Yahoo! Key Scientific Challenges Program

Yahoo! is running their Key Scientific Challenges Program again this year. Their website has lists of ideas for projects that they consider to be major scientific challenges.

Under Security challenges they list this challenge which I found interesting:

Scalable and Integrated access control for users
Users share data with a variety of applications within and outside Yahoo. Each of these applications has their own Terms of Service forcing users to specify separate access control rules for each application. This frustrates users and users feel like they have relinquished all control of where their data ends up. The challenge here is to design an integrated access control language and mechanism that can be used across applications from different organizations. At the very least, this would allow users to identify which information they have disclosed and to whom across different applications. Another challenge is to design a scalable “access control broker” that brokers access to user information to applications that satisfies user defined permissions.

They also have a section for privacy challenges where I found this:

Tracking user locations privately
Mobile phones these days are capable of being tracked with very high resolution. Many applications provide fine grained location services, like finding your friends, nearby attractions, coupons, ads, and even location aware dating. However, there is a huge privacy risk for the individuals who opt-in. Moreover, current access control mechanisms are either opt-in (in which case you usually don’t have too much control of who can access your data and who can’t) or opt-out (in which case you miss out on the location services). Problems in this space are:

  • Can individuals be tracked in such a way that the individual cannot be uniquely identified from the logs?
  • Can an application which tracks an individual share this information with a third party vendor/application, while preserving the individual’s privacy?
  • What is the right access control language for location tracking?