A Guide to PrimeLife's Legacy
PrimeLife produced a wide variety of results, ranging from basic research to educational materials to demonstrators and product-level source code. All these results are available from PrimeLife's website. In an attempt to make our results more accessible, we here summarize the main results, grouped by the different PrimeLife Activities.I. Privacy for Life – New Concepts for Privacy
The aim of Activity 1 was to understand the various facets of privacy and identity management for scenarios and requirements that arise from Web 2.0 applications such as social networks, on the one hand, and the management of personal data throughout one's life, on the other hand.
Web 2.0 Applications
PrimeLife has identified two main issues: The first one is how users can detect and determine who has access to the data they make available, i.e., how they can segregate their audiences, and the second one is how users can assess the trustworthiness of information provided by others.
PrimeLife has come up with a number of solutions that enable audience segregation (D1.2.1). First, we have implemented our own social network platform Clique that enables users to easily set the audience of their postings and profile attributes. For the cases where the platform operator is not trusted, PrimeLife has developed a Firefox plug-in called Scramble! that achieves audience segregation using encryption. Second, we have integrated privacy-enhanced access control for collaborative workspaces based on Mediawiki and phpBB.
Addressing the second issue, the focus has been on developing new and advancing existing mechanisms such as user reputation and certification, trust-related metadata, privacy-friendly incentive system, and trust policies. These mechanisms have undergone a conscientious validation process by employing them in selected demonstrators, which are a trustworthy message board and the MediaWiki system that has been enhanced with author reputations, and user experiments.
Sustainable privacy and identity management throughout one's whole life
In the light of the world-wide unsolved challenges for privacy throughout life, PrimeLife has elaborated requirements and methods to tackle this problem space. It has turned out, that one of the key problems here is the management of one's personal data during the different areas and stages of life, delegation of rights and duties, and the dynamics of all of these. This includes, for instance, allowing a delegatee to access one's data in case one is in hospital and unable to act in such a way that access is denied to the delegatee if one is not in hospital. A detailed report and prototype are available (D1.3.1 and D1.3.2).
II. Privacy-Enhancing Mechanisms
Activity 2 was concerned with the investigation of open privacy issues and researching novel solutions and mechanisms that can be exploited as building blocks of future privacy-enabled technologies and applications. Besides the description of our research results that appeared in top international journals and conferences, PrimeLife's work also resulted in several prototype tools realizing the novel technologies developed by the activity so to make them usable by other activities within PrimeLife and by external parties (via the open source PrimeLife activities). We highlight the main results below and refer to the annual research reports for all results and details and references to our scientific publications (D2.1.1, D2.3.1, D2.4.1).
Cryptographic mechanisms
PrimeLife has developed a number of novel cryptographic schemes, mechanisms, and protocols (e.g., anonymous credentials, delegation of such, searchable encryption, and oblivious service access) that support users in protecting their personal privacy. Also, a Java-based implementation of the Identity Mixer (“idemix”) anonymous credential system that allows users to authenticate anonymously has been maintained and extended by the project.
Mechanisms supporting users' privacy and trust
The project has also developed novel mechanisms granting users the ability to control their privacy (e.g., transparency support tools) and, at the same time, to support interaction and collaboration of group/community members (e.g., privacy-respecting establishment of collaborative groups, and trust management via interoperable reputation systems). One tool that is available is Dudle, a privacy-enhanced scheduling application.
Privacy of data
PrimeLife investigated novel metrics and techniques supporting the management of privacy requirements as well as of efficient accesses to large data collections (e.g., shuffle index). One result of this is Pri-views, a Java-based tool that, given a collection of data, a set of sensitive associations, and a set of visibility requirements, computes data views in a way that no confidential information is released and required visibility over the data is satisfied.
Access control for the protection of user-generated data
A number of novel techniques for enabling the enforcement of access restrictions on user-generated data disseminated by external servers were put forth by PrimeLife. These techniques resulted in the tool called Over-encrypt, a client-server web application for the dissemination of encrypted resources, and the enforcement of an encryption policy efficiently implementing access authorizations on the encrypted resources.
III. Policy Languages, Authorization and Access Control
Policy languages are a key ingredient for the deployment of data minimization technologies such as Identity Mixer and the protection of personal data. PrimeLife spent a considerable effort and obtained strong results in the space of policy languages. First, we collected an extensive list of requirements within and outside of our project. We then performed scientific research to address the technical challenges posed by these requirements. Our results have appeared in major conferences and journals in the field, and cover areas as diverse as policy matching and composition, credential-based access control, sensitivity metrics, and the relation between technical and legal policies. Finally, we carried a number of our research findings into the design of the PrimeLife Policy Language (PPL), which offers a holistic approach to privacy-enhanced access control and data handling. We demonstrated the viability of our approach in a prototype implementation of the PPL engine. The credential-based access control component of PPL was released as open-source software, acting as a policy front-end to a variety of technologies, in particular Identity Mixer credentials. The following documents summarize this work:
Some of these concepts were input to standardization at OASIS, in particular an attribute predicate profile for SAML and XACML.
Finally, PrimeLife has made available an open-source credential-based authentication framework that integrates with Identity Mixer but also works with other credential systems such as X.509 attribute certificates.
IV. Human Computer Interactions
The protection of privacy and managing identity requires the involvement of users and it is indeed crucial that they understand how their data is dealt with by whom in what way and that they can effectively manage their data. To this end, Activity 4 has developed novel HCI evaluation methods and has conducted research on mental models and metaphors for PETs. Besides, it has developed and tested user interfaces for credential selection, policy authoring, a tool keeping track of the data users reveal, and all other open source products and prototypes developed within PrimeLife.
In doing this, PrimeLife has developed new methods, patterns, and guidelines that might be of interest:
-
PET USES (Privacy-Enhancing Technologies Users Self Estimation Scale), which has meanwhile also been used by other projects
-
HCI Patterns for PETS (D4.1.3)
-
Guidelines how to design and how to evaluate PETs (D4.1.6)
V. Infrastructures and Privacy
Infrastructure aspects have a significant impact on the adoption, security and privacy functionality of IdM systems in general, and of privacy-enhancing IdM systems in particular. Nevertheless, they are often overlooked. To fill this gap, Activity 6 researched service infrastructures capable of dealing with user-provided personal data in a secure and legally compliant way. In particular, multi-layered, cross-domain service composition scenarios (e.g., SOA) and the implications of down-stream data usage in larger systems were investigated (D.6.3.1, D6.3.2, H6.3.3). Also, the advantages of secure mobile devices in such scenarios were studied (D6.2.1, D6.3.2, D6.2.2). The key results were validated by the implemented complex test scenario using the PPL engine and evaluated against technical and legal requirements (D6.3.2, D6.3.3). In particular, the following documents are suited for use by other projects:
-
A simple, structured, and transparent economic valuation method for privacy-enhancing identity management services (D6.1.2)
-
Standardized APIs for isolation and storage in Trusted Execution Environments (D6.3.2)
-
Technical and legal requirements for privacy in SOA (H6.3.1)
-
An “Abstract Privacy Policy Framework” as blueprint for using privacy policies in service infrastructures (D6.3.2)
VI. Standardization, Education, and Open-Source
Raising awareness of the threats to privacy in a digital world and of the existence of mechanisms that allow for the protection of privacy was a main goal of PrimeLife. In particular because many of these mechanisms are counter intuitive and somewhat more difficult to use than the privacy-invasive alternatives.
Education
PrimeLife has organized a number of summer schools and tutorials and has published educational materials. The latter are available from the PrimeLife website. Also, the summer schools were very successful and a committee has been formed that will continue to organize these schools in the coming years. A summary of PrimeLife is published as a book by Springer. In particular, Chapter 26 of that book gives a list of recommendations to industry and policy makers.Open Source and Standardization
Most of the tools and demonstrators from PrimeLife are available for download and free use. Indeed, some of these tools have been or currently are being picked up by other EU-funded projects, including ABC4Trust, FI-WARE, SEPIA, and di.me. Those are just a few projects that employ results from the PrimeLife project.
Also, participants from PrimeLife are involved in many standardization initiatives such as W3C, ISO, IETF, and OASIS and provide input from the project.