PrivacySecurity
From MashupCamp
Notes from the Security & Privacy Discussion (led by HartRossman)
This was a "led discussion" with two goals. The first goal was to discuss security & privacy concepts that impact mashup developers and users; simply to raise awareness. The second goal was to brainstorm some security & privacy mashups (outside identification & authentication) that could be built. If you were a participant in the discussion, please feel free to update/edit this! If you didn't get a chance to attend the session, we'd love to have you add thoughts at the bottom.
; Security & Privacy Concepts : The following concepts were written on the board to establish some common terms across the field of security & privacy
- Confidentiality
- Integrity
- Availability
- Identification, Authentication, & Authorization
- Audit
- Incident Response
- Regulatory Compliance
- Privacy
- Some topics, like encryption, were decided fit into more than one category
; Emergent themes : Several themes emerged during the discussion, which we will attempt to capture here.
- It was evident that mashup developers are generally not cognizant of the security or privacy implications of their mashups. Users tend to be even less so. This may be due to the current mashup market environment in addition to the priorities of the developers.
- Thoughts were exchanged about the liability associated with aggregating data and managing the integrity of data for both providers & consumers.
- Mashup developers may need to circumvent browser-based cross-site scripting protections in order to make their mashups work.
- The question of who is "responsible" came up in several forms. Who is responsible for incident response (i.e. do mashup developers/maintainers need to notify their data sources of breaches). Should the data providers collaborate in incident response? Who is responsible for the due care of data, particularly if the aggregated data has a higher sensitivity than its components.
- Along the lines of responsibility, are regulatory requirements extended to mashup developers based upon the APIs they are mashing up?
- Mashup developers tend to take their cue from established API providers...and don't consider security and privacy issues that the "big guys" have made explicit.
- It was generally agreed that at some point, likely to coincide with the maturation of the mashup market, security and privacy will be embraced more pervasively.
- API providers who have identification and authentication APIs which are not part of their core business will now find themselves in the position of being the Verisign or Entrust of the mashup space. New trust centers will be established out of convenience...and the APIs may not withstand widespread scrutiny by attackers.
- Lots of opportunity for "man-in-the-middle" attacks, since mashups are the quintessential man-in-the-middle.
; Suggested privacy & security mashups (not focused on identification/authentication) : We kicked around a couple ideas for security and/or privacy mashups to be made. Maybe some enterprising spirit will put one together!
- Mashup Security Checker. Verifies security features for developers and provides the equivalent of the SSL "golden lock" for users
- Audit Mashup (bi-directional). Could support incident response between mashup developer and API providers
- API Tracker. Tracks changes in the APIs to help ensure availability
- API/Data Provider Genealogy Tracker. Displays the API data sources (inbound/outbound) to the user so that they know where the data came from and where their data is going.
- Content lineage/metadata labeling & tracking
- Personal data monitoring. Mashup that notifies users when security incidents occur at sites that they have used in the past.
There was some interest in using this space, or perhaps a mailing list, to continue this discussion and to advocate raising the bar for security & privacy in mashups.
