際際滷

際際滷Share a Scribd company logo

Exploring Visualization Techniques to Enhance Privacy Control UX for User-Managed Access

D
Domenico Catalano

This document discusses enhancing privacy controls and user experience for user-managed access to information. It introduces the SmartAM information ecology, which uses the User-Managed Access (UMA) protocol to provide an advanced system that allows users to protect and share online information while adhering to privacy regulations. The SmartAM control bridge and UMA connection aim to improve the user experience of privacy controls. Future work may explore additional visualization techniques to further enhance the privacy user experience.

1 of 21
Downloaded 12 times
Exploring Visualization Techniques to Enhance Privacy Control UX for User- Managed Access Newcastle University Domenico Catalano, Maciej Wolniak and the Smart Team 21st July, 2011 1 V.3
Agenda Data sharing and online privacy SmartAM Information Ecology Enhance privacy control UMA Connection UMA Control bridge Future works User Experience 2
Data sharing Online Privacy is about sharing Reputational Historical Vocational Biographical Genealogical Transactional Computational Biological Locational Relational 3
The Paradigm User Data sharing and online Privacy 4
SmartAM Information Ecology Context Content User 5
SmartAM Information Ecology Context UMA/SmartAM Context Content User Provide an advance system to allow internet user to protect and share online information Prevent of lost of user privacy Adhere to the international privacy regulations Secure online information (access control) 6
SmartAM Information Ecology Context UMA/SmartAM Content Content User Authorizing User information Authorizing Users Web resource info Authorization Policies Requesting Parties Information Analytics information (who, when, what) 7
SmartAM Information Ecology Context UMA/SmartAM User Content User Internet User/Social networking user Company Developer Government Curios!! 8
SmartAM UX 9
SmartAM states system smartam UX Study Subject Possible actions and states of the system Authorizing User interaction B1 Initial state Requester Host Site AM Homepage APP B2 Host B5 B4 Privacy Conceptual model Not Learn registered B3 Dev More User Resource A1 A3 B9 B7 B6 B8 Protect & Initial state Wiki Share A2 Consent C2 Privileged C1 User App Actions Client App for Initial state Login MySelf Policy De鍖nition B10 A4 User B11 View Welcome Resource Page Possible Visible A10 Consent A5 Actions Things Default A9 User intentions Policy vs Required A6 A8 Manage User Control Resource Setting Resource Actions Contacts Settings Bridge Registered Policy Shared State of System A7 Connection 10
Understand the nature of data sharing policy in distributed environment UMA model centralizes the authorization policies for all the Authorizing User's distributed web resource (protected resource). The externalization of the policies introduces a new level of complexity because the user must (mentally) map the authorization structure for each resource, in more sophisticate one. This new layer must be able to abstracting the existent, although it must be able to enhance the control on the information that will be shared. Increasing of Protected resources and requesting parties could be mentally dif鍖cult for the user to maintain control in practice on the information. 11
Risks Lost of Privacy Exploit of online personal Information Security breach 12
Enhance Privacy Control through visualization As result a context authorization policy and a governor system is de鍖nitely desirable. We introduce two new design concepts: UMA Connection UMA Control bridge TM A visualization tool is necessary to facilitate the creation of the sharing policy and the control of the privacy. 13
UMA Connection An UMA Connection de鍖nes a context of the data sharing policy. Its a set of objects, including Contacts, authorized Apps and allowed actions on a speci鍖c resource. It can include access restrictions (i.e. period validity) and/or Trusted Claims request to restrict access based on subjects information. An UMA Connection is fundamental to enhance user control for what purpose the information will be revealed. UMA Connection uses a visualization approach which helps user to de鍖ne an appropriate context. An Authorizing User can create a Connection for him-self or for others. A Connection doesnt incapsulate other connections. 14
Structure of UMA Connection 15
Visualizing UMA Connection Resource Social Apps Class Connection Others Prof University Contacts UMA Connection 16
UMA Control bridge UMA Control bridge Is designed to adhere to the user-centric identity paradigm. Provides a primary user interface for control Resources, Connections, Apps and requesters. Provides a dashboard with main statistic information about connection, shared data, etc. Incorporates a single view of these main controls, including a noti鍖cation bar for new access request. Provides 3-steps actions to get access to speci鍖c view, excluding optional view. UMA Control bridge TM 17
Maintain control on Information that will be revealed Prof Class University Business Friend Personal Data Collab Professional MySelf ProjectA Self-Registration MySelf 18
Future works Graph Algorithm Super Connection (Basket of Resources) Visualization techniques (HTML5) 19
User eXperience 20
Thanks 21

More Related Content

Exploring Visualization Techniques to Enhance Privacy Control UX for User-Managed Access

  • 1. Exploring Visualization Techniques to Enhance Privacy Control UX for User- Managed Access Newcastle University Domenico Catalano, Maciej Wolniak and the Smart Team 21st July, 2011 1 V.3
  • 2. Agenda Data sharing and online privacy SmartAM Information Ecology Enhance privacy control UMA Connection UMA Control bridge Future works User Experience 2
  • 3. Data sharing Online Privacy is about sharing Reputational Historical Vocational Biographical Genealogical Transactional Computational Biological Locational Relational 3
  • 4. The Paradigm User Data sharing and online Privacy 4
  • 5. SmartAM Information Ecology Context Content User 5
  • 6. SmartAM Information Ecology Context UMA/SmartAM Context Content User Provide an advance system to allow internet user to protect and share online information Prevent of lost of user privacy Adhere to the international privacy regulations Secure online information (access control) 6
  • 7. SmartAM Information Ecology Context UMA/SmartAM Content Content User Authorizing User information Authorizing Users Web resource info Authorization Policies Requesting Parties Information Analytics information (who, when, what) 7
  • 8. SmartAM Information Ecology Context UMA/SmartAM User Content User Internet User/Social networking user Company Developer Government Curios!! 8
  • 10. SmartAM states system smartam UX Study Subject Possible actions and states of the system Authorizing User interaction B1 Initial state Requester Host Site AM Homepage APP B2 Host B5 B4 Privacy Conceptual model Not Learn registered B3 Dev More User Resource A1 A3 B9 B7 B6 B8 Protect & Initial state Wiki Share A2 Consent C2 Privileged C1 User App Actions Client App for Initial state Login MySelf Policy De鍖nition B10 A4 User B11 View Welcome Resource Page Possible Visible A10 Consent A5 Actions Things Default A9 User intentions Policy vs Required A6 A8 Manage User Control Resource Setting Resource Actions Contacts Settings Bridge Registered Policy Shared State of System A7 Connection 10
  • 11. Understand the nature of data sharing policy in distributed environment UMA model centralizes the authorization policies for all the Authorizing User's distributed web resource (protected resource). The externalization of the policies introduces a new level of complexity because the user must (mentally) map the authorization structure for each resource, in more sophisticate one. This new layer must be able to abstracting the existent, although it must be able to enhance the control on the information that will be shared. Increasing of Protected resources and requesting parties could be mentally dif鍖cult for the user to maintain control in practice on the information. 11
  • 12. Risks Lost of Privacy Exploit of online personal Information Security breach 12
  • 13. Enhance Privacy Control through visualization As result a context authorization policy and a governor system is de鍖nitely desirable. We introduce two new design concepts: UMA Connection UMA Control bridge TM A visualization tool is necessary to facilitate the creation of the sharing policy and the control of the privacy. 13
  • 14. UMA Connection An UMA Connection de鍖nes a context of the data sharing policy. Its a set of objects, including Contacts, authorized Apps and allowed actions on a speci鍖c resource. It can include access restrictions (i.e. period validity) and/or Trusted Claims request to restrict access based on subjects information. An UMA Connection is fundamental to enhance user control for what purpose the information will be revealed. UMA Connection uses a visualization approach which helps user to de鍖ne an appropriate context. An Authorizing User can create a Connection for him-self or for others. A Connection doesnt incapsulate other connections. 14
  • 15. Structure of UMA Connection 15
  • 16. Visualizing UMA Connection Resource Social Apps Class Connection Others Prof University Contacts UMA Connection 16
  • 17. UMA Control bridge UMA Control bridge Is designed to adhere to the user-centric identity paradigm. Provides a primary user interface for control Resources, Connections, Apps and requesters. Provides a dashboard with main statistic information about connection, shared data, etc. Incorporates a single view of these main controls, including a noti鍖cation bar for new access request. Provides 3-steps actions to get access to speci鍖c view, excluding optional view. UMA Control bridge TM 17
  • 18. Maintain control on Information that will be revealed Prof Class University Business Friend Personal Data Collab Professional MySelf ProjectA Self-Registration MySelf 18
  • 19. Future works Graph Algorithm Super Connection (Basket of Resources) Visualization techniques (HTML5) 19