Transforming the web into a HTTPA 'database'

Researchers under Tim Berners-Lee at MIT develop a new HTTP, dubbed HTTPA, a web protocol with accountability.
Written by Rob O'Neill, Contributor

Researchers at MIT's Decentralized Information Group (DIG) are developing a new protocol they call "HTTP with Accountability,” or HTTPA, designed to fight the "inadvertent misuse" of data by people authorized to access it. 

Tim Berners-Lee, Oshani Seneviratne, and Lalana Kaga. Photo: Bryce Vickmark.

Believing the solution to data misuse or leakage may be more transparency rather than increased obscurity, HTTPA will automatically monitor the transmission of private data and allow the data owner to examine how it’s being used.

The traditional response of placing tighter restrictions on access could undermine useful data sharing, the researchers, under Web founder Tim Berners-Lee, say. Instead of adding restrictions, HTTPA will automatically monitor the transmission of private data and allow the data owner to examine how it’s being used.

Oshani Seneviratne, an MIT graduate student in electrical engineering and computer science, and Lalana Kagal, a principal research scientist at CSAIL, will present a paper at the IEEE’s Conference on Privacy, Security and Trust in July giving an overview of HTTPA with sample application such as an experimental health-care records system.

With HTTPA, each item of private data would be assigned its own uniform resource identifier (URI), a component of the Semantic Web that, researchers say, would convert the Web from a collection of searchable text files into a giant database.

Every time the server transmitted a piece of sensitive data, it would also send a description of the restrictions on the data’s use. And it would also log the transaction, using the URI, in a network of encrypted servers.

“It’s not that difficult to transform an existing website into an HTTPA-aware website,” Seneviratne says. “On every HTTP request, the server should say, ‘OK, here are the usage restrictions for this resource,’ and log the transaction in the network of special-purpose servers.”

Data owner can then request an audit, identifying all the people who have accessed the data, and what they’ve done with it.

Audit servers could be maintained by a grassroots network, much like the servers that host BitTorrent files or log Bitcoin transactions.

Editorial standards