|Abstract or Summary
- This project explores a security framework, called the Persona Concept, aimed at giving the user greater control over their private data in cyberspace, in particular, their electronic credentials. The background for the Persona Concept, along with the requirements identified can be found in three (3) technical publications produced by Kal Toth and myself in 2003 (see list of references ,  and ).
The Persona Concept uses a Persona Server as the secure storehouse for persona data such as credit card and bank account identifiers as well electronic credentials such as X.509 certificates. The data is secured using public key encryption. The server component interacts with the user via a Persona Client which obtains X-509 Certificates on behalf of the user from a Certification Authority (CA) service. Interaction among the various components (Persona Server, Persona Client and Certification Authority) is enabled by the use of Web Services.
This project focused on managing the user data across these components including the creation, secure storage and retrieval of Persona data to and from the Persona Server using Simple Object Application Protocol (SOAP) and under the control of public key encryption schemes. SOAP is an open XML-based application-level Internet protocol for implementing distributed access to object-oriented services deployed on the Web. SOAP is designed to allow applications running on a range of platforms to access remote objects and applications on servers across a TCP/IP network. In addition to this, the project built upon the work by Ike Chen (OSU M.S. graduate project in 2004)  by enabling X-509 Certificate file transfer between the client and Certification Authority using SOAP (improvements were made to the mechanisms for transferring files, particularly in support of X.509 certificates). A Java-based prototype client called the Persona Client (PC) was created and used in conjunction with a small local password-based security scheme to protect the private key data on the user device.
My project first implemented the upgrade to the Certification Authority services and detailed the various policies surrounding storage of data. I then implemented the Persona Client which enabled me to test the persona services in place. I then implemented the encryption schemes and the server components enabling the secure storage and transfer of Persona Data. Components to create, edit and delete data were packaged and published as services to be used by the Persona Client.
Future extensions of this project could include exploring custom credential generation based on Security Assertion Markup Language (SAML) and Extensible Access Control Markup Language (XACML) which together can be used to specify XML-based credentials and access control policies for an enterprise. Other extensions include the implementation of discretionary and mandatory security policies using XACML to allow users to conduct transactions across various domains.