Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Secure Public Data Repository?

Posted by michael on from the inviting-target dept.

jducoeur writes "So Hailstorm has died an unlamented death. But the demand for the idea of an information repository isn't going to go away -- users demand convenience, and this would be convenient. So here's a timely question looking for wild speculation: how would a truly secure, public data repository work? How would your data be stored? Would it be centralized or distributed? How would you grant access to specific elements within it? What would the business case for running such an archive be? Maybe if we can come up with a good design now, we can head off the next inevitable bad one..."

11 of 175 comments (clear)

  1. Ocean Store by nweaver · · Score: 5, Informative

    The Oceanstore project at Berkeley is aiming to do just that: create a distributed storage model to provide a global, distributed, persistant storage resource.

    --
    Test your net with Netalyzr
  2. Let me ask one question... by kjz · · Score: 4, Insightful

    Why does the repository need to be public? In an era of very powerful client machines, why must we have a centralized database to make this work? Systems like Napster and Gnutella have already demonstrated the ability of end-user machines to distribute data effectively (though not always efficiently.)

    I belive the safest route would be to avoid the publicly accessible, centralized data store and focus on what has worked so well for the Internet in the past: standard communications protocols. By leaving the data on individual systems, we minimize the risk of exposing vast quantities of personal information as an attacker would need to go after millions of machines in turn. It's possible, but it wouldn't be easy.

    1. Re:Let me ask one question... by crimoid · · Score: 4, Insightful

      Once mobile phones, computer, watches, toasters and everything else under the sun becomes net enabled the "powerful client" gets thrown out the window. The need then becomes one of availability. Needing to keep many of these gadgets "in sync" with one another (and your personal information) becomes hard. The easiest solution is one form of central repository, hence the "need".

      Now one might argue that in the future (present?) broadband will be able to allow everyone to "serve" their own information from their home PC (aka.. home server) but the infrastructure to do this in some sort of secure, standardized, highly-available way is more than "wouldn't be easy".

      For 99% of the population I'd imagine that their personal info would be safer in the hands of trusted professionals rather than residing on grandma's 486. The question will eventually come down to which professional do you trust the most.

  3. Google archive by !splut · · Score: 4, Funny

    We already have a public data repository. Just encrypt all your important documents, post them to various usenet groups, and let Google permanently archive them.

    --
    The angel in the oatmeal.
  4. Why Public... by Peridriga · · Score: 4, Interesting

    We already have systems such as SourceForge to handle programs and other CVS systems exist...

    My data... public?

    I don't think so... I'll buy another 100gig drive before sending it off over the net to a public storage facility..

    If I wanted secure off-site storage, I would turn to Sea Land

    20 Miles from anywhere and it doesn't respect any court of law in the world... So thats what I call secure (Even from the DMCA).

  5. Public Repositories by Moonshadow · · Score: 4, Insightful
    Well, there's some newfangled thing like that today. It's called the "Internet" or something like that. Supposedly, anyone can put anything they want on there! Imagine that!

    Seriously, though, the Net is a public data repository. Each node is as secure as its sysadmins, and information can be public or private. It's publically accessable, and you can protect whatever you want to protect from the public.

    Best of all, it's a network, not a centralized, attackable, censorable entity.

    Wheel, re-invent, why?

  6. XNS by OneName by kindbud · · Score: 4, Informative
    Here's a model that is implemented and attempting to gain adopters. It supports:
    • User authentication and authorization across multiple trust domains
    • Automated exchange, management, and auditing of consumer information, based on permissions and in compliance with government regulations
    • Automated customer registration and updating
    • Automated management of public key infrastructure security solutions
    • Synchronization of permissions, entitlements, and other context-based user information
    They were fairly actively seeking clients during the Bubble Years, but understandably things are not rolling along so well these days. Anyone care to comment on what is available at their site? It seems to implement everything people say they want in a single-signon solution. That's probably why it hasn't been widely adopted, too much control is given to the owner of the information (that'd be YOU). :)
    --
    Edith Keeler Must Die
  7. Why don't you ask the users? by Wonko42 · · Score: 5, Insightful
    Who demands convenience? I don't demand convenience. I *prefer* not having all my eggs in one basket. I like being able to choose which companies get to know which details about me. If I have a hard time keeping track of all my different passwords or user accounts, I'll write my passwords down and store them in a text file that's PGP-encrypted with a 4096-bit key and a passphrase that I know I'll never forget.

    I don't want to have to trust some company to store all my information for me. I also don't want to trust some open source project with that information. In fact, I *especially* don't want to trust an open source project with it. The only person I trust with my personal information is me.

  8. Slashdot Poll Suggestion by Radical+Rad · · Score: 5, Funny

    I demand a centralized repository of my personal information because:

    __ I want every aspect of my personal life to be analyzed.

    __ I believe that all security exploits have already been discovered.

    __ My business is not my own. I submit to my corporate overlords.

    __ It's the only way to prevent another September 11th.

    __ Letting Mozilla's form manager fill in on-line forms is too hard.

    __ I want to be resurrected as a robot after my death based on all my personal info and preferences.

    __ Fashion their record needles into bones for CowbotRAD.

    Vote [ Results | Polls ]
    Comments:0 | Votes:1

  9. How I'd do this system! [registrars, trust models] by vkg · · Score: 4, Interesting
    Firstly, all standards must be open and unencumbered.

    Secondly, XML is the right way to do this for political not technical reasons. But still use XML.

    Thirdly, and very importantly, all information held in the system is (C) the user, licensed under strict contract to the Information Repository to use. This is a protection against somebody buying the system if it becomes successful and changing the terms of service.

    Fourthly, information has to be protected in three important ways:
    • Every piece of information about you has to be accessable without linking it to any other piece of information about you (i.e. no Unique ID) - more on the technical aspects of this later.
    • Every site/organization which wants access to your information must agree not to use it in conjunction with other public information to compile a profile of you.
    • You must be able to revoke any and all information at any point.


    Fifth, no unusual public key cryptography should be used in the system. SSH/SSL yes, PGP/GPG no - this is to protect from the government's ire. Symmetric key ciphers for protecting your own information (i.e. passwords) seem OK to me.

    Sixth, two different sites/organizations, both accessing the same data about you, should not be able to tell from that request that they are accessing information about the same person: i.e. if A asks for your DOB, and B asks for it, they should not both be accessing UID234234.DOB. One scheme for this is that "permissions" are given to different organizations, of the form:

    HASH (organization_pass_word + your_pass_word + your_unique_ID + index_of_data_you_wish_to_reveal + data_store_added_noise)

    This protects your identity and prevents cross-correlation of different databases.

    Seventh, the standard should work like email: standard infrastructure can provide a server, anybody can operate one, and you have control of your use of these systems. No single operator.

    Eighth, and most importantly, none of this is worth shit without a constitutionally guaranteed right to privacy. Without that, any scheme can be forced over time into revealing more about users than they wish to reveal, either by legal, economic, social or political means.

    Strong cryptography is nothing without strong laws, and strong laws are something without any cryptography at all. Support GeekPAC! (the Geek Political Action Committee

    vkg.
    --
    Hexayurt - open source refugee shelter,
  10. I dont like this news post by Edmund+Blackadder · · Score: 4, Insightful

    I hate it when questionable statements are presented as undisputed facts:

    "But the demand for the idea of an information repository isn't going to go away -- users demand convenience, and this would be convenient."

    I cant see anybody other than advertising agencies or aspiring dictators demanding a central information repository.

    And yet the news story suggests that consumers are demanding it. I really really doubt that. Any customer convinience can be achieved if the customer data is stored at his/her computer and is completely under his/her control.

    This may be an interesting issue but is worded in a way that loads the question. Slashdot editors should be more careful.