Exploiting Access Control Information in User Profiles to Reconfigure User Equipment

1
Exploiting Access Control Information in User
Profiles to Reconfigure User Equipment

• Authors
• G.Bartolomeo, S.Salsano, N.Blefari-Melazzi
• Speaker
• D.Luzzi

2
Outline

• Introduction
• User Profile Definition
• Data Sharing
• Example

3

• Introduction
• User Profile Definition
• Data Sharing
• Example

4
Introduction

• Reconfigurable radio or software radio
  mobile devices to be reconfigured dynamically
• Advanced scenario on the fly reconfiguration
  and SW modules download
• E2R II project is addressing Cognitive Pilot
  Channel (CPC) definition

5
Introduction

• ANC needs to access information related to the
  user/terminal
• Part of this information can be stored in the
  terminal itself
• It is likely that most of this information is
  kept network side

6
Introduction

• Cellular Networks example
• terminal just provides the IMSI while user
  profile information is retrieved from the HLR
  (network server)
• The terminal/users needs a valid contract with a
  public network operator to gain access to the
  network
• Need for a looser and distributed approach do not
  require presence of a public network operator
• in an enterprise or a campus scenario, the
  provider is not a public network operator, and
  the users/terminals that needs to be reconfigured
  are not necessarily tied to a contract with an
  operator.
• A more general mechanism for user identification
  and for retrieving profile information is
  desirable
• this mechanism should also support the procedures
  and mechanisms of a structured approach, like
  the one adopted in current cellular networks

7

• Introduction
• User Profile Definition
• Data Sharing
• Example

8
User Profile Definition

• What is User Profile?
• Repository of information related to
• User
• Devices
• Services
• networks
• information under control of the user, his
  applications and services

9
User Profile Definition

• 3GPP defined GUP (Generic User Profile) to
  provide universal solution
• GUP specification provides
• data description mechanism
• Architecture, interfaces and mechanisms to handle
  the data
• GUP specification does not provide a concrete
  schema
• It rather defines a framework to define such a
  schema

10
User Profile Definition

• Similarities with GUP
• User Profile as a collection of components
  (personal data, preferences/policies on services,
  networks and devices,)
• User Profile is tightly coupled with the users
  identity and viceversa
• All components should be accessed in a uniform
  way

11
User Profile Definition

• Differences with GUP
• Not a central GUP server but a community of
  Profile Managers

3GPP GUP architecture
Proposed distributed architecture
12
User Profile Definition

• Differences with GUP
• Not a central GUP server but a community of
  Profile Managers
• Abstract vs. Concrete
• data contents not addressed at all within the
  GUP, only data model and schema defined
• risks to be too theoretic and impractical
• contents are already available in their own data
  format
• Bottom Up vs. Top Down approach
• Dont impose a predefined structure to conform
  with. Legacy systems already works with their own
  format and will not change
• Define wrappers and a common semantic in order to
  achieve interoperability (dataweb approach)

13

• Introduction
• User Profile Definition
• Data Sharing
• Example

14
Data Sharing

• XDI
• eXtensible Resource Identifier (XRI) and XRI
  data Interchange (XDI) aim to define standard
  mechanisms allowing data to be shared
  independently of the origin application or domain
• It does not mandate a particular data format to
  conform with. Organizations may still keep its
  own data format
• The interoperability is guaranteed by two
  complementary mechanisms
• data are bound to one or more resource unique
  identifier (XRI),an extension of the current
  Internationalized Resource Identifier IRI
• XDI provides a distribute, secure and ubiquitous
  available mechanism for sharing data the
  data-links.

15
Data Sharing

• Global Unique Identifiers
• PSTN - 510-547-5621 - Phone Number
• SMTP - fred_at_acme.com - Email Address
• DNS - acme.com - Domain Name
• XRI - john.smith - I-Name

16
Data Sharing

• I-Names
• Roots for I-names (identify people/organizations)
• names for individuals andy.dale
• _at_ names for organizations _at_ooTao
• Other roots for XRI (identify other resources)
• tag space (dictionary) blog
• system tags (keywords) public
• Registries are hierarchical and extensible
• andy.dalefriendssteve
• _at_ooTaofred
• brakesshoe
• opget

17
Data Sharing

• Consume data from its source

I go to my tailor
18
Data Sharing

• Consume data from its source

• He enters my hat size into his database. AND he
  gives me
• access to it
• Rights to give others access to it

andy.dale hat size24
19
Data Sharing

• Consume data from its source

I dont put my hat size in my data store I put a
pointer to its natural authoritative source.
Animal Rights Broadcasting
andy.dale hat size24
20
Data Sharing

• Consume data from its source

The user doesnt really have a database with his
profile in it He actually has a database of
links to where his data is.
Animal Rights Broadcasting
21
Data Sharing

• XDI Link Contracts
• provide a way to control data sharing through
  links
• two main items
• a Data Share Agreement (DSA)
• set of terms and conditions under which the
  resources described in the contract could be
  accessed
• a list of resources which are available under the
  DSA
• cryptographic operations performed by
  I-Brokers, in our architecture implemented by
  Profile Managers

22
Data Sharing

• How to express DSA policies?
• Existing solutions
• common properties defined in 3GPP GUP
• do not give any indication on how the control
  mechanism works and how the access right are
  stored in the user profile.
• PPEL (Liberty Alliance Project)
• define an abstract way to reach an agreement
  between an agent and a SP based on a comparison
  between levels of privacy

23
Data Sharing

• Privacy Aspects
• P3P (Platform for Privacy Preferences) W3C
  standard describe the privacy practices a SP
  conforms to
• Description in XML format
• One or more policies can be associated to any
  resource pointed by an URI which the user agent
  is going to access
• APPEL (A P3P Preference Exchange Language) a xml
  based language allowing a user express her
  preferences about privacy
• Preferences expressed in terms of a set of rules
  the user can define
• matching between the conditions a rule engine
  decides whether to fire the rule or not
• If the rule is fired, the user agent follows a
  behaviour specified in the rule

24

• Introduction
• User Profile Definition
• Data Sharing
• Example

25
Example

• Sam Hamilton is working at the train station
  using his mobile terminal and WLAN connectivity
  offered in the train station area.
• As the train moves out of the station, Sam's
  reconfigurable terminal is able to discover an
  alternative RAT let's say UMTS
• This process is possible through the use of a
  Cognitive Pilot Channel (CPC) which transmits
  information on available RATs
• It also provides a way to allow resource
  reservation for the chosen RAT, according to the
  user preferences and policies defined both at
  network level as well as at terminal level

26
Example

• A value added service provider is willing to know
  which QoS Sam Hamilton is actually experimented
  with his terminal
• Service provider and the network operator have a
  trusted relationship with their respective
  profile managers
• The service provider identifies Sam through Sams
  nickname, which is bound to Sams XRI through a
  cross reference
• therefore it is potentially able to access the
  wanted information just navigating the
  established data links making a query to its
  profile manager
• The distributed community of profile managers
  exchange messages to solve the links in the query
  and find the requested data
• At a certain step in the procedure, the DSA
  defined by the operator is found
• After the provider signs the contract, the
  profile manager validates the signature and data
  are returned.

27

• Questions?
• mail to
• giovanni.bartolomeo stefano.salsano blefari
  
• _at_uniroma2.it