XACML-Based Access Control for Decentralized Online Social Networks

With the increasing popularity of Online Social Networks (OSNs), one type of Big Data, namely personal, sensitive, and behavioral information, is being collected, analyzed, and spread on the Internet. As the collection and mining of user data improves, both qualitatively and quantitatively, users' privacy is more and more at risk. Current OSNs and other web services are, at least logically, centralized and thus more vulnerable to accidental or deliberate privacy leaks as well as inference. Decentralization, taking away the control of a single service provider, can be a step toward preserving the users' privacy and giving them control over their own data. Even after removing the threats from centralized big data, the users' personal data needs to be protected from unauthorized access. In contrast to other proposals for decentralized OSNs, we aim to provide the basis for a privacy-preserving system built from light-weight and readily available components, namely the eXtensible Access Control Markup Language (XACML) and the Security Assertion Markup Language (SAML) with secret-key authentication, including simple ways of formulating access policies for users. We find that this combination provides a straightforward way of keeping and deliberately sharing personal information with other users that is robust against a range of attacks including unauthorized access at least in the case of every user's profile being stored on machines under their control. One can consider replicas on trusted servers; storage on untrusted servers, however, is left for future work.