ArticlePDF Available

Abstract and Figures

Cross-domain identity management remains a major challenge for potential WebRTC adopters. In order to provide a global web-based communication system, it is critical to locate the destination called party, map the identity to the user device, and provide mutual authentication for both caller and called party. In this paper, we present a novel identity management and user discovery framework that enables callers to search and locate users across service domains. The identity management is decoupled from the used calling service, allowing users to manage their profiles and credentials independently of the applications. The framework is designed to preserve privacy and exploit web technology to gain trust and contact list management.
Content may be subject to copyright.
1
Cross-Domain Identity and Discovery Framework
for Web Calling Services
Ibrahim Tariq Javed, Rebecca Copeland, Noel Crespi
Institut Mines-Telecom, Telecom Sud-Paris,
Evry, France
ibrahim_tariq.javed|noel.crispi@telecom-sudparis.eu
rebecca.copeland@coreviewpoint.com
Marc Emmelmann, Ancuta Corici
NGNI, Fraunhofer FOKUS,
Berlin, Germany
emmelmann@ieee.org
andreea.ancuta.corici@fokus.fraunhofer.de
Ahmed Bouabdallah, Tuo Zhang, Saad El Jaouhari
IMT Atlantique dept. SRCD
Cesson-Sévigné, France
ahmed.bouabdallah|tuo.zhang|saad.eljaouhari@imt-
atlantique.fr
Felix Beierle, Sebastian Göndör, Axel Küpper
Technische Universität Berlin,
Telekom Innovation Laboratories, Berlin, Germany
beierle|sebastian.goendoer|axel.kuepper@tu-berlin.de
Kevin Corre, Jean-Michel Crom
Orange Labs Products & Services,
Cesson-Sévigné, France
kevin1.corre|jeanmichel.crom@orange.com
Frank Oberle, Ingo Friese
Telekom Innovation Laboratories,
Berlin, Germany
ingo.friese@telekom.de
Ana Caldeira, Gil Dias, Nuno Santos, Ricardo Chaves, Ricardo Lopes Pereira,
INESC-ID, IST, Universidade de Lisboa,
Lisboa, Portugal
ricardo.chaves|ricardo.pereira|nuno.santos@inesc-id.pt
ana.caldeira|gil.dias@tecnico.ulisboa.pt
AbstractCross-domain identity management remains a
major challenge for potential WebRTC adopters. In order to
provide a global web-based communication system, it is critical to
locate the destination called party, map the identity to the user
device and provide mutual authentication for both caller and
called party. In this paper, we present a novel identity
management and user discovery framework that enables callers
to search and locate users across service domains. The identity
management is decoupled from the used calling service, allowing
users to manage their profiles and credentials independently of
the applications. The framework is designed to preserve privacy
and exploit web technology to gain trust and contact list
management.
Keywords WebRTC, Identity management, Trust, Real-Time
Communication, P2P, Directory, Social graph, Registry.
I. INTRODUCTION
Web real-time communication (WebRTC) is a W3C
standard that provides communication capabilities in a peer-
to-peer (P2P) fashion to web browsers and applications [1].
WebRTC supports browser-to-browser interoperability, unlike
prevalent web communication services (such as Skype and
WhatsApp). The advent of browser-based WebRTC calling
APIs has made it remarkably easy for any website to offer
calling services. For this reason, the potential of WebRTC
technology stretches much beyond existing dedicated Voice-
Over-IP solutions. WebRTC developers endeavor to provide
reliable mechanisms to ensure security and privacy [2]. While
current over-the-top web communication services create silos
of single-domain users by restricting their subscribers to only
communicate within their specified service domains, browser-
to-browser WebRTC services provide compatibility across
browser users. Today, most users utilize several web calling
services, depending on context and preferences. Each service
requires separate identifiers and credentials to be maintained.
Since they are not shared between services, they cannot be
used to discover and connect between users of different
services. Hence, cross-domain identity is crucial to fully
interoperable web services.
The telecom industry is studying WebRTC with the hope
to harness web calling and building new web ecosystems [3].
Some operators consider adopting WebRTC to compete with
over-the-top web services, with a much lower cost base of a
peer-to-peer service that has no large core backend systems.
They plan to enrich the underlying P2P technology by offering
enhanced quality of service and cross-domain interoperability.
This is the motivation of the telecom partners of the reTHINK
2
project
1
that describes a new communication platform for real-
time communication services. The developed framework relies
on a module of software logic that is dynamically deployed on
end-user devices. This allows session control and media flow
management in a P2P fashion [4] at the endpoints. Each
communication service provider (CSP) retains knowledge of
its logged-in users and allows searching by other domains.
For global cross-domain communication platforms, the
mapping of an identity to an ‘active’ (logged on) end-user
device is a critical challenge. The identified IP location can be
used to establish a communication session across multiple
domains [5]. Unlike mobile networks, web identities are only
used currently for authentication purposes and not for
discovering the user location and availability to enable routing
call. Moreover, existing identity systems are tied to specific
administrative domains and are highly dependent on the use of
specific identity formats and protocols with static
authentication mechanisms [6]. Therefore, a novel identity
resolution system is essential to map user identities to the
address of the currently used user device, regardless of the
service domain. Such identities must be verified and
authenticated in an efficient and reliable manner against
independent credentials (not only service-specific) before a
communication session is established.
In this paper, we present a novel identity and discovery
framework that allows global discovery of users and a cross-
domain identity management system. A new approach is
proposed where each collaborating service retains its own
directory and user information, but creates an 'overlay' of
identity management that links their directories to provide a
global user discovery. Services that are compliant with the
identity management framework can still maintain their
internal user identifiers, but relate them to globally-unique
user identifiers, so that they can be discovered and contacted
across multiple domains. It is proposed that user identities are
maintained by third party independent Identity Providers
(IdP), who allow communicating participants to verify each
other’s identity, regardless of the services that they are using.
Such identities must be portable, supporting user migration
between different domains. The IdP function is to link
whatever identifiers the various calling services allocate to the
user locally with a globally unique user identifier, GUID
(Global User Identity). Furthermore, users security and
privacy is enhanced by computing trust between
communicating participants.
The rest of the paper is organized as follows: Section II
provides the related work. Section III details the functional
architecture of the cross-domain identity and discovery
framework. The details on authentication and trust estimation
are provided in section IV. Section V describes three of the
major directory services involved in identity resolution namely
catalogue, registry, and discovery. Section VI conducts a
privacy and security analysis for the framework. Section VII
describes two support services, the policy management and
graph connector, whereas Section VIII gives the conclusion.
1
ReTHINK Project Website: https://rethink-project.eu
II. RELATED WORK
Identity over web is combination of user profile (name,
email address, location) and credentials (password and shared
secret). Services maintain different levels of knowledge about
users but are invariably requiring a service-based identifier.
This results in users having to maintain multiple, unrelated
identities. To alleviate the burden on users, Single-Sign-On
(SSO) systems allow federating identities (when login to one
service acts as login to another), or managing linked identities
via third parties (IdPs) [7]. Here, user authentication is
delegated from the service (relying party), to a third-party IdP.
The IdP allows users to assert their identity using tokens in
order to authenticate themselves to the relying party. There are
well-developed web protocols that provide generic procedures
across services. One such protocol is OAuth 2.0 [8], which
provides authorizes clients to access protected resources by
obtaining access tokens from the IdP. OpenID Connect [9]
provides an identity token that contains claims about user
authentication. These protocols basically define the
interactions between the relying party, user and IdP. These
protocols are traditional user-server authentication procedures,
while WebRTC now requires user-user authentication for
peer-to-peer communication [10] [11]. However, they may
still be used for this purpose under a framework of
collaborative procedures.
In telecom networks, the identities are publicly known
identifiers (under the international telephone numbering
system), which are also used to route the call to the current
location of the device. Telecom service providers enforce a
standardized set of rules for the identifiers and their ‘roaming’
devices that facilitate both user identification and routing
across different domains. Users are authenticated by their
‘home’ server [12], even when they are served by another
service provider, hence this is a centralized identity approach
with a federated service approach. By contrast, a web session
is established with a current IP address, which is dynamically
associated with a URL and a particular device, so finding a
called party location requires a special discovery solution. In
[13], the mechanism of presence (with subscribe/notify) is
used to gain awareness of users’ availability and facilitate
routing to the currently available IP address.
In Online Social Networks (OSN) such as Facebook,
identities are only applicable within their administrative
domains, and have service-specific formats and authentication
procedures. A service-based centralized directory is used to
retrieve the user profile associated with its identity. In
distributed social networks, user’s social profiles can be
hosted on any server, which are also responsible for identity
management of these users. Servers in the distributed
approach can communicate with each other using a federated
identity protocol. A major drawback of this approach is that
users are bound to trust their server, which can be hosted by
anyone, with little or no restrictions. Furthermore, users have
no control over their identifiers, which are fully managed by
the server. Other approaches use a Distributed Hash Table
(DHT) based P2P network to host signed records for users,
while the actual user profiles are stored on servers connected
by an open federation protocol, for example SONIC [14]. The
Safebook project [15] uses DHT and web trust in a
3
decentralized approach to achieve privacy and identity
integrity in social networks.
In summary, cross-domain P2P web communication
services face two specific challenges related to identity
management: i) mutual authentication and ii) discovery.
Mutual authentication involves service-independent
identification and verification of user identity for both parties.
Discovery is required to locate users across different service
domains by resolving user identity to the current web location.
With these two research problems in mind, we propose a novel
identity and discovery management framework for inter-
operable web communication services.
III. PROPOSED FRAMEWORK
In this section, we detail the cross-domain identity and
discovery framework that enables callers to search, locate, and
authenticate users globally. An overview of the functional
architecture of the framework is presented in Figure 1. The
proposed framework uses the concept of Hyperty, which is a
JavaScript code provided by the CSP and deployed at the
user’s device [4]. A logged-in communication Hyperty (‘live’
status) represents a user who is available for connectivity on a
specific device. Each CSP retains knowledge of its ‘live’
Hyperties and enables connectivity with Hyperties of other
domains. To establish a WebRTC communication session, all
the caller requires is the current location (IP address or URL)
of the called party’s Hyperty that the caller wishes to
communicate with.
Hyperties are executed in web runtime environment on
endpoints which can interwork with a web browser or native
app. Hyperty fundamentally consist of a static and a dynamic
part. The former is defined when the Hyperty is provisioned
and remains unchanged until the Hyperty is removed. The
dynamic part concerns a Hyperty instance created when a
Hyperty is deployed. The Hyperty life cycle is used to
determine the perimeter of the data model, which pertains to
Hyperties as well as the structure of the associated
information, which has to be locally maintained by the
involved entities during the lifecycle of the Hyperty. For
details of the global structure and description of the data
model, we refer readers to our technical report [16].
An active communication Hyperty represents an endpoint
that is associated with a particular identity. To achieve
interoperability and openness, the identities are managed by a
third party IdP, who can support multiple calling services.
This allows communicating parties to authenticate and
validate each other independently of their chosen services. The
device-based Identity Module (IdModule) component is a CSP
client responsible for user registration, identity provisioning,
and storing identity assertions (IA). For service independent
authentication, the IdP-Proxy is downloaded from the IdPs
URL. The IdP-Proxy provides an interface between IdP and
IdModule for user authentication. The IdModule receives and
stores the IA to authenticate a user to its CSP and
communicating participants. The function of the trust engine is
to estimate trustworthiness of the communicating participants
in order to minimize the risk involved in establishing a
connection with an unknown party. For user discovery, the
framework includes three types of directories: a registry for
information about available Hyperty instances for
communication, a catalogue for a list of available service
functions provided by Hyperties of various CSPs, and a
discovery service for finding users across various domains.
To achieve global reachability and discovery, the
framework uses two unique identifiers for users, namely
Global User Identity (GUID) and User Identity (UserID). The
GUID is a unique and domain independent identifier that
remains the same, irrespective of the CSP. This GUID can be
used to contact any available communication endpoint of the
user without the need to know where he is subscribed. The
UserID is the identifier which is used to get the actual location
of user device by discovering its Hyperty instance within the
CSP domain it is registered to. Every CSP maintains a list of
currently available Hyperties of a user. As soon as a user
downloads a Hyperty to an endpoint device, the CSP registers
the IP address for this instance, thus storing the user
availability status and the routing network address where the
user is currently using a particular service that is compatible
with the framework. As each Hyperty belongs to a specific
calling service, it is related to the CSP-given UserID, which is
registered in the CSP local directory. Users are allowed to
maintain the linking of UserIDs to a globally unique identifier
(GUID) that they can manage independently of any service.
To manage the linking of several CSP’s UserIDs with the
user-controlled GUID, an independent identity provider (IdP)
service is required, which is acceptable to all participating
CSPs. This GUID is essential for service mobility as it allows
users to retain their identity while switching between CSPs.
Figure 2 illustrates linking the service-based UserID and
the service-independent GUID. It shows how Alice uses the
framework directory services to discover and authenticate Bob
before establishing a connection. To initiate a call request,
Alice needs to know Bob’s well-known identifier for the
service that Bob is using. Alice uses the discovery service of
her own CSP to discover Bobs GUID that Bob is currently
using. The global registry, which is independent of the CSP,
finds Bob’s GUID, and can link it to one or more service-
based UserIDs. If Alice has previously contacted Bob then the
GUID can be accessed from the local address book Graph
Connector’. After discovering Bob’s GUID, Alice must
Figure 1: Cross-Domain Identity & Discovery Functional
Architecture
4
establish whether Bob is currently contactable on any on his
services with their associated different identifiers. This is
facilitated by using the UserIDs found on the global registries
to access the local domain-based registries, where the
currently active Hyperties status is registered dynamically.
Hence, Alice may find at least one UserID for Bob that has a
current IP (or none if Bob is not contactable at this moment).
The mechanism of registering running Hyperties by each
compatible calling service is therefore the means of setting up
connectivity between Alice’s own Hyperty and Bob’s
Hyperty. Before establishing a communication session, Alice
and Bob authenticate each other using third party identity
providers. Furthermore, the trustworthiness of the
communicating participant can be checked using the trust
engine service.
IV. AUTHENTICATION AND TRUST ESTIMATION
The framework supports peer-to-peer authentication that
allows not only user-to-service authentication, but also user-
to-user by the verifications of Identity Assertions (IAs). In
order for the mutual authentication to be successful, all
messages are required to have an IA, which is a digital
certificate. Therefore, to authenticate a message, the sender’s
IA that is obtained from the sender’s own IdPs is attached to
the message, containing the user’s public key. To confirm that
the public key actually corresponds to the claimed identity, the
receiving user (i.e. the ‘called party’) contacts the sender’s IdP
to validate the content of the sender’s IA. When the receiver
validates the sender’s digital signature (the confirmation of the
assertion), he can encrypt the response to the sender’s
challenge with his own identity assertion. Then, to conclude
the procedure, the mutual authentication inverts the roles, so
that the receiving party becomes the one who must prove his or
her identity assertion, using the same procedure.
The IdP role is to issue such IAs and to confirm the
ownership of the identity in response to enquiries by other
parties. In WebRTC, it is proposed that IAs are generated and
verified through the IdP-Proxy mechanism [10]. Similarly, in
our framework, an IA (e.g. implemented by a JSON Web
Token [17], as in OpenID Connect) is attached to the call offer
as well as the answer, so the calling parties exchange identity
assertions that are then confirmed by their respective IdPs. As
the IA contains the IdP’s URL, the other party can contact the
issuing IdP. Hence, the WebRTC authentication process is
supported by the framework that identify the called party’s IdP
even if the caller’s service that initiated the connection request
is not aware of it beforehand.
While these flexible features allow greater inter-service
cooperation, they also raise some security and integrity
concerns, because the originating service is not able to set
some defense mechanisms, such as limiting the intended
audience that has access to the full identity information.
Difficulties or even security breaches can be caused if the IA
is available to any party, not only those that the IA was
intended for, when implementing IdP Proxies for standard
protocols such as OpenID Connect. To resolve this, the
IdModule component at the user device includes the GUID in
the assertion, which limits the scope of intended audience, and
refreshes the user’s assertion token frequently. Every time a
user starts a communication session with another user, the
process of mutual authentication commences using the
particular requirements of the calling services (formats,
protocols), and a dialogue based on the TLS handshake is
initiated, setting the required parameters accordingly. This
process of authentication results in the exchange of the
symmetric keys to be used in secure communication, so even
if one user seeks anonymity, the other user is still
authenticated, in order to establish a secure channel.
The sequence diagram of the registration of a new identity
in the IdModule is presented in Figure 3. To initialize the
registration procedure, the IdP’s URL is provided by the local
runtime in the user’s device to the IdModule, which is a
generic endpoint application that supports all the different
Hyperties from multiple CSPs. The IdP URL allows the
IdModule to retrieve an IdP-Proxy and instantiates it
temporarily on the user’s device. The ‘runtime’ generic client
Figure 2: Cross-Domain User Discovery
Figure 3: Identity Registration Sequence Diagram
5
must authorize the IdP-Proxy to serve as an IdP delegate in
order for the IdP-Proxy to connect to the issuing IdP and
retrieve a digital signature. The authenticated GUID identity is
associated with the downloaded Hyperty that requested
authentication, thus linking the UserID and the GUID. Further
details including sequence diagrams of identity association
with Hyperty instance, identity assertion generation and
verification are found in our report [18].
While the framework facilitates mutual authentication for
given identifiers, this does not ensure that the users are trusted
to act in an acceptable, responsible and legitimate manner.
Users may be involved in spam calls, sending malicious
content, phishing, identity misrepresentation etc. We define
trust between communicating participants as the belief that
they will act in an acceptable and legitimate manner over the
established communication session. Establishing trust between
communicating parties will reduce uncertainty and risk
involved while establishing a communication session. The
evaluated trust enhances users security and privacy by
minimizing unwanted call activities. Various parameters have
been previously considered for the computation of trust, such
as identification, experience, and recommendation [18]. We
propose a reputation based trust model that uses
recommendations and user behavior to evaluate trust.
Recommendations are based on user experiences whereas call
characteristics (such as incoming/ outgoing and talk time) are
used to predict the user’s popularity and acceptability in the
network. Further detail on the evaluation of trust and
implementation of trust engine can be found in [20].
V. DIRECTORY SERVICES
The endpoint discovery and reachability is designed in a
modular way, using three directory services: registry,
catalogue, and discovery [21]. The catalogue stores descriptors
of Hyperties that the users can utilize (i.e. services and domains
that the user can log into); the registry stores information on
how to reach a Hyperty instance that the user has activated (i.e.
login status for a particular calling service); whereas discovery
services provide ways for users to find other users to initiate
communication for a discovered identifier and domain.
A. Registry
In order to initiate a connection to a specific user Hyperty
instance, it is required to know its current network address.
Our framework allows frequent changes of locations (IP
addresses and devices) and of domains (CSPs calling services)
by the user. All information required to initiate a connection to
a Hyperty is published in a registry service upon the initiation
of a Hyperty instance, and is removed from the registry when
the instance is terminated. If the network address of the device
running the Hyperty instance changes, the information is
updated automatically to provide a seamless way to connect to
the Hyperty instance. Hence, the registry provides a directory
of users who are available to receive communication requests.
Our framework allows seamless migration of users
between different CSPs. A globally unique identifier (GUID)
is assigned to each user. These GUIDs are domain agnostic
and can be kept even after changing the association to a
service provider. A GUID is derived from a user’s public
ECDSA key and a cryptographic salt, using the key derivation
function PBKDF#2, where the GUID, the public key, the salt,
and other relevant information are published as a digitally
signed JSON Web Token [17] in a distributed directory
service, the global registry. The GUID can be used for
identification purposes regardless of the CSP’s domain, hence
it allows mobility between CSPs. Each user is also identified
within the CSP domain by the UserID, which is the identifier
that unlocks access to the particular service. As users may
want to use services of multiple CSPs, each user may have
more than one UserID.
Registry services in the cross-domain identity framework
comprise of two main components: the global registry and the
domain registry. The global registry is built on P2P
technology using a Kademlia-based DHT, similar to the global
social lookup service [22]. Following this approach, a single
point of failure is avoided, resulting in a distributed and
domain-independent directory service. While the global
registry is able to provide fast response times for read
operations, write operations are much slower [23]. Hence, data
that has to be updated frequently is stored in domain registry
services, which follow a traditional client-server approach to
facilitate fast response times not only for read operations but
also for frequent write operations, as a result of updated client
information. The global registry resolves a user’s GUID to the
CSP specific UserID, whereas the domain registry translates
UserIDs to the information about the Hyperty instances of this
user, i.e., the IP location or URL of a reachable endpoint for
this user. This allows other users and network devices to
initiate a connection to the actual Hyperty location of the user.
Figure 4 outlines the relationships between Hyperty, global
registry, and domain registry. When initiating a connection to
a Hyperty instance, the global registry is queried using GUID,
to obtain the target user’s UserID and its current domain
registry server. In the following step, the domain registry uses
the user’s UserID to obtain the current Hyperty IP address.
B. Catalogue
The catalogue service conceptually acts as a software
repository that contains information and the executable code
for Hyperties. The catalogue is the initial entry point providing
6
components to be executed at end user devices. Access to the
catalogue has to be provided via standard protocols, widely
used. The resource-based view of catalogue entries allows
representing them according to OMA-TS-Lightweight M2M
[24]. Create, read, update, and delete (CRUD) based access
can be directly mapped to http or lwm2m/coap-based
operations. The architecture follows for its catalogue RFC
6690 [25], specifying URIs to descriptors as entries of a “well-
known” core, which allows standard-compliant discovery of
all stored resources via an http-get operation. The catalogue is
implemented in two components: the catalogue broker and the
catalogue database. The broker acts as an aggregation point
for all databases storing catalogue objects; hence the broker is
contacted by the framework components to request
information on a catalogue object stored in any of the attached
databases. The advantage of this approach is that databases
from anywhere in the world may be attached and detached, to
allow deploying newly developed Hyperties on-the-fly.
C. Discovery
The discovery component allows searching for
conversational partners in a similar way to Internet search
engines. The discovery service assist users who are looking to
connect to people for whom they do not have contact details or
an address-book entries. For better usability, active endpoints
for a user must be found even without knowing the CSP, the
UserID, or the GUID, by searching on users’ characteristics
and attributes. The discovery service may find more than one
profile matching the search query, since users could be using
several devices and services simultaneously.
A RESTful API allows passing search requests to the
semantic interpretation component within the discovery
service, which returns matching data records, including the
respective registry keys. The registry keys are used for a
lookup of the communication endpoints in the global registry.
The discovery service implementation is a combination of a
search engine and a directory service. Users are able to create
accounts and store directory profiles, so that the service can
discover users by various attributes, such as email addresses,
links to social network profiles, or phone numbers. These
profiles are only visible per user-defined privacy policies,
meaning that a user can configure who can see what parts of
the information and under what conditions. The core of the
discovery in our implementation is based on the Apache Solr
2
search engine. Solr can be run as a single instance or in a
distributed manner. User logins, profiles, and the related
policies can be stored in distributed databases. Once a profile
is searched, it can be loaded from the related database, so
profiles can be maintained by several players.
VI. PRIVACY AND SECURITY ANALYSIS
The migration of the authentication task to the endpoint
allows the framework to provide a consistent authentication
method to any compliant service. However, this entails further
measures of security and privacy assurance. For example, the
2
Apache Lucene Project Website http://lucene.apache.org
IdModule should be setup to refresh the security tokens for
users regularly, and determine the target audience who may
receive the identity assertion, with its user information. Each
party performs authentication at the respective endpoint,
regardless of the CSP, but more parties are now involved,
when including independent IdPs and different CSPs.
The two identifiers - the GUID and the UserID, are used
by the framework as static and correlated levels of
identification. The universal level is defined by the GUID,
which is accessible through a discovery engine. It ensures
uniqueness and accessibility of the associated user. The
UserID is specific to an administrative domain associated with
a CSP. The UserID is also the user subscription ID at the CSP,
which allows access to the hyperties that are provided by the
CSP. The linking of multiple identities with the GUID and to a
profile with user attributes adds resilience against identity
theft, in the same manner as multi-factor authentication
procedure. Users can use an independent IdP to manage
several CSP-bound identifiers and link them to a single
profile. The user can define under which strategy and which
IdP the different subsets of CSP-bound identifiers may be
allocated. As shown in Figure 5, each user has a unique GUID
and several CSP bound identifiers maintained by the IdP that
can be presented for authentication.
The relationship between the user, IdPs and CSPs is
determined by the manner of choosing them and the details of
the subscription contract. IdPs and CSP have access to the
‘user digital life’ that is marketable for advertising, and may
be seen as infringement of privacy. A CSP has complete
knowledge of all the communication activities of the UserID
that it has allocated to the user. An IdP has knowledge of all
the authentication requests that involve any of the identifiers
that it manages, i.e. multiple CSPs’ UserIDs for the same
GUID. However, if the user subscribes to more than one IdP,
no one IdP can have a full view of all the user’s
communication. Hence, a user strategy of using IdPs, but
distributing CSP identifiers between several IdPs can prevent
one party acquiring full knowledge of all the user’s activities.
The requirements for authentication should support
different levels of user privacy and anonymity, such as
untraceable identity, pseudonymous identity, and unlinkability
[26]. Privacy features for disclosure or surveillance [27] are a
well-discussed topic for Internet services, but little has been
Figure 5: Levels of User Identification
7
implemented. Our distributed identity framework considers
such issues from the design phase onwards, to avoid current
retrofitting issues, as seen on the web. In addition, the
architecture enables user choice of IdPs, putting the user in
full control of information that is shown to others, provided
the IdP enforces agreed policies. The implemented discovery
process allows configuring visibilities, ranging from being
visible only to selected few users to being universally visible
to all.
The screening of communication partners is likely to be
even more attractive as threats and nuisance calls become
more prevalent and more pernicious. In particular,
cybercrimes based on misrepresentation to obtain sensitive
information are fast growing. Furthermore, web calling
services are used to distribute malicious content, viruses and
spywares. Therefore, in order to enhance security methods of
estimating user trustworthiness should be introduced in to web
calling services.
VII. SUPPORT SERVICES
In our framework, the Hyperties are created by and
received from remote CSPs. To ensure the correct governance
of the Hyperty at the endpoint, the downloaded Hyperties need
to obey the policies defined by their respective CSPs, hence
multiple policy rules need to be considered. Therefore, the
framework must provide policy management component to
manage rules and policies, obeying several CSPs, but
coordinating between them and the users. Another supporting
service is exploiting techniques borrowed from online social
networks, such as the social graph, to link contact lists and
enquire on unknown callers’ reputation, using the framework
Graph Connector service.
A. Policy Management
CSPs provide several supporting services that maintain
potentially sensitive information, the access to which must be
controlled. The domain registry, for example, should be able
to restrict user discovery according to preferences expressed
by the user when subscribing to the service. In the same way,
the information about the current live Hyperties maintained in
the domain registry should be accessible in a controlled way.
The correct governance within the framework is enforced
using policies that make authorization decisions, such as who
has access to what, at which time, under which conditions.
The delivery of information is controlled using a classical
Policy Decision Point (PDP) and Policy Enforcement point
(PEP) structure [28]. The policy decision-making and
enforcement are carried out independently by PDP and PEP
components, which are driven by the policy engine. The
policy engine acts as an access control point in the system: all
messages originating from or delivered to Hyperties in the
user device runtime environment are subject to interception
and authorization by the policy engine. When a message is
intercepted, the policies specified by the user are loaded and
validated against that message. The reasonable mutualization
of the PDPs is not suitable for the distributed nature of the
CSP domain. To cope with the presence of multiple dedicated
PDPs, distributed operation is used. We introduce a Policy
Orchestrator that maintains global consistency between the
different points of policy evaluation and enforcement.
Different CSPs may need dynamic and time-critical negotiated
policies to be applied to inter-domain sessions. Such
negotiations can be carried out by a policy broker in the policy
orchestrator. The description of the framework policies are
recorded by XACML, using the XML specification language,
or Ponder [29]. Following [30], JSON can be a valuable and
“fat-free” alternative to XML.
B. Graph Connector
The framework includes a module to learn about previous
connections and provides a method of contacting previous
calling parties without having to search for them. By
managing a list of known communication endpoints, users can
stay connected to other users independent of their location or
context. The Graph Connector acts as a local address book or
contact list stored in a distributed manner. The distributed
graph not only indicates friendship relations but also relations
like similar taste in music, similarity in location traces, etc.,
thus, forming additional tiers in the social graph based on
common context and location [31]. The idea is to have
different applications build on different edges of the graph.
This distributed graph information may also be used to
estimate the trust level between users that have not previously
interacted with each other. Receiving an incoming call from
an unknown GUID, by checking the user’s contacts, the
framework runtime service at the endpoint can determine if
there are mutual contacts with the caller, indicating a
trustworthy relationship. In order to respect the user’s privacy,
hashing algorithms can be employed in order to mask
identifiers or profile data. Existing research utilizing bloom
filters when comparing user profiles while preserving privacy
seems the most promising [32]. Using a bloom filter minimal
data structure enables calculations to be made on smartphones
with bandwidth and battery constraints. Users store the GUIDs
of their direct contacts in such bloom filters. Users can look
up a specific GUID (a caller, for example) to determine if this
GUID has mutual direct contacts. Bloom filters allow
probabilistic checks for set membership but do not allow
direct lookup of data belonging to other users, hence they
provide the required information (e.g. matched mutual friends)
while protecting privacy (e.g. not disclosing the whole list). It
is also possible to set a privacy flag that that will prevent a
particular GUID from being hashed into the bloom filter, for
added selective security.
VIII. CONCLUSION
In this paper, we present a novel cross-domain identity and
discovery framework that allow users to be discovered,
identified, and authenticated across different service domains.
The proposed solution is based on registering active users in
their own service domain, but allowing the availability status
to be searched by all participating CSPs, thus facilitating
discovery of contactable users. The framework identity
management is underpinned by correlating the service login
identifiers that are allocated by the CSPs to a user-selectable,
globally universal, service-independent identifier (GUID) that
can be searched globally. The authentication procedure is P2P-
based, conducted by the calling parties respective IdPs, and is
decoupled from the service logic. The discovery,
8
authentication and contact-list services are designed for
controlled privacy. Hence, this framework is a new method of
enabling cross-service domain communication that empowers
user choice and supports privacy.
ACKNOWLEDGMENT
This work has received funding from the European Union’s
Horizon 2020 research and innovation program under grant
agreement No 645342, project reTHINK.
REFERENCES
[1] A. Bergkvist, D. C Burnett and C. Jennings, WebRTC 1.0: Real-time
Communication Between Browsers, W3C Working Draft, 10 February
2015.
[2] R. Barnes and M. Thomson, Browser-to-Browser Security Assurances
for WebRTC, IEEE Internet Computing, vol. 18, no. 6, pp. 11-17,
Nov.-Dec. 2014.
[3] E. Bertin, S. Cubaud, S. Tuffin, N. Crespi and V. Beltran, WebRTC,
the day after: What's next for conversational services?, International
Conference on Intelligence in Next Generation Networks (ICIN 2013).
[4] I. Javed et al, “Global Identity and Reachability Framework for
Interoperable P2P Communication Services, 19th Conference on
Innovations in Clouds, Internet and Networks (ICIN 2016).
[5] S. Becot, E. Bertin, J. Crom, V. Frey and S. Tuffin, Communication
services in the Web era: How can Telco join the OTT hangout?,
International Conference on Intelligence in Next Generation Networks
(ICIN 2015).
[6] K. Lampropoulos, D. Sanchez, F. Almenares, P. Weik, and S. Denazis.
2010. Introducing a cross federation identity solution for converged
network environments, Principles, Systems and Applications of IP
Telecommunications (IPTComm '10), ACM, New York, NY, USA, pp.
1-11.
[7] V. Beltran, Characterization of web single sign-on protocols, IEEE
Communications Magazine, vol. 54, no. 7, pp. 24-30, July 2016.
[8] M. Jones and D. Hardt,”The OAuth 2.0 Authorization Framework:
Bearer Token Usage,” IETF RFC6750, 2012.
[9] N. Sakimura, J. Bradley, M. Jones, B. Medeiros and C. Mortimore,
OpenID Connect Core 1.0, The OpenID Foundation (2014).
[10] E. Rescorla, “WebRTC Security Architecture,” IETF Internet Draft,
Standards Track, June 2016.
[11] V. Beltran, E. Bertin and N. Crespi,User Identity for WebRTC
Services: A Matter of Trust, IEEE Internet Computing, vol. 18, no. 6,
pp. 18-25, Nov.-Dec. 2014.
[12] R Copeland “Converging NGN Wireline and Mobile 3G Networks with
IMS” CRC Press, Talor & Francis Group, 2009.
[13] L. Li, W. Chou, T. Cai, Z. Wang and Z. Qiu. Mirror Presence: Secure
Web Identity Resolution and Call Control for WebRTC,Proceedings of
International Conference on Information Integration and Web-based
Applications & Services (IIWAS 2013) ACM, New York, NY, USA, pp.
523-532.
[14] S. Göndör and H. Hebbo, SONIC: Towards seamless interaction in
heterogeneous distributed OSN ecosystems, IEEE 10th International
Conference on Wireless and Mobile Computing, Networking and
Communications (WiMob), Larnaca, 2014.
[15] L. Cutillo, R. Molva and T. Strufe, “Safebook: A privacy-preserving
online social network leveraging on real-life trust, in IEEE
Communications Magazine, vol. 47, no. 12, pp. 94-101, Dec. 2009.
[16] A. Bouabdallah, “Data Models and Interface Specification of the
Framework, reTHINK project Deliverable,
http://dx.doi.org/10.18153/RTH-645342-D2_2.
[17] M. Jones, J. Bradley and N. Sakimura, "JSON Web Token (JWT),"
IETF Standard 2015.
[18] J.-M. Crom,”Management and Security features specifications,”
reTHINK project Deliverable, 2015, http://dx.doi.org/10.18153/RTH-
645342-D4_1.
[19] I. Javed, K.Toumi, N. Crespi and A. Mohammadinejad, Br2Br: A
Vector-based Trust Framework for WebRTC Calling Services, IEEE
IEEE International Conference on High Performance Computing and
Communications (HPCC 2016), 12-14 December, Sydney, Australia.
[20] J.-M. Crom, Implementation of Governance and identity management
components,” reTHINK Project Deliverable.
[21] I. Friese, R. Copeland, S. Göndör, F. Beierle, A. Küpper, R. Pereir and
J.-M. Crom,Cross-Domain Discovery of Communication Peers.
Identity Mapping and Discovery Services (IMaDS),IEEE European
Conference on Networks and Communications (EuCNC) 2017.
[22] S. Göndör, F. Beierle, S. Sharhan, and A. Küpper, “Distributed and
Domain-Independent Identity Management for User Profiles in the
SONIC Online Social Network Federation,” International Conference on
Computational Social Networks, Springer 2016.
[23] S. Göndör, F. Beierle, E. Küçükbayraktar, H. Hebbo, S. Sherhan and A.
Küpper,Towards Migration of User Profiles in the SONIC Online
Social Network Federation, International Multi-Conference on
Computing in the Global Information Technology (ICCGI), 2015.
[24] Alliance, Open Mobile. Lightweight machine to machine technical
specification.” Technical Specification OMA-TS-LightweightM2M-V1,
2013.
[25] Z. Shelby, Constrained RESTful Environments (CoRE) Link Format,”
IETF standard, August 2012.
[26] R. Copeland, K. Corre, I. Friese, S. El Jaouhari,Requirements for Trust
and Privacy in WebRTC Peer-to-peer Authentication IETF internet
draft, September 2016.
[27] A. Cooper et al., “Privacy Considerations for Internet Protocols, IETF
RFC 6973, 2013.
[28] R. Yavatkar, D. Pendarakis and R. Guerin, A Framework for Policy-
based Admission Control,” IETF RFC 2753, 1999.
[29] N. Damianou, N. Dulay, E, Lupu and M. Sloman,The ponder policy
specification language, Policies for Distributed Systems and Networks,
Springer, Berlin, Heidelberg, 2001, pp 18-38.
[30] D. Crockford, “JSON: The Fat-Free Alternative to XML, XML 2006
Conference, Boston, Dec. 2006.
[31] F. Beierle, S. Göndör and A. Küpper, Towards a Three-tiered Social
Graph in Decentralized Online Social Networks, Workshop on Hot
Topics in Planet-scale mobile computing and online Social networking
(HotPOST ’15), ACM, 2015.
[32] M. Alaggan, S. Gambs, and A. Kermarrec, BLIP: non-interactive
differentially-private similarity computation on bloom
filters, Symposium on Self-Stabilizing Systems, Springer, Berlin
Heidelberg, 2012.
... Actually, authentication in OAuth 2 is 11: VoIP designates the techniques to communicate using voice or voice and video over any compatible IP networks. 12: Note that in interconnectivity scenarios, gateways can decrypt SRTP profile for DTLS streams unless both endpoints are using SRTP profile for DTLS in conjunction with verified identity assertions. ...
... While this seems to be a major vulnerability, in the context of real-time communication it may be a legit requirement from CS as they may be subject to lawful interception requirements. In comparison, mounting lawful intercept against SRTP profile for DTLS is mainly possible through a Man-in-the-Middle (MitM) interception as described earlier 12 . DTLS was considered by the IETF as offering stronger security guarantees and qualified as mandatory to implement. ...
... In 2015, Vapen et al. [153] studied the identity management landscape on the web 12 . In their study, they classified the type of information shared by IdP to RP in five classes: basic information, personal information, created content, friend's data, and a transversal action class. ...
Thesis
In this thesis, we propose three main contributions : In our first contribution we study the WebRTC identity architecture and more particularly its integration with existing authentication delegation protocols. This integration has not been studied yet. To fill this gap, we implement components of the WebRTC identity architecture and comment on the issues encountered in the process. In order to answer RQ1, we then study this specification from a privacy perspective an identify new privacy considerations related to the central position of identity provider. In the Web, the norm is the silo architecture of which users are captive. This is even more true of authentication delegation systems where most of the time it is not possible to freely choose an identity provider. In order to answer RQ3, we conduct a survey on the top 500 websites according to Alexa.com to identify the reasons why can't users choose their identity provider. Our results show that while the choice of an identity provider is possible in theory, the lack of implementation of existing standards by websites and identity providers prevent users to make this choice. In our second contribution, we aim at giving more control to users. To this end and in order to answer RQ2, we extend the WebRTC specification to allow identity parameters negotiation. We present a prototype implementation of our proposition to validate it. It reveals some limits due to the WebRTC API, in particular preventing to get feedback on the other peer's authentication strength. We then propose a web API allowing users to choose their identity provider in order to authenticate on a third-party website, answering RQ2. Our API reuse components of the WebRTC identity architecture in a client-server authentication scenario. Again, we validate our proposition by presenting a prototype implementation of our API based on a Firefox extension. Finally, in our third contribution, we look back on RQ1 and propose a trust and security model of a WebRTC session. Our proposed model integrates in a single metric the security parameters used in the session establishment, the encryption parameters for the media streams, and trust in actors of the communication setup as defined by the user. Our model objective is to help non-expert users to better understand the security of their WebRTC session. To validate our approach, we conduct a preliminary study on the comprehension of our model by non-expert users. This study is based on a web survey offering users to interact with a dynamic implementation of our model.
... Moreover, data portability, being the ability to move a profile to another provider, is not possible without manually copying all data associated with a social profile [98] [99]. Exceptions to this are Friendica 11 and Diaspora, which allow limited exchange between the two networks by implementing the respective other platform's native protocol and allowing basic data portability through manual extraction and re-import of social profile information. 9 Facebook data policy: https://www.facebook.com/about/privacy/. ...
... Accessed: 22.5.2017 11 Friendica: http://friendi.ca/. Accessed: 22.5.2017 ...
... The concept and architecture of the GSLS was adopted by the EU-funded project ReThink (see Appendix A). ReThink proposes a novel architecture for decentralized web-based communication facilitating dynamic trusted relationships among distributed applications [8] [11]. Based on the ReThink architecture, service providers are able to build solutions for a novel distributed To address the prevalent situation of the social web being run by few organizations in a restrictive manner, alternative OSN architectures were proposed that distribute control and data to multiple independent servers. ...
Thesis
Full-text available
Online Social Networks (OSN) have become an integral part of our everyday lives. We express ourselves, create and collect content such as images or videos, share content and information with our friends and colleagues, exchange messages, or keep track of what’s happening in the world. Yet, despite social communication being implicitly a distributed, decentralized phenomenon, most OSN services are built in a central, monolithic fashion, concentrating all knowledge and power in one company or organization. This contradicts the idea of the social web, as proprietary and isolated walled gardens keep users from being able to freely choose an OSN platform provider or to effectively control their privacy. In order to mitigate the problem, alternative architectures that distribute control and data to multiple independent services were proposed. Unfortunately, the implicit network effects existing in large OSN services still prevent users from migrating to alternative solutions in significant numbers. Moreover, technical protocols for facilitating holistic and seamless interoperability and furthermore data portability in OSN services do not exist. Ultimately, today’s OSN market is dominated by one single service which has been able to attract a significant amount of users, while a large number of competing services and alternative solutions exist that combine a comparably small number of users. Two main issues have been identified that contribute to the current situation of one OSN service heavily dominating the entire market, being the lack of data portability and interoperability between different OSN services. This work proposes Sonic, a solution that aims to interconnect arbitrary OSN services into one open and heterogeneous federation of OSN services. Sonic introduces an open communication protocol and data formats that are able to facilitate interconnectivity of OSN services. The proposed architecture supports core features implemented in today’s most popular OSN services and facilitates extended functionality through an extensibility framework.
... The centralized IdM creates silos of users restricting inter-operable identification between different applications [6]. For each application, the consumer has to identify and authenticate themselves separately. ...
... In centralized IdM, the identity provider has complete control to manage the identity of users and provide them authentication services. Most of the current services and applications use centralized IdM to create a silo of users where users identified in a specific domain cannot authenticate themselves to other domains [6]. Federated IdM, on the other hand, is an arrangement between two or more organizations to allow users from one domain to authenticate and access services of other domains [26], for instance, single-sign-on systems such as Facebook connect [27]. ...
Article
Full-text available
COVID-19 has made eHealth an imperative. The pandemic has been a true catalyst for remote eHealth solutions such as teleHealth. Telehealth facilitates care, diagnoses, and treatment remotely, making them more efficient, accessible, and economical. However, they have a centralized identity management system that restricts the interoperability of patient and healthcare provider identification. Thus, creating silos of users that are unable to authenticate themselves beyond their eHealth application’s domain. Furthermore, the consumers of remote eHealth applications are forced to trust their service providers completely. They cannot check whether their eHealth service providers adhere to the regulations to ensure the security and privacy of their identity information. Therefore, we present a blockchain-based decentralized identity management system that allows patients and healthcare providers to identify and authenticate themselves transparently and securely across different eHealth domains. Patients and healthcare providers are uniquely identified by their health identifiers (healthIDs). The identity attributes are attested by a healthcare regulator, indexed on the blockchain, and stored by the identity owner. We implemented smart contracts on an Ethereum consortium blockchain to facilities identification and authentication procedures. We further analyze the performance using different metrics, including transaction gas cost, transaction per second, number of blocks lost, and block propagation time. Parameters including block-time, gas-limit, and sealers are adjusted to achieve the optimal performance of our consortium blockchain.
... WebRTC is expected to boost Voice-Over-IP (VoIP) into novel decentralized communication platforms offering cross-domain interoperability and identity portability [2] [3]. Telecom operators intend to adopt WebRTC technology in order to compete with existing OTT web conversational services [4] [5] [6]. WebRTC is thus considered by many to be a revolutionary market disruption for telecom industry. ...
... WebRTC is being used as the underlying P2P technology to build novel web-centric communication platforms [2] [3] [4] [5] [6]. The vast adaption of the WebRTC standard for web calling relies on an efficient identity and trust management system. ...
Article
Conversational web services are exposed to several threats in which the social context between communicating participants is manipulated. Cybercrimes based on identity misrepresentation to obtain sensitive information are on the rise. Various scams and frauds are conducted by distributing malicious content, viruses and spam over established communication sessions. In order to maintain overall security and enhance privacy, methods of estimating trustworthiness and reputation should be built into web calling services. In this paper, we propose ’TrustCall’ a reputation based trust model for real-time web conversational services. In our approach the reputation of a caller is evaluated using Authenticity Trust and Behavioral Trust. Authenticity Trust describes the legitimacy of a caller by collecting recommendations from other members of the network, whereas Behavioral Trust determines a caller’s popularity based on its communication behavior. Other contributions include a threat taxonomy for web calling services including social threats that directly target users. A set of experiments are conducted in order to prove the feasibility and effectiveness of our model.
... Users in the Sonic ecosystem are then able to connect to and communicate with other users using arbitrary other OSN services in the ecosystem, rendering platform gaps transparent and irrelevant. The project ReThink implements a communication architecture for peerto-peer calling for Over-the-Top (OTT) services [23]. Following the ReThink approach, devices are discovered based on a distributed, public-key-based identifier, which is resolved to a device's network address via the Identity Mapping and Discovery Service (IMaDS) [24]. ...
Preprint
Full-text available
Decentralized services and applications provide a multitude of advantages for their users, such as improved privacy, control, and independence from third parties. Anyhow, decentralization comes at the cost of certain disadvantages, such as increased application complexity or communication overhead. This aggravates the development and deployment of decentralized services and applications. In this paper we present Blade, a software platform that aims to ease the effort of development, deployment, and administration of decentralized services by implementing reusable solutions for recurring challenges developers are facing when designing decentralized service architectures. This includes functionality for e.g. identity management, access control, request handling, verification of authenticity and integrity, discovery, or routing. Blade implements all this functionality in a Blade server instance, which can be deployed on a lightweight device, such as a NAS, Raspberry Pi, or router at home. This allows users without expert knowledge to run a Blade instance with already existing hardware with little overhead. Blade supports polyglot Blade modules that implement extended functionality, such as interfaces, frontends, and business logic of decentralized applications, e.g. a decentralized instant messaging service or an online social network. Based on the Oracle GraalVM, Blade modules can be implemented in a variety of programming languages and utilize the functionality provided by the Blade server instance. Blade modules are published in a Ethereum-based decentralized marketplace from where they can be installed directly via the Blade instances...
... Users in the Sonic ecosystem are then able to connect to and communicate with other users using arbitrary other OSN services in the ecosystem, rendering platform gaps transparent and irrelevant. The project ReThink implements a communication architecture for peerto-peer calling for Over-the-Top (OTT) services [23]. Following the ReThink approach, devices are discovered based on a distributed, public-key-based identifier, which is resolved to a device's network address via the Identity Mapping and Discovery Service (IMaDS) [24]. ...
Preprint
Full-text available
Decentralized services and applications provide a multitude of advantages for their users, such as improved privacy, control, and independence from third parties. Anyhow, decentralization comes at the cost of certain disadvantages, such as increased application complexity or communication overhead. This aggravates the development and deployment of decentralized services and applications. In this paper we present Blade, a software platform that aims to ease the effort of development, deployment, and administration of decentralized services by implementing reusable solutions for recurring challenges developers are facing when designing decentralized service architectures. This includes functionality for e.g. identity management, access control, request handling, verification of authenticity and integrity, discovery, or routing. Blade implements all this functionality in a Blade server instance, which can be deployed on a lightweight device, such as a NAS, Raspberry Pi, or router at home. This allows users without expert knowledge to run a Blade instance with already existing hardware with little overhead. Blade supports polyglot Blade modules that implement extended functionality, such as interfaces, frontends, and business logic of decentralized applications, e.g. a decentralized instant messaging service or an online social network. Based on the Oracle GraalVM, Blade modules can be implemented in a variety of programming languages and utilize the functionality provided by the Blade server instance. Blade modules are published in a Ethereum-based decentralized marketplace from where they can be installed directly via the Blade instances. For identity management and discovery of endpoints, Blade relays on blockchain-based smart contracts. Identity management and discovery is implemented via an Ethereum-based registry, allowing users to create and manage their identities in a self-sovereign manner without any central entity controlling the process. This way, Blade builds a decentralized service ecosystem that supports developers of decentralized applications and services.
... Furthermore, WebRTC [1] has facilitated context-based communication where information and conversational data related to the same context are provided together. Novel VoIP platforms based on WebRTC have enabled features of cross-domain interoperability and identity portability [2]. The major factor contributing to the growth of the Internet telephony market is its price performance. ...
Article
Full-text available
Internet telephony permit callers to manage self-asserted profiles without any subscription contract nor identification proof. These cost-free services have attracted many telemarketers and spammers who generate unsolicited nuisance calls. Upon detection, they simply rejoin the network with a new identity to continue their malicious activities. Nuisance calls are highly disruptive when compared to email and social spam. They not only include annoying telemarketing calls but also contain scam and voice phishing which involves security risk for subscribers. Therefore, it remains a major challenge for Internet telephony providers to detect and avoid nuisance calls efficiently. In this paper, we present a new approach that uses caller reputation to detect different kinds of nuisance calls generated in the network. The reputation is computed in a hybrid manner by extracting information from call data records and using recommendations from reliable communicating participants. The behavior of the caller is assessed by extracting call features such as call-rate, call duration, and call density. Long term and short term reputations are computed to quickly detect the changing behavior of callers. Furthermore, our approach involves an efficient mechanism to combat whitewashing attacks performed by malicious callers to continue generating nuisance calls in the network. We conduct simulations to compute the performance of our proposed model. The experiments conclude that the proposed reputation model is an effective method to detect different types of nuisance calls while avoiding false detection of legitimate calls.
Chapter
The emergence of the Internet has greatly promoted the progress of people’s production and lifestyle. With the rapid development of the network, the Internet is not only a communication technology, but also the largest information world in human history. This paper briefly introduces the Internet of Things and its architecture, and proposes a framework for Internet of Things service provision. However, on the premise of guaranteeing the real-time and reliability of resource providers’ own applications, the framework provides an infrastructure for customizable open and shared resources.
Presentation
Full-text available
Doctoral Defense Presentation Online Social Networks (OSN) have become an integral part of our everyday lives. We express ourselves, create and collect content such as images or videos, share content and information with our friends and colleagues, exchange messages, or keep track of what’s happening in the world. Yet, despite social communication being implicitly a distributed, decentralized phenomenon, most OSN services are built in a central, monolithic fashion, concentrating all knowledge and power in one company or organization. This contradicts the idea of the social web, as proprietary and isolated walled gardens keep users from being able to freely choose an OSN platform provider or to effectively control their privacy. In order to mitigate the problem, alternative architectures that distribute control and data to multiple independent services were proposed. Unfortunately, the implicit network effects existing in large OSN services still prevent users from migrating to alternative solutions in significant numbers. Moreover, technical protocols for facilitating holistic and seamless interoperability and furthermore data portability in OSN services do not exist. Ultimately, today’s OSN market is dominated by one single service which has been able to attract a significant amount of users, while a large number of competing services and alternative solutions exist that combine a comparably small number of users. Two main issues have been identified that contribute to the current situation of one OSN service heavily dominating the entire market, being the lack of data portability and interoperability between different OSN services. This work proposes Sonic, a solution that aims to interconnect arbitrary OSN services into one open and heterogeneous federation of OSN services. Sonic introduces an open communication protocol and data formats that are able to facilitate interconnectivity of OSN services. The proposed architecture supports core features implemented in today’s most popular OSN services and facilitates extended functionality through an extensibility framework.
Article
Full-text available
This document studies the relationships of WebRTC communication users with their web Calling Services (CS) and their Identity Providers (IdPs), in order to identify requirements for IdP based peer-to-peer authentication. This study focuses in particular on issues of privacy, security and trust that are raised by the introduction of the IdP into the WebRTC call model, and by a different browser-based calling paradigm, compared with Mobile networks or traditional VoIP systems. The document lists privacy and trust scenarios for WebRTC authentication for individuals as well as organizations. This contribution is proposed to the RTCWEB working group.
Conference Paper
Full-text available
The upcoming WebRTC-based browser-to-browser communication services present new challenges for user discovery in peer-to-peer mode. Even more so, if we wish to enable different web communication services to interact. This paper presents Identity Mapping and Discovery Service (IMaDS), a global, scalable, service independent discovery service that enables users of web-based peer-to-peer applications to discover other users whom to communicate with. It also provides reachability and presence information. For that, user identities need to be mapped to any compatible service identity as well as to a globally unique, service-independent identity. This mapping and discovery process is suitable for multiple identifier formats and personal identifying properties, but it supports user-determined privacy options. IMaDS operates across different service domains dynamically, using context information. Users and devices have profiles containing context and other specific information that can be discovered by a search engine. The search results reveal the user's allocated globally unique identifier (GUID), which is then resolved to a list of the user's service domains identities, using a DHT-based directory service. Service-specific directories allow tracking of active endpoints, where users are currently logged on and can be contacted.
Conference Paper
Full-text available
As of today, communication habits are shifting towards Online Social Network (OSN) services such as WhatsApp or Facebook. Still, OSN platforms are mostly built in a closed, proprietary manner that disallows users from communicating seamlessly between different OSN services. These lock-in effects are used to discourage users to migrate to other services. To overcome the obvious drawbacks of proprietary protocols and service architectures, SONIC proposes a holistic approach that facilitates seamless connectivity between different OSN platforms and allows user accounts to be migrated between OSN platforms without losing data or connections to other user profiles. Thus, SONIC builds the foundation for an open and heterogeneous Online Social Network Federation (OSNF). In this paper, we present a distributed and domain-independent ID management architecture for the SONIC OSNF, which allows user identifiers (GlobalID) to remain unchanged even when a profile is migrated to a different OSN platform. In order to resolve a given GlobalID to the actual URL of a social profile the Global Social Lookup System (GSLS), a distributed directory service built on peer to peer technology is introduced. Datasets called Social Records, which comprise all information required to look up a certain profile, are stored and published by the GSLS. Following this approach, social profiles can be migrated between OSN platforms without changing the user identifier, or losing connections to other users’ social profiles.
Conference Paper
Full-text available
Advancements in web real time technologies are revolutionizing the way communication is taking place, where new emerging web services are confronting the traditional Telco operated communication services. This has led to the development of new web-centric service architecture that will allow service providers to provide their communication services globally. This architecture uses web based communication techniques that enables endpoints to become a mesh of live users, who can communicate in a peer-to-peer fashion. To distinguish such a service from current ‘best effort Internet’, it must be supported by appropriate governance, trust and security features. This distributed architecture presents new issues regarding authentication of non-service-bound user identities, finding users reachable addresses and providing a trustworthy communication environment. To provide these support services this paper introduces four different components namely: Identity Management, Policy & Governance, Graph connector and Directory services.
Conference Paper
Full-text available
Evolutions of communications and the advent of Web real time technologies are further challenging the Telco ecosystem. New architectures are emerging to enable new services in a context where assets as identity, signaling and network management are decoupled and virtually delaminated, so to speak. This paper tackles three challenges to face to enable Telco to embrace these evolutions. First we need a secure, trustful and privacy-friendly way of using services provided by various identity and communication providers. Second, we need a versatile framework to develop and deploy communication services. The third challenge is to overcome the limitation of besteffort networking by enabling specialized network services for de-perimeterized service delivery.
Conference Paper
Full-text available
Online Social Networks have become one of the main tools for interpersonal online communication. In the age of the smartphone, mobile user scenarios become more and more important for Online Social Networks. Smartphones enable location-based and context-aware services, but bring the increased risk of privacy violations - at least in centralized OSN architectures. Decentralized Online Social Network architectures are promising as they inherently offer better privacy and less dependence on a single service provider, but they bring new challenges regarding core features of Online Social Networks. In this paper, we introduce a three-tiered view of the social graph and propose a new architecture for decentralized Online Social Networking applications, supporting the three-tiered view and focusing on location-based and context-aware user scenarios.
Conference Paper
Full-text available
Online Social Networks (OSNs) have become an important part of our everyday online lives. We communicate, share content, and organize meetings and events using OSN platforms. However, even though there is a strong trend towards OSN services to become the main communication medium, most OSN platforms are still proprietary, closed services that keep users from connecting directly and seamlessly to the services of other OSN platforms. The resulting lock-in effects are intentionally created by OSN operators, as their business models are built mostly on targeted advertisement services. We envision a truly open and decentralized ecosystem of OSN platforms, where users are not cut off from friends using other social platforms and can freely migrate from one OSN platform to another at any time without losing established relationships in the social graph. This would allow users to freely choose an OSN platform of their liking instead of being limited in their choice to the platform used by one's friends. In this paper, we give an overview about the issues addressed within the research project SONIC and present the architectural requirements as well as the architectural concepts of the proposed solution. The project proposes an decentralized and heterogeneous federation of OSN platforms connected via a communication protocol that allows different OSN platforms to seamlessly communicate with each other and gives users the ability to migrate social profiles between platforms on demand.
Article
Single Sign On (SSO) protocols are today integrated in millions of web services so end users can authenticate to a third-party identity provider (IdP) to access multiple services. IdPs normally provide integration tools that hide almost all implementation details and allow developers to implement SSO in minutes. Such integration tools along with cumbersome protocol specifications result in developers without a clear view of the underlying SSO protocol. This article presents a conceptual characterization of web SSO protocols through their assertions and their features that help preserve the privacy of the user resources involved in SSO.