{"id":380,"date":"2010-08-31T16:55:08","date_gmt":"2010-08-31T16:55:08","guid":{"rendered":"http:\/\/blog.soton.ac.uk\/webteam\/?p=380"},"modified":"2010-09-01T15:01:45","modified_gmt":"2010-09-01T15:01:45","slug":"privacy-controls-for-linked-data","status":"publish","type":"post","link":"https:\/\/blog.soton.ac.uk\/webteam\/2010\/08\/31\/privacy-controls-for-linked-data\/","title":{"rendered":"Privacy Controls for Linked Data"},"content":{"rendered":"

I’ve been considering how we might allow our users to provide access to selected third parties, to data we hold about them. This includes timetables, module selections, handin deadlines. I’m very wary of anything more sensitive such as grades and feedback, but more about that in a minute.<\/p>\n

The only URIs impacted is our \/person\/ URIs as this will be the only source of personal information. The idea being that our users may wish to grant limited access to some of there information, or even make it public.<\/p>\n

Why allow users to make their information public?<\/h3>\n

I’ve got a few usecases for this. A key one comes from a student built iPhone app called iSoton which takes your university username and password and uses it to navigate several webpages to obtain your timetable and present it in a friendly format. There is no good reason for you to allow that app. access to anything more than it actually needs. With the username and password it could also read and send your email! I don’t currently have access to student timetable data, but it remains a usecase for people following the patterns we’re working out here.<\/p>\n

Another is letting students see their coursework handin timetables in a more useful format, and load them into Google Calendar or whatnot. Anything which helps the students hand coursework in on time is a bonus, in my book. This means maybe adding a new ical export mode to our system.<\/p>\n

Annoyingly we adopted the format of URI: FILEFORMAT.ecs.soton.ac.uk\/person\/123 so that maybe means one new HTTPS cert per format. Fortunately they no longer cost a fortune. If we are accepting passwords or passing out password protected data there’s no excuse not to use https.<\/p>\n

Initial Design of our Closed Linked Data<\/h3>\n

My idea is that we’ll keep the same URIs for people, but we’ll shift the RDF to https:\/\/rdf.ecs.soton.ac.uk\/ just for people, and redirect http:\/\/rdf.ecs.soton.ac.uk to it.<\/p>\n

We’ll also add https:\/\/ical.ecs.soton.ac.uk\/ (or maybe ics.ecs — whichever)<\/p>\n

Students will then be able to set their module selections and coursework information to be either private, public, or available via a username\/password. If they select to make it available via a password, then WE will generate a username:password pair for them (cjg-1:9wernhi3ewrfjio) and they will be able to set what that pair can access and give it an expiry date. Maybe we’ll insist on an expiry of 12 months or less). We won’t let them change the random password as it’s intended for one-shot cut-and-paste to phone or web-app, not remembering.<\/p>\n

In this way a student can provide access to some of their personal data to calendar and semantic web tools while retaining control, and not compromising their real password. This should also allow them to try to build some toys on top of this for 3rd year projects.<\/p>\n

As I mentioned in a previous post, it’s not acceptable to give out personal information about OTHERS to a 3rd party site or phone app, so we won’t provide a facility.<\/p>\n

ePortfolios<\/h3>\n

I had a stimulating discussion the other day with an MSc student (Niha Shaikh) looking into ePortfolios. The idea is that a student gets a transcript of their university involvement as a digital document (could be data and human-readable), this file being signed using the private key of the University of Southampton. This way they could prove to prospective employers that they got certain marks in certain modules, or show feedback from courseworks in a way that can be easily verified as sourced from the University of Southampton. They could even upload these documents to recruitment sites to help them get a job.<\/p>\n

This all ties in with the closed linked data ideas I’ve been kicking around — you could provide live access to the same data, and limit who can access it, or choose to make it public.<\/p>\n

ePortfolio Risks<\/h3>\n

I could see an immediate danger with this, were it to become standard practice: Students with externals very interested in their ongoing performance, be it parents, sponsoring organisation or home government, might be required to hand over access to this information. Can you imagine the pressure if someone was checking up on you for handing in a coursework a day late? Part of the value of university, to many students, is the chance to start becoming independent adults, and this level of monitoring would rather kill that.<\/p>\n

A passing colleague had another interesting take on this which even impacts the digitally signed document the student theoretically gets at the end of the course! If every coursework feedback and late handin penalty becomes part of what you show to a prospective employer, this suddenly becomes worth appealing as it now matters. Even small penalties on modules which don’t impact your final mark. The costs to the appeals system would be astronomical.<\/p>\n","protected":false},"excerpt":{"rendered":"

I’ve been considering how we might allow our users to provide access to selected third parties, to data we hold about them. This includes timetables, module selections, handin deadlines. I’m very wary of anything more sensitive such as grades and feedback, but more about that in a minute. The only URIs impacted is our \/person\/ […]<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ngg_post_thumbnail":0,"footnotes":""},"categories":[136,80],"tags":[380,381,350,379,803363,354,382],"class_list":["post-380","post","type-post","status-publish","format-standard","hentry","category-rdf","category-web-management","tag-380","tag-eportfolios","tag-https","tag-ical","tag-rdf","tag-risk","tag-timetables"],"_links":{"self":[{"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/posts\/380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/comments?post=380"}],"version-history":[{"count":3,"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/posts\/380\/revisions"}],"predecessor-version":[{"id":382,"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/posts\/380\/revisions\/382"}],"wp:attachment":[{"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/media?parent=380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/categories?post=380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.soton.ac.uk\/webteam\/wp-json\/wp\/v2\/tags?post=380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}