Transforming the web into a HTTPA 'database'

Summary:Researchers under Tim Berners-Lee at MIT develop a new HTTP, dubbed HTTPA, a web protocol with accountability.

Researchers at MIT's Decentralized Information Group (DIG) are developing a new protocol they call "HTTP with Accountability,” or HTTPA, designed to fight the "inadvertent misuse" of data by people authorized to access it. 

oshani-seneviratne
Tim Berners-Lee, Oshani Seneviratne, and Lalana Kaga. Photo: Bryce Vickmark.

Believing the solution to data misuse or leakage may be more transparency rather than increased obscurity, HTTPA will automatically monitor the transmission of private data and allow the data owner to examine how it’s being used.

The traditional response of placing tighter restrictions on access could undermine useful data sharing, the researchers, under Web founder Tim Berners-Lee, say. Instead of adding restrictions, HTTPA will automatically monitor the transmission of private data and allow the data owner to examine how it’s being used.

Oshani Seneviratne, an MIT graduate student in electrical engineering and computer science, and Lalana Kagal, a principal research scientist at CSAIL, will present a paper at the IEEE’s Conference on Privacy, Security and Trust in July giving an overview of HTTPA with sample application such as an experimental health-care records system.

With HTTPA, each item of private data would be assigned its own uniform resource identifier (URI), a component of the Semantic Web that, researchers say, would convert the Web from a collection of searchable text files into a giant database.

Every time the server transmitted a piece of sensitive data, it would also send a description of the restrictions on the data’s use. And it would also log the transaction, using the URI, in a network of encrypted servers.

“It’s not that difficult to transform an existing website into an HTTPA-aware website,” Seneviratne says. “On every HTTP request, the server should say, ‘OK, here are the usage restrictions for this resource,’ and log the transaction in the network of special-purpose servers.”

Data owner can then request an audit, identifying all the people who have accessed the data, and what they’ve done with it.

Audit servers could be maintained by a grassroots network, much like the servers that host BitTorrent files or log Bitcoin transactions.

Topics: E-Commerce, Data Management, Security, Web development

About

Rob O'Neill is a writer for CBS Interactive based in Auckland, New Zealand covering business and enterprise technology for ZDNet. He has previously worked for IDG, The Sydney Morning Herald and Melbourne's The Age as well as various business titles, most recently editing the Business Sunday section of New Zealand's weekly national news... Full Bio

Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.