Sociddea
Lead: Stefan Wild
Main Contributors: Alexey Tschudnowsky, Sebastian Heil, Fabian Wiedemann, Martin Gaedke, Markus Ast, Falko Braune, Dominik Pretzsch, Michel Rienaecker, Anna Scholtz
Introduction
Sociddea is a WebID identity provider and management platform. With Sociddea, a user can automatically create a new WebID, an underlying WebID profile and an associated client certificate. Although Sociddea allows users to host their WebID profiles in the ecosystem provided by Sociddea, there is no need to do this, i.e., users can also create new client certificates for profiles hosted somewhere else. Sociddea users benefit from hosting their identity data on the platform in that they are assisted carrying out various tasks related to their WebID-based identity. The platform allows users to easily connect to each other via drag and drop of WebIDs. A graphical editor eases adding and modifying profile information. Sociddea enables profile owners to secure their identity data from access or retrieval attempts they do not agree with. The platform facilitates creating customized views on WebID profiles by applying filters specific to the identity of the requesting party. Such views are not only easy to maintain and portable, but also allow flexible filter expressions and an efficient execution. Sociddea can represent a view on a WebID profile in various ways, as shown in the figure below. The platform is built upon Microsoft's ASP.NET MVC4 framework.
Diverse screencasts that illustrate Sociddea's capabilities are available in the screencast section. For a live demonstration of Sociddea integrating recent features, please visit the demo section.
Demonstration
The Sociddea WebID identity provider and management platform is available at https://vsr-demo.informatik.tu-chemnitz.de/sociddea/.
To get the best experience we recommend using Mozilla Firefox, Google Chrome, or Opera (in this particular order)
WAM++ - Systematic Composition of Web-based Applications with Focus on Security
With increasing complexity of web-based applications, traditional engineering from scratch becomes an effortful matter with security aspects difficult to oversee. By composing applications from reusable building blocks, component-based web engineering approaches promise to reduce time to market while providing flexibility to changing conditions. Yet, they face a trade off between developing software in an agile fashion and establishing a solid security foundation. To mitigate risks through successful attacks, web engineers must however ensure security during the entire lifetime of web-based applications. The WAM++ approach combines well with existing methodology and assists engineers in designing web-based applications with a strong emphasis on security. Based on the theoretical foundation from prior work, WAM++ introduces a vocabulary to describe both the architecture of web-based applications and involved services. Furthermore, WAM++ supports engineers by an online diagraming tool that is prototypically implementated in the Sociddea identity management platform.
For a screencast on WAM++ please be referred to the screencast section. A live demo is available here.
DASC - Scope-aware Delegations in Distributed Social Networks
With things going faster and faster in our globalized world, it is vital to swiftly meet challenges by allocating derived responsibilities to eligible workers. Delegation is a crucial element in this context to increase efficiency and relieve decision makers, but it also requires measures to prevent delegatees from exceeding assigned competencies. Distributed social networks are well-suited to represent employers and organize teams without implying further system dependencies. Being a foundation for establishing distributed social networking, WebID by W3C provides universal identification and global authentication, but it does not yet enable users to delegate access rights to others in a controlled way to act on their behalves. The DASC approach enables scope-aware delegations in distributed social networks using WebID. DASC is integrated into the Sociddea WebID identity provider and management platform.
For a screencast on DASC please be referred to the screencast section. A live demo is available here.
IronClad - Detecting Malicious Manipulation in User Profiles
Empowering people to express themselves in global communities, social networks became almost indispensable for exchanging user-generated content. User profiles are essential elements of social networks that represent their members, but also disclose their personal data to companies. Aiming at providing control about personal data, W3C's WebID offers an alternative to centralized social networks that enables users to self-manage their profile data. WebID relies on trusting the systems that host user profiles. There is a risk that attackers exploit this trust by manipulating user profile data or stealing identities. We propose IronClad to improve trustworthiness by enabling to discover malicious manipulation in WebID profiles. IronClad takes protective measures to secure WebID profile data and, thus, allows publicly detecting tampering. IronClad is integrated into the Sociddea WebID identity provider and management platform.
For a screencast showcasing IronClad please be referred to the screencast section. A live demo is available here.
B3IDS - Building Bridges Between Diverse Identity Concepts Using WebID
Single sign-on systems enable users to log into different Web services with the same credentials. Major identity providers such as Google or Facebook rely on identity concepts like OpenID or OAuth for this purpose. WebID by the W3C offers similar features, but additionally allows for storing identity data in an expressive, extensible and machine-readable way using Linked Data. Due to differences in manageable user attributes and the authentication protocols as such, the identity concepts are incompatible to each other. With more than one identity concept in use, users need to remember or keep further credentials. We therefore proposed the B3IDS approach aiming at improving the user experience and the adoption of WebID by building bridges between diverse identity concepts with WebID. B3IDS is prototypically implemented in Sociddea.
For a screencast showcasing B3IDS please be referred to the screencast section. A live demo is available here.
WAMplus - Using Linked Data for Modeling Secure Distributed Web Applications and Services
The increasing service orientation of today's Web applications enables swift reaction on new customer needs by adjusting, extending or replacing parts of the Web application's architecture. While this allows for an agile response to change, it is inappropriate when it comes to security. Security needs to be treated as a first thought throughout the entire lifecycle of a Web application. With WAMplus, we propose an approach that does not only offer an expressive, extensible and easy-to-use way to model a Web application architecture, but also puts a strong emphasis on the security. WAMplus is exemplary implemented using the Sociddea WebID identity management system. Combined with WebID it is used to identify, describe and authenticate Web applications and services while taking their protection through WAC and fine-grained data filters into account.
CaWICC - Context-aware WebID Certificate Creation for Sociddea using SWAC
WebID enables users to authenticate through certificates instead of username/password pairs. There are different operating modes of creating such WebID certificates. Each operating mode is characterized by different aspects, a user has to deal with manually. Users should be relieved from this burden. To combine advantages of the client-side with the server-side operating mode, CaWICC serves both operating modes internally. A user can submit a request to the Sociddea WebID identity provider that is processed first on its client-side. Sociddea exploits a recommendation component for selecting a suitable operating mode, i.e., either client-side or server-side. This is done by routing the request internally to the client or server depending on the recommendation component's result. Given the detection of a user's conditions by the client-side, it enables performing this operating mode selection automatically.
CaWICC uses only one codebase, but serves both operating modes. This is possible by applying the SWAC approach. Based on this approach, SWAC also provides a framework for developing Web application codebases that work on both the server- and the client-side by making them - in their design - compatible to the differences between them.
A user can improve this operating mode selection by submitting individual preferences, e.g., trust needs, as form inputs. In addition to the operating mode selection done by the recommendation component, a fallback facility allows to switch from client to server according to the user's individual conditions, e.g., missing JavaScript compatibility. The WebID certificate is generated either in client- or in server-side operating mode and, then, send back to the user.
During the evaluation of CaWICC, we conducted a performance analysis. The measurement data the analysis is based on can be interpreted using the information about the test environment consisting of these devices and these user agents.
Screencasts
The following video clips illustrate various aspects of SociddeaWAM++: Systematic Composition of Web-based Applications with Focus on Security
DASC: Scope-aware Delegations in Distributed Social Networks
Building Bridges Between Diverse Identity Concepts Using WebID
Detecting Malicious Manipulation in WebID-based User Profiles
WebID Profile Management with Sociddea
Using WebID Profile Data hosted on Sociddea in Other Applications
Protecting WebID Profile Data from Unwanted Retrieval using Sociddea
Scientific Publications
- Anna Scholtz, Stefan Wild, Martin Gaedke (2015): Conference Paper "Scope-Aware Delegations in Distributed Social Networks"
- Stefan Wild, Falko Braune, Dominik Pretzsch, Michel Rienäcker, Martin Gaedke (2014): Conference Paper "Tamper-Evident User Profiles for WebID-Based Social Networks"
- Falko Braune, Stefan Wild, Martin Gaedke (2014): Conference Paper "Using Linked Data for Modeling Secure Distributed Web Applications and Services"
- Michel Rienäcker, Stefan Wild, Martin Gaedke (2014): Conference Paper "Building Bridges between Diverse Identity Concepts Using WebID"
- Sebastian Heil, Stefan Wild, Martin Gaedke (2014): Conference Paper "CRAWL•E: Distributed Skill Endorsements in Expert Finding"
- Stefan Wild, Martin Gaedke (2014): Journal Article "Utilizing Architecture Models for Secure Distributed Web Applications and Services"
- Sebastian Heil, Stefan Wild, Martin Gaedke (2014): Conference Paper "Collaborative Adaptive Case Management with Linked Data"
- Stefan Wild, Markus Ast, Martin Gaedke (2013): Conference Paper "Towards a Context-Aware WebID Certificate Creation Taking Individual Conditions and Trust Needs into Account"
- Stefan Wild, Olexiy Chudnovskyy, Sebastian Heil, Martin Gaedke (2013): Conference Paper "Protecting User Profile Data in WebID-based Social Networks Through Fine-grained Filtering"
- Stefan Wild, Olexiy Chudnovskyy, Sebastian Heil, Martin Gaedke (2013): Conference Paper "Customized Views on Profiles in WebID-based Distributed Social Networks"
- Markus Ast, Stefan Wild, Martin Gaedke (2013): Conference Paper "The SWAC Approach for Sharing a Web Application's Codebase between Server and Client"