Conceptual Modeling of Privacy-Aware Web Service Protocols

Proceedings of the fourth international workshop on Web information and data management - WIDM '02, 2002

Web services are increasingly being adopted as a viable means to access Web-based applications. This has been enabled by the tremendous standardization effort to describe, advertise, discover, and invoke Web services. Digital government (DG) is a major application domain for Web services. It aims at improving government-citizen interactions using information and communication technologies. Government agencies collect, store, process, and share information about millions of citizens who have different preferences regarding their privacy. This naturally raises a number of legal and technical issues that must be addressed to preserve citizens' privacy through the control of the information flow amongst different entities (users, Web services, DBMSs). Solutions addressing this issue are still in their infancy. They consist, essentially, of enforcing privacy by law or by self-regulation. In this paper, we propose a new technical approach for preserving privacy in government Web services. Our design is based on digital privacy credentials, data filters and mobile privacy preserving agents. This work aims at establishing the feasibility and provable reliability of technology-based privacy preserving solutions for Web service infrastructures.

Security & Privacy, IEEE, 2005

International Journal of Innovative Research in Computer and Communication Engineering, 2015

Web service composition is a web technology which is use for combining the information from multiple sources into single application. With the help of this web service we can collected the large amount of data. Web Service is a technique provides a special type of composition application that aims at integrating data from multiple data provider depending on user request. DaaS depend on the specified useful data can be supplied according to the user demand. The main use of DaaS is eliminating redundancy and reduces associated expenditures. It modifies the data via single update point for multiple users. This paper proposes a formal privacy model in order to extend DaaS description with privacy capabilities. DaaS composition approach allowing verifying the compatibilities between privacy requirements and policies in DaaS composition.

Journal of Software Engineering and Applications, 2012

Service-Oriented Architecture (SOA) is a computer systems design concept which aims to achieve reusability and integration in a distributed environment through the use of autonomous, loosely coupled, interoperable abstractions known as services. In order to interoperate, communication between services is very important due to their autonomous nature. This communication provides services with their functional strengths, but also creates the opportunity for the loss of privacy. In this paper, a Privacy Protection Framework for Service-Oriented Architecture (PPFSOA) is described. In this framework, a Privacy Service (PS) is used in combination with privacy policies to create privacy contracts that outline what can and cannot be done with a consumer's personally identifiable information (PII). The privacy policy consists of one-to-many privacy rules, with each rule created from a set of six privacy elements: collector, what, purpose, retention, recipient and trust. The PS acts as an intermediary between the service consumer and service provider, to establish an unbiased contract before the two parties begin sending PII. It is shown how many Privacy Services work together to form the privacy protection framework. An examination of what current approaches to protecting privacy in an SOA environment is also presented. Finally, the operations the PS must perform in order to fulfill its tasks are outlined.

2007 16th IST Mobile and Wireless Communications Summit, 2007

The potential impact of contemporary Information and Communication Technologies on users' privacy rights is regarded as being among their most evident negative effects. In fact, the recent advances in mobile communications, location and sensing technologies as well as data processing, are boosting the deployment of context-aware personalized services and the creation of smart environments, but at the same time, they pose a serious risk on individuals' privacy rights. In order to address this issue, this paper provides a framework for settling the services privacy friendly. The presented approach focuses on specifying a methodology for adapting services to operate on top of a middleware system that incorporates and thus, enforces the privacy regulations, preventing to a great extent the disclosure of personal data to the service providers even if personal data is collected and services are used through pervasive, ubiquitous and wireless devices.

International Conference on Pervasive Services, 2007

Privacy mechanisms exist for monolithic systems. However, pervasive environments that gather user data to support advanced services provide little control over the data an individual releases. This is a strong inhibitor for the development of pervasive systems, since most users do not accept that their personal information is sent out to the wild, and potentially passed over to third party systems. We therefore propose a framework to support user control over the data made available to service providers in the context of an OSGi based Extensible Service Systems. A formal privacy model is defined and service and policy descriptions are deduced. Technical system requirements to support these policies are identified. Since guaranteeing privacy inside the system is of little help if any malicious entity can break into it, a security architecture for OSGi based Extensible Service Systems is also defined.

2015

Web service composition is a web technology which is use for combining the information from multiple sources into single application. This technique provides a special type of composition application that aims at integrating data from multiple data provider depending on user request. DaaS depend on the specified useful data can be supplied according to the user demand. The main use of DaaS is eliminating redundancy and reduces associated expenditures. It modifies the data via single update point for multiple users. This paper proposes a formal privacy model in order to extend DaaS description with privacy capabilities. DaaS composition approach allowing to verify the compatibilities between privacy requirements and policies in DaaS composition.

Today, Web service descriptions do not only include service interface as in conventional middleware, but also the business protocoli.e., the specification of which message exchange sequences (also called conversation) are supported by a service. In order to facilitate service development and (automated) analysis a formal model is needed. A few approaches have been proposed (e.g., [6]). Most of the approaches mainly support functional constraints. In many settings, application developers need to be aware of all functional as well as non-functional aspects. In this paper, we propose an extension of business protocols to take into account privacy and its time-related properties while personal data are conveyed during the message exchange.

2011

Privacy can be defined as the right of an individual to have information about them accessed and used in conformity with what they consider acceptable. Privacy preservation in Service-Oriented Architecture (SOA) is an open problem. A solution for this problem must include features that support privacy preservation in each area of SOA. This thesis focuses on the areas of service description and discovery. The problems in these areas are that currently it is not possible to describe how a service provider deals with information received from a service consumer as well as discover a service that satisfies the privacy preferences of a consumer.

International Conference on Digital Information Management, 2010

Privacy protection in Service-Oriented Architecture (SOA) is an open problem. As privacy protection can be considered as a contractual issue, the solution for the problem of privacy protection in SOA requires the use of electronic contracts. This is important, as the service consumer's confidence of the protection of their privacy is a factor for the success of electronic services (e-services). This confidence may increase if the service consumer and provider can establish a contract, which states how the provider deals with information collected from the consumer. The service consumer can sign the contract if the privacy protection practices described in it meet what the consumer defines as appropriate practices. The goal of this paper is to use contract and ontology for privacy protection in SOA. Privacy contracts follow an approach based on feature modeling. In addition, they use a base ontology that provides a common privacy vocabulary.