P3P semantic checker of site behaviours

The interactive use of the web between users and service providers introduces a privacy problem that involves the undesired disclosing of user personal information, mainly with the presence of personalization that needs this type of information. Also there are many manners to face it, but the Platform for Privacy Preferences (P3P) is one that provides a variable level of privacy for the user’s browsing. However, the P3P only introduces a privacy contract between the site and the user, without guarantees that it will be obeyed by the site. Then a semantic checker can be added to the P3P architecture to compare the contract with the site attitude and to increase the trustworthiness on the P3P contract. Some experiments are accomplished and the results are displayed to show the present situation of the privacy policies of the sites, and we discuss what it implies in the data gathering and what is gained with the use of the semantic checker.5th IFIP International Conference on Network Control & Engineering for QoS, Security and MobilityRed de Universidades con Carreras en Informática (RedUNCI

Using P3P in a web services-based context-aware application platform

This paper describes a proposal for a privacy control architecture to be applied in the WASP project. The WASP project aims to develop a context-aware service platform on top of 3G networks, using web services technology. The proposed privacy control architecture is based on the P3P privacy policy description standard defined by W3C. The paper identifies extensions to P3P and its associated preference expression language APPEL that are needed to operate in a context-aware environment

Privacy in an Ambient World

Privacy is a prime concern in today's information society. To protect\ud the privacy of individuals, enterprises must follow certain privacy practices, while\ud collecting or processing personal data. In this chapter we look at the setting where an\ud enterprise collects private data on its website, processes it inside the enterprise and\ud shares it with partner enterprises. In particular, we analyse three different privacy\ud systems that can be used in the different stages of this lifecycle. One of them is the\ud Audit Logic, recently introduced, which can be used to keep data private when it\ud travels across enterprise boundaries. We conclude with an analysis of the features\ud and shortcomings of these systems

Implementing Privacy Negotiations in E-Commerce

This paper examines how service providers may resolve the trade-off between their personalization efforts and users' individual privacy concerns. Finding that neither an optimized one-size-fits-all strategy, nor a market-driven specialization of providers or choices between different usage scenarios can solve the problem, we analyze how negotiation techniques can lead to efficient contracts and how they can be integrated into current technologies. The analysis includes the identification of relevant and negotiable privacy dimensions for different usage domains. Negotiations in multi-channel retailing are examined as a detailed example. Based on a formalization of the user's privacy revelation problem, we model the negotiation process as a Bayesian game where the service provider faces different types of users. Finally an extension to P3P is proposed that allows a simple expression and implementation of negotiation processes. Support for this extension has been integrated in the Mozilla browser.

P3P semantic checker of site behaviours

The interactive use of the web between users and service providers introduces a privacy problem that involves the undesired disclosing of user personal information, mainly with the presence of personalization that needs this type of information. Also there are many manners to face it, but the Platform for Privacy Preferences (P3P) is one that provides a variable level of privacy for the user’s browsing. However, the P3P only introduces a privacy contract between the site and the user, without guarantees that it will be obeyed by the site. Then a semantic checker can be added to the P3P architecture to compare the contract with the site attitude and to increase the trustworthiness on the P3P contract. Some experiments are accomplished and the results are displayed to show the present situation of the privacy policies of the sites, and we discuss what it implies in the data gathering and what is gained with the use of the semantic checker.5th IFIP International Conference on Network Control & Engineering for QoS, Security and MobilityRed de Universidades con Carreras en Informática (RedUNCI

Obligations of trust for privacy and confidentiality in distributed transactions

Purpose – This paper aims to describe a bilateral symmetric approach to authorization, privacy protection and obligation enforcement in distributed transactions. The authors introduce the concept of the obligation of trust (OoT) protocol as a privacy assurance and authorization mechanism that is built upon the XACML standard. The OoT allows two communicating parties to dynamically exchange their privacy and authorization requirements and capabilities, which the authors term a notification of obligation (NoB), as well as their commitments to fulfilling each other's requirements, which the authors term signed acceptance of obligations (SAO). The authors seek to describe some applicability of these concepts and to show how they can be integrated into distributed authorization systems for stricter privacy and confidentiality control. Design/methodology/approach – Existing access control and privacy protection systems are typically unilateral and provider-centric, in that the enterprise service provider assigns the access rights, makes the access control decisions, and determines the privacy policy. There is no negotiation between the client and the service provider about which access control or privacy policy to use. The authors adopt a symmetric, more user-centric approach to privacy protection and authorization, which treats the client and service provider as peers, in which both can stipulate their requirements and capabilities, and hence negotiate terms which are equally acceptable to both parties. Findings – The authors demonstrate how the obligation of trust protocol can be used in a number of different scenarios to improve upon the mechanisms that are currently available today. Practical implications – This approach will serve to increase trust in distributed transactions since each communicating party receives a difficult to repudiate digitally signed acceptance of obligations, in a standard language (XACML), which can be automatically enforced by their respective computing machinery. Originality/value – The paper adds to current research in trust negotiation, privacy protection and authorization by combining all three together into one set of standardized protocols. Furthermore, by providing hard to repudiate signed acceptance of obligations messages, this strengthens the legal case of the injured party should a dispute arise

Ubiquitous Social Networks: Opportunities and Challenges for Privacy-Aware User Modelling

Privacy has been recognized as an important topic in the Internet for a long time, and technological developments in the area of privacy tools are ongoing. However, their focus was mainly on the individual. With the proliferation of social network sites, it has become more evident that the problem of privacy is not bounded by the perimeters of individuals but also by the privacy needs of their social networks. The objective of this paper is to contribute to the discussion about privacy in social network sites, a topic which we consider to be severely under-researched. We propose a framework for analyzing privacy requirements and for analyzing privacy-related data. We outline a combination of requirements analysis, conflict-resolution techniques, and a P3P extension that can contribute to privacy within such sites.World Wide Web, privacy, social network analysis, requirements analysis, privacy negotiation, ubiquity, P3P