where they can be identified and authenticated. The citizen does this by providing their authentication credentials (the type of credentials to be used might change depending on the required level of assurance).

Once authenticated at the IdP site, a Minimum Data Set (MIDS i.e. basic personal data such as name, surname, etc.) necessary to identify the data subject is passed to the Hub that might enrich it by adding additional information retrieved from Attribute Providers. Finally the Hub passes the MIDS data, along with any additional information, to the PSP, for local matching if identities (i.e. local identification/authentication) and to enable the citizen to access the desired services. The goal is to ensure that the asserted identity of a citizen can be successfully used at the PSP site, to identify the citizen based on the locally available information.

It is important to notice that, in the described scenario, lots of personal data can potentially be exchanged between the various stakeholders, related to authentication, matching (MIDS) and business transactions. To make this programme successful, it is important that citizens (data subjects) have control over how their personal data is disclosed between the various stakeholders and subsequently used; they must be allowed to change their consent and related privacy preferences at any time; they must have degrees of assurance that their preferences are enforced by the various stakeholders.

EnCoRe helps to provide citizens with the desired level of control over their personal data and the involved organisations with mechanisms and solutions for enforcing privacy and consent.

The HP Labs’ demonstrator illustrates how this can be achieved in practice, by animating the following key use cases:

-Use Case 1: a citizen (data subject) provides consent for the use of their personal data as MIDS
-Use Case 2: a citizen provides consent for the use of selected Attribute Providers for the MIDS matching process
-Use Case 3: a citizen provides consent for sending / using further Verified Attributes
-Use Case 4: ensuring privacy in transactions through the Hub by using sticky policies
-Use Case 5: changing and propagating data & consent updates
-Use Case 6: a citizen revokes consent for an IdP to hold their data at all

More details about these use cases are available [1].
The demonstrator uses the HP Labs’ EnCoRe Service Framework (and prototype, deployed via an EnCoRe toolbox) within 3 simulated environments: an IdP, the Hub and the Service Provider.

The demonstrator focuses on the viewpoint of end-users (citizens), administrators and employees. It illustrates how dynamic consent and privacy management can be achieved in this context.

HP Labs are available to provide demos to illustrate EnCoRe capabilities in the context of the Identity Assurance scenario and other scenarios.



[1] D2.3 Technical Architecture for the third realized Case Study,, http://www.encore-project.info/deliverables_material/D2_3_EnCoRe_Architecture_V1.0.pdf
[2] UK Cabinet Office, Identity Assurance (IdA) Programme Statements, http://services.parliament.uk/hansard/Commons/ByDate/20110518/writtenministerialstatements/part003.html
[3] D2.1 Technical Architecture for the first realized Case Study, http://www.encore-project.info/deliverables_material/D2.1%20EnCoRe%20Architecture%20V1.0.pdf
[4] D2.2 Technical Architecture for the second realized Case Study, http://www.encore-project.info/deliverables_material/D2_2_EnCoRe_Architecture_V1.0.pdf
[5] EnCoRe, HP Labs Service Framework, http://www.encore-project.info/newsletters/newsletter03/EnCoReAUG2011.html
[6] REST, http://en.wikipedia.org/wiki/Representational_state_transfer
[7] RESTLET, RESTful web framework for Java, http://www.restlet.org/
[8] Siani Pearson, Marco Casassa Mont, Sticky Policies: An Approach for Managing Privacy across Multiple Parties, IEEE Computer Magazine, Volume 44, Number 9, September 2011, 2011

--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---

HP Labs papers on EnCoRe, Dynamic Consent and Privacy Management

HP Labs have contributed to the dissemination of EnCoRe and related principles by means of HP internal and public presentations as well as with a variety of papers and articles published in prestigious, international conferences and magazines.

This post provides a list of selected, recent publications that illustrate HP Lab’s work in EnCoRe and future R&D directions:

- Siani Pearson, Marco Casassa Mont, Liqun Chen and Archie Reed, “End-to-End Policy-Based Encryption and Management of Data in the Cloud”, IEEE CloudCom 2011, 2011

- Siani Pearson and Marco Casassa Mont, “Sticky Policies: An Approach for Privacy Management across Multiple Parties”, IEEE Computer, vol 44, issue 9, pp. 60-68, September 2011

- Siani Pearson, “Towards Addressing Privacy, Security and Trust Issues related to Cloud Computing”, to appear in Privacy and Security for Cloud Computing, Computer Communications and Networks, Springer, 2012

- Nick Papanikolaou, Siani Pearson, Marco Casassa Mont and Ryan Ko, “Towards Greater Accountability in Cloud Computing through Natural-Language Analysis and Automated Policy Enforcement”, HPL-2011-118. Available via http://www.hpl.hp.com/techreports/2011/HPL-2011-118.html

- Nick Papanikolaou, Siani Pearson and Marco Casassa Mont, “Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography”, HPL-2011-117. Available via http://www.hpl.hp.com/techreports/2011/HPL-2011-117.html

- Yun Shen and Siani Pearson, “Privacy Enhancing Technologies: A Review”, HPL-2011-113. Available via http://www.hpl.hp.com/techreports/2011/HPL-2011-113.html

- Siani Pearson, “Toward Accountability in the Cloud”, View from the Cloud, IEEE Internet Computing, IEEE Computer Society, July/August issue, vol. 15, no. 4, pp. 64-69, 2011.

- Siani Pearson, Marco Casassa Mont and Gina Kounga, “Enhancing Accountability in the Cloud via Sticky Policies”, Secure and Trust Computing, Data Management and Applications, Communications in Computer and Information Science, vol. 187, Springer Berlin Heidelburg, pp. 146-155, 2011.

- Nick Papanikalaou, Siani Pearson and Marco Casassa Mont, “Towards Natural-Language Understanding and Automated Enforcement of Privacy Rules and Regulations in the Cloud: Survey and Bibliography”, Secure and Trust Computing, Data Management and Applications, Communications in Computer and Information Science, vol. 187, Springer Berlin Heidelburg, pp. 166-173, 2011.

- Marco Casassa Mont, Siani Pearson, Sadie Creese, Michael Goldsmith, and Nick Papanikolaou. “A Conceptual Model for Privacy Policies with Consent and Revocation Requirements.” Privacy and Identity 2010, volume 352, IFIP Advances in Information and Communication Technology, Springer, 2011.

- Siani Pearson and Azzedine Benameur, "A Decision Support System for Design for Privacy", Privacy and Identity 2010, volume 352, IFIP Advances in Information and Communication Technology, Springer, 2011.

- Marco Casassa Mont, Gina Kounga, Siani Pearson and Archie Reed, “End-to-End Policy-Based Encryption and Management of Data in the Cloud”, Proc. HP Techcon 2011.


--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: use this mirror blog if you prefer posting on an external blog site ---
--- NOTE: my original HP blog can be found here ---