Anna Nano is a Software Design Engineer in the Security team at the European Microsoft Innovation Center (EMIC) in Aachen, Germany, where she works on a delegation framework project.
In today’s world, we rely more and more on digitally available information that is stored, processed or provided by services on the Internet. Examples include Health Vault, where users can store their medical data, or a sightseeing service providing users with city tours based on their current location, etc. Due to this greater reliance on services, composing web services is becoming an important part of application development. It is more and more common to combine services from different providers into one application. However, services dealing with personal information of users have security and privacy requirements that make their composition difficult. Users care about privacy and want to control who can access their personal information. For example, they want to let their friends view their online pictures or let a sightseeing service access their current location. To do this they need a way to delegate access to their personal information. Currently, it is difficult for users to deal with the variety of existing solutions for access control. There are simply too many disparate user experiences. Think about creating a XACML policy, managing an access control list, or handling credentials to a friend. This variety will never totally disappear.
To solve this problem, Anna and her colleagues have proposed an abstraction model for existing access control mechanisms and a unified way for the user to delegate rights. A unified API is essential for the emerging market of service composition. Their proposed unified API makes services dealing with user’s personal information available for composition without polluting the details of the composition with access control details.
This solution provides tools for abstract delegation that is independent of the underlying mechanisms as well as a unified user experience for delegation, revocation and the overall management of access to personal data. These tools allow specifying at the composition level that a delegator grants access on a resource to a delegatee that is then mapped to the management of a concrete access control mechanism depending on the composed service.
The European Microsoft Innovation Center (EMIC), founded in 2003 in Aachen, Germany, is a Microsoft Research & Development facility. The German lab is unique to Microsoft in its focus on collaborative applied research in Europe. EMIC works in the context of development programs sponsored by the European Commission and the German Ministry of Education and Research (BMBF). EMIC’s research is focused on enterprise, mobility, home, security, software verification and embedded systems. www.microsoft.com/EMIC