Personal Information & User Control

Personal Information & User Control Challenges & Opportunities for eGovernment Luk Vervenne Synergetics nv

Agenda • User centric, user driven, user control, ... • Some trends & early adoptor projects • ‘MyPDS’ • Trust & Security for sharing P(I)I • Back to basics: some suggestions for regions and municipalities (Kortrijk - Mypage??)

From LMS to PLE Multiple Authoritive relations

Non-authoritive relations (free, social networks, ...)

a

b

c Educational Institute Employer Service providers

end-user user PLE user user Personal Learning Environment

Portfolio based Lifelong Employability Services IdP1 employability SP2

School SP1 offering SchoolPortfolio

1

offering JOB1

3

2

4 MyPDS

5

8 6

employability SP3 offering UWV services

employability SP4

7

IdP2

offering EVC

Personal Data Store The Business Processes of the “lifelong” sequence of Service Providers generate MORE data than they initially require for kickstarting their service. All REUSABLE resulting personal information goes back into the users’ PDS. This accumulation of Personal Inforrmation allows the automated data provisioning of the “next-in-line” service providers business process . Born

Graduate School eportfolio

First JOB

EVC SP

Retrained/ unemployed

Second JOB

MyPDS (Personal Data Store) (employabilityPortfolio)

MyPDS (Personal Data Store) UK Leap2a

LinkedIn Patient Summary

euroCV

HR-XML (GermanCV, iProfile UK)

Europass

1 1

Import Export

Create, Read, Update, Delete

XSLT Mapping

CRUD WS

3 GUI

Service Requesters’ eGov, HR or eHealth System

CRUD WS

2 WS SOA Gateway

Web Services

IMS (profile) Portfolio

MyPDS Exchange Server (eP, PHR)

Regional/Sectorial Employability Platform Content provider 1 Content provider 2 Content provider 3 Content provider 4

eContent Gateway

Collective Intelligence Engine

Personal Learning Environment Personal Infrastructure

Competence Analyzer Service

MyPDS Employability Portfolio

Employability (Business) Processes

Trust Architecture

Let’s get Personal

A personal data store is not the same as a personal computer at home with all your sensitive data on its hard disk… The crucial difference in thinking “personal”: Personal does not mean that you own, manage, or safeguard your own data just as you would guard your credit card. 8-May-09

A PDS is not the same as a personal computer.

8

Let’s get Personal

… and it also is not just a remote storage facility that manages all your sensitive data for you. A personal data store also is not a remote hosted profile that happens to be about you. 8-May-09

9

Securely Sharing Services from a trustworthy Personal Data Store

10

Let’s get Personal TAS3 is about trusting others with your sensitive data. TAS3 allows you to rely on professional data centers / managers to keep your data safe (against loss or corruption), while YOU control every aspect to keep your data secure (against theft or abuse).

8-May-09

11

A personal data storage is • a possibly distributed collection of data about you, • to which YOU hold the access control key. • YOU determine who may see what, when, and for which purpose.

• And YOU can always find out who, when, and for which purpose looked at your data.

• YOU have the legal right to sue them if you discover abuse of trust or agreements,

• and TAS³ will give you the evidence you need. 8-May-09

Trusted Architecture for Securely Shared Services

12

Let’s get Personal User-centricity in TAS3 means that the user holds the keys to the data, but that does not mean the user owns the data or is the authoritative source. However you don’t control what others say about you, such as in your medical files, or your diplomas. That data is theirs and is signed by them. YOU control who may see it.

8-May-09

13

Let’s get Personal Without the user turning the key, the data center cannot even read the data. (god forbid!) therefore would not want just your data… … they would want your keys as well!

8-May-09

14

Let’s get Personal

• TAS3 allows for full data protection so that even your MyPDS hosting facility just keeps unreadable blobs. • In realistic situations, a hospital system will likely not encrypt everything, but if you oursource storage, you may want to do so. • If you exchange, you certainly will encrypt. • DigSignatures are needed to prove authenticity

8-May-09

Trusted Architecture for Securely Shared Services

15

TAS³ end2end TRUST ASSURANCE for services based on personal information END2END TAS³ TRUST ASSURANCE

LEGAL Contract

LEGAL Contract

TECHNICAL TAS³ ASSURANCE

TAS³ Network Non-TAS³ system

TAS³ enabling

TAS³ enabling

Non-TAS³ system

TAS³ Trust Model Trust Network Infrastructure Services

Trust Network Trust Gurantor

(generic) Third Trusted Party

(domain specific) Third Trusted Party

Trusted Architecture for Securely Shared Services

Trusted Architecture for Securely Sharing Services based on Personal Information using an integrated workflow of authentication and of authorisation, trust & data protection policies luk vervenne Web: http://www.tas3.eu Email: [email protected] IST FP7 funded Integrated Project TAS³ contract number 216287 Duration: 1 Jan 2008 - 31 Dec 2011 Research budget: 13.177.000 € EC Funding: 9.400.000 €

TAS3 Project Motivation • TAS3 consolidates scattered research in integrated 4-layer approach of : (1) Authentication (2) Authorization (3) Privacy (4) Trust (Negotiation) • TAS3 integrates adaptive business-driven end2end Trust Services based on personal information while using a semantic integration of Security, Trust, Privacy components • TAS3 provides dynamic view on application-level end2end exchange of personal data in lifelong employability & ehealth domains 8-May-09

Trusted Architecture for Securely Shared Services

19

Authentication & Level of Assurance (LoA) • Federated identity management model – E.g., Shibboleth, Liberty Alliance, CardSpace… LoA 4+ Setting access policies (qualified plus biometric) LoA 4 (qualified cert with smart card EAL4+)

Sensitive medical records (e.g. HIV), Consultant notes containing opinions. Ability to Break the Glass. Bank to bank transfers

LoA 3 (2-factor authentication, non-qualified cert, EAL4 smart card)

Patient confidential records (non-sensitive)

LoA 2 (one time password)

Some Internet banking applications System administration

LoA 1 (uid/password, Verisign Class 1 cert)

Retrieve degree certificate. Completing public service employment application

LoA 0 8-May-09 (no authentication)

Public data Trusted Architecture for Securely Shared Services

20

Layer 2 – Authorization Policy Enforcement Point

Joe

Service Provider

6 1

Execute Service Y

OK Execute Service Y

Check Policy Compliance

2




5

Permit / Deny Service Request Authorization Domain

3 4

Retrieve Relevant Policies

Retrieve Policy Validation Information

Policy Decision Point 8-May-09 Policy Access Point

Trusted Architecture for Securely Shared Services

Policy Information 21 Point

Layer 3 - Trustworthiness Joe ‘s Trust Guard

Joe

Service Providers

1

Which SPs would I Trust?  

6

A

A&D

B C D

Analyze Trustworthiness of SPs A-D Trust Policies Broker

2




5

Trustworthiness of SPs A-D

Trust Policies Helpers Fetch Joe’s Trust Policies

Read Trust Newspaper

3

4

Trust Decision Helper 8-May-09

Trusted Architecture for Securely Shared Services

Trust Information Collector 22 Trust Domain

Layer 4 – Compliance with Data Protection Regulation Data Protection Policy Guard

Joe

Services Engine

6 1

Execute Action Z

OK Execute Action Z

Check Policy Compliance

2




5

Authentic Data Repository

Permit / Deny Action Data Protection Domain

3 4

Retrieve Relevant Policies

Retrieve Policy Validation Information

Policy Decision Point Policy Access Point 8-May-09

Trusted Architecture for Securely Shared Services

Policy Information 23 Point

TAS³ Entry Point

TAS³ workflow

TAS³ Exit Point

Service Requester Service Requester PEP Trust & Privacy Negotiator

Dash Board Agent

Dash Board • Audit Aspects • Policy Aspects External Log Analysis Service

8-May-09

Obligations Watchdog

Audit Guard

AIPEP

PDP Message Preparer

Message Verifier

AIPEP

Response Verifier

Obligations Watchdog

TAS³ Registry •Service Providers •Service Types •IdPs Authentication Authorities (IdPs)

Authorization, Trust & Reputation Authorities

Audit Guard

Service Provider PEP

PDP Dash Actual Application Board Engine Trusted Architecture for Securely Shared Agent Services

Directories Response Preparer

AIPEP

PDP

Service Provider

24

6 april 2009

Eerste planvorming

Employability Platform Limburg

Limburg Talentrijke Regio Users

Extern

- Demand -

IInfrastructure

Employability Platform Limburg

Consortium stakeholders

Intern

- Supply -

PPP

Regional Financing

Opbrengst voor gebruikers Gebruikers:

Werknemers/ Werkzoekenden studerenden

• Eenmalig verstrekken van gegevens • Dynamisch en actueel medium • Zelf bepalen uitgifte data • Makkelijker Opleidings- & loopbaanplanning

Werkgevers

• Direct inzicht in opgebouwd dossier • Opleidings- en loopbaanplanning • Betere matching mogelijk • Ingewikkelde dataopslag mogelijk • Assessment mogelijk

Onderwijs Overheid Belangenorganisaties

• Faciliteren werkgevers & werknemers • Matching werkzoekenden • Doorlopende leerlijnen i.h.k.v. LLL

Consortium - voorstel • COLO – kenniscentra • FNV • Provincie Limburg • Gemeente Maastricht • Hogeschool Zuyd (OU, Arcus en Leeuweborgh vanuit LLLL) • Ministerie SZW • UWV • Werkgevers, bijv. Empower Limburg, LWV of MKB

Bouw platform • EU stelt subsidie beschikbaar voor – technische ondersteuning van ‘massale uitrol’ – ESF, EFRO, EBRD (zachte aspecten) • 3 regio’s nodig, bijv.: Limburg, Manchester en Noord-Ierland • Synergetics kan aanvraag voorbereiden. Regionaal commitment nodig + definitie van gebruikersgroepen • Synergetics kan uitvoering ter hand nemen. Heeft Europese samenwerking met Cisco • Inhoud platform: toelichting Luk Vervenne • Vraag: wie wordt aanvrager? • Vraag: is er een B. scenario als EU-subsidie niet loskomt? • Vraag: voor de ‘zachte’ kant is verdere financiering nodig. Provincie heeft middelen beschikbaar, wie nog meer?

Beheer regionale kennisinfrastructuur (employability platform) • Dient structureel ingebed te worden • Wordt publiek-private samenwerking • Vervult een stafrol met ondersteuning voor gebruikers • Hoe is dit duurzaam te financieren en onderhouden? • Evt. bijdrage vragen vanuit gebruikers (licentie?) • Nieuwste technieken worden telkens geïmplementeerd • TTP voor bescherming persoonlijke gegevens • Wie is eigenaar?

TAS3 Contact Information

• Web: http://www.tas3.eu • Email: [email protected]

8-May-09

Trusted Architecture for Securely Shared Services

32