Machine-Readable Privacy Certificates for Services

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.Comment: 20 pages, 6 figure

The relative clinical effectiveness and cost-effectiveness of three contrasting approaches to partner notification for curable sexually transmitted infections: a cluster randomised trial in primary care

Since 1998 there has been a substantial increase in reported cases of sexually transmitted infection (STI), most strikingly in the 16–24 years age group.1 Across genitourinary medicine (GUM) clinics in the UK in 2007, young people accounted for 65% of chlamydia cases, 50% of cases of genital warts and 50% of gonorrhoea infections.1 Chlamydia is the most common STI in under-25s. Since 1998, the rate of diagnosed chlamydia has more than doubled in the 16–24 years age group (from 447 per 100,000 in 1998 to 1102 per 100,000 in 2007). This may be because of a combination of a higher proportion of young people testing, improved diagnostic methods and increased risk behaviour.1 Chlamydia infection can frequently go undetected, particularly in women, as it is often asymptomatic.1 If left untreated, chlamydia can lead to pelvic inflammatory disease and infertility in women. This highlights the importance of testing this higher-risk age group to ensure prompt diagnosis and treatment. It is estimated that 11–12% of 16- to 19-year-olds presenting at a GUM clinic with an acute STI will become reinfected within a year.2 In order to minimise reinfection, preventative measures are required, including effective methods of notifying partners to ensure rapid diagnosis and treatment and reduce the likelihood of index patients being reinfected from the same source

Preliminary Results Towards Contract Monitorability

This paper discusses preliminary investigations on the monitorability of contracts for web service descriptions. There are settings where servers do not guarantee statically whether they satisfy some specified contract, which forces the client (i.e., the entity interacting with the server) to perform dynamic checks. This scenario may be viewed as an instance of Runtime Verification, where a pertinent question is whether contracts can be monitored for adequately at runtime, otherwise stated as the monitorability of contracts. We consider a simple language of finitary contracts describing both clients and servers, and develop a formal framework that describes server contract monitoring. We define monitor properties that potentially contribute towards a comprehensive notion of contract monitorability and show that our simple contract language satisfies these properties.Comment: In Proceedings PrePost 2016, arXiv:1605.0809

Towards run-time monitoring of web services conformance to business-level agreements

Web service behaviour is currently specified in a mixture of ways, often using methods that are only partially complete. These range from static functional specifications, based on interfaces in WSDL and preconditions in RIF, to business process simulations using executable process-based models such as BPEL, to detailed quality of service (QoS) agreements laid down in a service level agreement (SLA). This paper recognises that something similar to a SLA is required at the higher business level to govern the contract between service producers, brokers and consumers. We call this a business level agreement (BLA) and within this framework, seek to unify disparate aspects of functional specification, QoS and run-time verification. We propose that the method for validating a web service with respect to its advertised BLA should be based on run-time service monitoring. This is a position paper towards defining these goals

BOF4WSS : a business-oriented framework for enhancing web services security for e-business

When considering Web services' (WS) use for online business-to-business (B2B) collaboration between companies, security is a complicated and very topical issue. This is especially true with regard to reaching a level of security beyond the technological layer, that is supported and trusted by all businesses involved. With appreciation of this fact, our research draws from established development methodologies to develop a new, business-oriented framework (BOF4WSS) to guide e-businesses in defining, and achieving agreed security levels across these collaborating enterprises. The approach envisioned is such that it can be used by businesses-in a joint manner-to manage the comprehensive concern that security in the WS environment has become

Empowering customer engagement by informative billing: a European approach

Programmes aimed at improving end-use energy efficiency are a keystone in the market strategies of leading distribution system operators (DSOs) and energy retail companies and are increasing in application, soon expected to become a mainstream practice. Informative services based on electricity meter data collected for billing are powerful tools for energy savings in scale and increase customer engagement with the energy suppliers enabling the deployment of demand response programmes helping to optimise distribution grid operation. These services are completely in line with Europe’s 2020 strategy for overall energy performance improvement (cf. directives 2006/32/EC, 2009/72/EC, 2012/27/EU). The Intelligent Energy Europe project EMPOWERING involves 4 European utilities and an international team of university researchers, social scientists and energy experts for developing and providing insight based services and tools for 344.000 residential customers in Austria, France, Italy and Spain. The project adopts a systematic iterative approach of service development based on envisaging the utilities’, customers’ and legal requirements, and incorporates the feedback from testing in the design process. The technological solution provided by the leading partner CIMNE is scalable open source Big Data Analytics System coupled with the DSO’s information systems and delivering a range of value adding services for the customer, such as: - comparison with similar households - indications of performance improvements over time - consumption-weather dependence - detailed consumption visualisation and breakdown - personalised energy saving tips - alerts (high consumption, high bill, extreme temperature, etc.) The paper presents the development approach, describes the ICT system architecture and analyses the legal and regulatory context for providing this kind of services in the European Community. The limitations for third party data access, customer consent and data privacy are discussed, and how these have been overcome with the implementation of the “privacy by design” principle is explained

The space physics environment data analysis system (SPEDAS)

With the advent of the Heliophysics/Geospace System Observatory (H/GSO), a complement of multi-spacecraft missions and ground-based observatories to study the space environment, data retrieval, analysis, and visualization of space physics data can be daunting. The Space Physics Environment Data Analysis System (SPEDAS), a grass-roots software development platform (www.spedas.org), is now officially supported by NASA Heliophysics as part of its data environment infrastructure. It serves more than a dozen space missions and ground observatories and can integrate the full complement of past and upcoming space physics missions with minimal resources, following clear, simple, and well-proven guidelines. Free, modular and configurable to the needs of individual missions, it works in both command-line (ideal for experienced users) and Graphical User Interface (GUI) mode (reducing the learning curve for first-time users). Both options have “crib-sheets,” user-command sequences in ASCII format that can facilitate record-and-repeat actions, especially for complex operations and plotting. Crib-sheets enhance scientific interactions, as users can move rapidly and accurately from exchanges of technical information on data processing to efficient discussions regarding data interpretation and science. SPEDAS can readily query and ingest all International Solar Terrestrial Physics (ISTP)-compatible products from the Space Physics Data Facility (SPDF), enabling access to a vast collection of historic and current mission data. The planned incorporation of Heliophysics Application Programmer’s Interface (HAPI) standards will facilitate data ingestion from distributed datasets that adhere to these standards. Although SPEDAS is currently Interactive Data Language (IDL)-based (and interfaces to Java-based tools such as Autoplot), efforts are under-way to expand it further to work with python (first as an interface tool and potentially even receiving an under-the-hood replacement). We review the SPEDAS development history, goals, and current implementation. We explain its “modes of use” with examples geared for users and outline its technical implementation and requirements with software developers in mind. We also describe SPEDAS personnel and software management, interfaces with other organizations, resources and support structure available to the community, and future development plans.Published versio