Paper 4

ProProtect3: An Approach for Protecting User Pro le Data from Disclosure, Tampering, and Improper Use in the Context of WebID

Authors: Stefan Wild, Fabian Wiedemann, Sebastian Heil, Alexey Tschudnowsky, and Martin Gaedke

Volume 19 (2015)

Abstract

WebID is a new identi cation approach of the W3C. It enables managing pro le data associated to persons and services at self-defi ned places in the cloud. By relying on RDF vocabularies like FOAF for describing user profi le data, WebID contributes to the Semantic Web vision. While access to user profi les can be controlled with existing security mechanisms, they are not designed to protect sensitive data within user profi les from unwanted retrieval, malicious manipulation, and improper use. This article analyzes the risks that aff ect the knowledge stored in WebID-based user profi les. It therefore describes potential attack scenarios and outlines the challenges a solution must deal with. To tackle the problem of insuffcient protection, we propose ProProtect3. This approach enables identity owners 1) to create customized fi lters for sensitive data, 2) to verify the profi le data integrity, and 3) to restrict the rights of delegatees. For evaluating the ProProtect3 approach, we integrate it into a WebID identity provider.