/>
X

Transforming the web into a HTTPA 'database'

Researchers under Tim Berners-Lee at MIT develop a new HTTP, dubbed HTTPA, a web protocol with accountability.
rob-oneill-thumb.jpg
Written by Rob O'Neill on

Researchers at MIT's Decentralized Information Group (DIG) are developing a new protocol they call "HTTP with Accountability,” or HTTPA, designed to fight the "inadvertent misuse" of data by people authorized to access it. 

oshani-seneviratne
Tim Berners-Lee, Oshani Seneviratne, and Lalana Kaga. Photo: Bryce Vickmark.

Believing the solution to data misuse or leakage may be more transparency rather than increased obscurity, HTTPA will automatically monitor the transmission of private data and allow the data owner to examine how it’s being used.

The traditional response of placing tighter restrictions on access could undermine useful data sharing, the researchers, under Web founder Tim Berners-Lee, say. Instead of adding restrictions, HTTPA will automatically monitor the transmission of private data and allow the data owner to examine how it’s being used.

Oshani Seneviratne, an MIT graduate student in electrical engineering and computer science, and Lalana Kagal, a principal research scientist at CSAIL, will present a paper at the IEEE’s Conference on Privacy, Security and Trust in July giving an overview of HTTPA with sample application such as an experimental health-care records system.

With HTTPA, each item of private data would be assigned its own uniform resource identifier (URI), a component of the Semantic Web that, researchers say, would convert the Web from a collection of searchable text files into a giant database.

Every time the server transmitted a piece of sensitive data, it would also send a description of the restrictions on the data’s use. And it would also log the transaction, using the URI, in a network of encrypted servers.

“It’s not that difficult to transform an existing website into an HTTPA-aware website,” Seneviratne says. “On every HTTP request, the server should say, ‘OK, here are the usage restrictions for this resource,’ and log the transaction in the network of special-purpose servers.”

Data owner can then request an audit, identifying all the people who have accessed the data, and what they’ve done with it.

Audit servers could be maintained by a grassroots network, much like the servers that host BitTorrent files or log Bitcoin transactions.

Related

He flew American Airlines, she flew United. For both, the unthinkable happened
screen-shot-2022-06-30-at-10-14-36-am.png

He flew American Airlines, she flew United. For both, the unthinkable happened

Business
Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web
close-up-of-a-womans-hands-typing-on-a-keyboard-in-the-dark.jpg

Giant data breach? Leaked personal data of one billion people has been spotted for sale on the dark web

Security
Southwest Airlines has cancelled 20,000 flights. Now for the really bad news
screen-shot-2021-07-07-at-4-01-12-pm.png

Southwest Airlines has cancelled 20,000 flights. Now for the really bad news

Business