12,108 research outputs found
Machine-Readable Privacy Certificates for Services
Privacy-aware processing of personal data on the web of services requires
managing a number of issues arising both from the technical and the legal
domain. Several approaches have been proposed to matching privacy requirements
(on the clients side) and privacy guarantees (on the service provider side).
Still, the assurance of effective data protection (when possible) relies on
substantial human effort and exposes organizations to significant
(non-)compliance risks. In this paper we put forward the idea that a privacy
certification scheme producing and managing machine-readable artifacts in the
form of privacy certificates can play an important role towards the solution of
this problem. Digital privacy certificates represent the reasons why a privacy
property holds for a service and describe the privacy measures supporting it.
Also, privacy certificates can be used to automatically select services whose
certificates match the client policies (privacy requirements).
Our proposal relies on an evolution of the conceptual model developed in the
Assert4Soa project and on a certificate format specifically tailored to
represent privacy properties. To validate our approach, we present a worked-out
instance showing how privacy property Retention-based unlinkability can be
certified for a banking financial service.Comment: 20 pages, 6 figure
Security policy refinement using data integration: a position paper.
In spite of the wide adoption of policy-based approaches for security management, and many existing treatments of policy verification and analysis, relatively little attention has been paid to policy refinement: the problem of deriving lower-level, runnable policies from higher-level policies, policy goals, and specifications. In this paper we present our initial ideas on this task, using and adapting concepts from data integration. We take a view of policies as governing the performance of an action on a target by a subject, possibly with certain conditions. Transformation rules are applied to these components of a policy in a structured way, in order to translate the policy into more refined terms; the transformation rules we use are similar to those of global-as-view database schema mappings, or to extensions thereof. We illustrate our ideas with an example. Copyright 2009 ACM
- …