6

Are there a standard method(s) for me to give someone else read-only access to my data?

There are several situations where I may want to give a few people read-only access to some data, but I would rather not give those people my secret passwords that allow full authorization to act as me.

  • I want to see pretty stock market graphs, so I want to give this web service enough access to see which stocks/mutual funds/etc. I own, and how much of each one -- but not enough access to buy, sell, etc.
  • I want to allow the person who does my taxes enough access to my bank account(s) to download all of last tax year's transactions -- but not enough access to transfer money. (One person at " Could mint.com be more secure, and if so, how? " claims there is an OAuth-like system "designed by the banking system" for this -- what is the name of that system?)
  • How to use 'key material' so that multiple people can access protected files?
  • I want to allow people I have authorized to do a background check on me to see who my "friends" are on social network sites -- but not enough access to let them add new friends, defriend old friends, change privacy settings on my photos, etc. ( "The Dangers of Asking for Social Network Passwords" ; Job seekers getting asked for Facebook passwords, SNOPA legislation would bar employers from social network passwords, 6 Good Reasons NOT To Ask For Facebook Passwords , etc. )
  • When I start using a new social networking site, it would be nice to know which of my friends (that I know from real life or from other online sites or both) already have an account on that site -- but simply handing over my gmail password seems like the wrong thing to do. What is the system called that allegedly lets Etsy ( How can I find my friends on Etsy? ) look at my email contact list without giving Etsy my gmail password? Is there a way to somehow give only a hashed version of the email addresses, so my friends don't "accidentally" get spammed?
  • New laws may require me to track who I disclose information to ( HIPAA "Is a W-2 form protected health information?"). I can't do that if Alice simply gives Dr. Bob her password to get her information -- from my point of view down in the server basement, I can't tell the difference between Alice typing her own password and Dr. Bob typing Alice's password. What kind of systems(s) allow Alice to tell my server that she's authorized Dr. Bob to see her information, and then allow me to comply with the law and later tell Alice if/when Dr. Bob actually did access her information?

Are there a standard method(s) for me to give someone else read-only access to my data? I'm kind of hoping this is one of the Solved Problems of Cryptography.

Are there standard method(s) for me to set up a system so that Alice can allow (and later revoke) permission for Dr. Bob to look at her information on my system, but prevent Dr. Bob from accidentally or deliberately modifying her data?

(Decades ago, an excellent answer to this question involved "traditional Unix permissions" and "Unix groups". Perhaps also "setuid" or "setgid").

David Cary
  • 2,730
  • 4
  • 20
  • 20

4 Answers4

5

Sure. There are several standard approaches to this problem:

  1. Export. Alice exports her data to a file or document, and then sends Dr. Bob a copy of the data. Now Bob can modify his local copy, but that won't affect Alice's resources.

    Of course, the disadvantage of this approach is that it only provides Dr. Bob with a snapshot of Alice's data. If Alice's data is changing over time, Alice will have to make a new copy every time Dr. Bob wants to see the latest data. However, one advantage is that this is very easy for Alice. It doesn't require any support from the underlying system or any special expertise.

  2. Proxying. Alice wants to give Dr. Bob read-only access to some of her resources, so she sets up a proxy. The code of the proxy has full access to Alice's resources, but Alice writes the proxy code so it will only perform read operators. The proxy exports an API that allows read-only access, and Alice gives Dr. Bob access to the proxy.

    Of course, the problem with this is that Alice has to be a programmer or equivalent to follow this approach. The advantage is that it requires no support from the underlying system.

  3. Support for read-only sharing. You can write the system so that Alice can grant others access to her data. You can further write the system to provide an option to share the data as read-only. For instance, Google Docs lets you share a document with others, and if you choose, you can choose to share it as read-only (so they can read the document but not modify it).

    Of course, this approach requires support from the underlying system. The system has to be built to support this use case. However, this approach is likely to be easy for users to understand.

  4. Attenuated capabilities. Many capability systems provide built-in support for this use case. Alice has a capability that allows her to access her data. The system provides a way so that Alice can generate an attenuated version of her capability: a read-only capability that only refers to the same resource, but only grants read access, not write access. Now Alice can share this capability with others.

    For instance, a web application might give Alice a way to generate a link (URL) to her data, so that anyone she shares the link with gets access to her data, too. (Google Docs also supports this mode of operation.) If the web application is written to support it, the web application can also let Alice generate a URL that grants read-only access but not write access to anyone Alice shares the link with.

    The disadvantage is that this, too, requires support from the underlying system. The system has to be built with read-only sharing in mind.

D.W.
  • 98,860
  • 33
  • 271
  • 588
2

copy/paste the data into a file, encrypt it via password protected zip file and hand over the pass phrase in person or after encrypting the info with gngpgp or the other parties public key ;) but i kid i know thats not what you meant. Although that is read only and secure as long as you hand over the passphrase securely.

OAuth is pretty common and standard. If you look up openid they use it to redirect the user to a 3rd party site and the 3rd party reports if they recognize the user or not. Than you may use the 3rd parties API to get data which is read only.

I seen it done before with an app launching a window to a site which gives the user a 1 time use pin. The pin is used with the account name and than the app would get details require for it to communicate with api usually taking OAuth details which IIRC is simply a token and a secret token.

0

Use Linux, install SSH and assign the necessary permissions to files and directories using chmod. If you're a Windows person then I'm not sure. Perhaps a similar solution is possible.

  • Not down-voting but this answer is more of a FAQ than an attempt to resolve any of the use cases described in the question. – adric May 21 '12 at 17:20
0

OAuth2 would be a nice protocol to use in this case. The consumer (e.g. accountant) will try to access data (some URL you provide) and the service provider (bank) will ask the consumer to provide an authorization token. You will provide the consumer with a token you obtained from the service provider. Upon seeing this, the service provider can then allow the token bearer to access your data. This method requires that your service providers implement the OAuth workflow

On the other hand, it is also possible with an enterprise single sign-on (SSO) solution with some sort of data loss prevention capability. The consumer would login to the machine using his/her SSO credentials and the SSO service in turn logs the consumer in to the service provider using your credentials (hidden from their eyes). Once logged in, the consumer would be prevented from performing any 'harmful' actions (e.g. click on transfer funds) and effectively has 'read-only' access to the service.

KennyC
  • 409
  • 1
  • 3
  • 8