End-to-end privacy control in service outsourcing of human intensive processes: A multi-layered Web service integration approach

Information Systems Frontiers

Volumn 9, Issue 1, 2007, Pages 85-101

  Hung, Patrick C K ^a   Chiu, Dickson K W ^b   Fung, W W ^c   Cheung, William K ^d   Wong, Raymond ^e   Choi, Samuel P M ^f   Kafeza, Eleanna ^g   Kwok, James ^c   Pun, Joshua C C ^c   Cheng, Vivying S Y ^c  

^a UNIVERSITY OF ONTARIO INSTITUTE OF TECHNOLOGY   (Canada)

^b Dickson Computer System   (Hong Kong)

^c HONG KONG UNIVERSITY OF SCIENCE AND TECHNOLOGY   (Hong Kong)

^d HONG KONG BAPTIST UNIVERSITY   (Hong Kong)

^e UNIVERSITY OF NEW SOUTH WALES   (Australia)

^f OPEN UNIVERSITY OF HONG KONG   (Hong Kong)

^g ATHENS UNIVERSITY OF ECONOMICS AND BUSINESS   (Greece)

Author keywords

APPEL; Layered architecture; Need to know principle; P3P; Privacy policies; SLA; Web service integration

Indexed keywords

DATA COMMUNICATION SYSTEMS; DATA PRIVACY; HEALTH CARE; MIDDLEWARE; PROBLEM SOLVING; WEB SERVICES;

HUMAN INTENSIVE PROCESSES; LAYERED ARCHITECTURE; PRIVACY POLICIES;

OUTSOURCING;

EID: 33847709455     PISSN: 13873326     EISSN: None     Source Type: Journal    
DOI: 10.1007/s10796-006-9019-y     Document Type: Article

References (37)

1. Agarwal, S., Sprick, B., & Wortmann, S. (2004). Credential based access control for semantic Web services. In AAAI Spring Symposium-Semantic Web Services (March).
2. AMBer (2003). Network Associates' AMBer Project. Online: http://www.networkassociates.com/us/nailabs/research_projects/ security_infrastructure/amber.asp.
3. Carminati, B., Ferrari, E., & Hung, P. C. K. (2005). Exploring privacy issues in web services discovery agencies. IEEE Security & Privacy Magazine (September/October).
4. Cattaneo, G., Faruolo, P., Petrillo, U. F., & Persiano, G. (2004). Providing privacy for Web services by anonymous group identification. In Proceedings of the IEEE International Conference on Web Services (ICWS) (pp. 166-173, 6-9 July).
5. Cheng, V. S. Y., & Hung, P. C. K. (2005). An integrated privacy framework for HIPAA-compliant web services. International Journal of Health Information Systems and Informatics (IJHIS).
6. Cheung, S. C., Chiu, D. K. W., & Till, S. (2003). A data-driven methodology to extending workflows across organizations over the internet. In Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS), CDROM, 10 pages, Jan.
7. CIBC (2005). CIBC's privacy practices failed in cases of misdirected faxes. In Office of the Privacy Commissioner of Canada, 2005. Online: http://www.privcom.gc.ca/incidents/2005/050418_01_e.asp.
8. Constantinides, E. (2002). From physical marketing to web marketing: the web-marketing mix. Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS), pp. 2628-2638, 7-10 Jan.
9. DAML (2003). DAML-S: Semantic markup for Web services. The DAML Services Coalition, Version 0.9. Online: http://www.daml.org/services/daml-s/0.9/daml-s. html.
10. Davis, J. C. (2000). Protecting privacy in the cyber era. IEEE Technology and Society Magazine, 19(2), 10-22 (Summer).
11. Diamond (2000). Marketing, Diamond.
12. Ferraiolo, D. F., Kuhn, D. R., & Chandramouli, R. (2003). Role-based access control. In Computer Security Series. Norwood, MA: Artech House.
13. Fischer-Hubner, S. (2001). IT-security and privacy. In Lecture Notes on Computer Science 1958.
14. F-OWL (2004). An OWL inference engine in Flora-2. Online: http://www.fowl.sourceforge.net/.
15. Hinde, S. (2002). The perils of privacy (pp. 424-432). IS Audit Editor. New York: Elsevier.
16. Hong, J. I., Ng, J. D., Lederer, S., & Landay, J. A. (2004). Privacy risk models for designing privacy-sensitive ubiquitous computing systems. In Proceedings of the 2004 conference on Designing interactive systems: processes, practices, methods, and techniques (August).
17. Hung, Patrick C. K., Ferrari, E., & Carminati, B. (2004). Towards standardized Web services privacy technologies. In Proceedings of the 2004 IEEE International Conference on Web Services (ICWS), 6-9 July, pp. 174-181.
18. IBM (2003). Web Service Level Agreement (WSLA) Language Specification, Version 1.0.
19. IBM (2005). IBM Tivoli Privacy Manager for e-business. Online: http://www-306.ibm.com/software/tivoli/products/privacy-mgr-e-bus/.
20. IBM, & Microsoft (2002). Security in a web services world: A proposed architecture and roadmap. White Paper, Version 1.0.
21. Lategan, F. A., & Olivier, M. S. (2002). A Chinese wall approach to privacy policies for the Web. In Proceedings of the 26th Annual International Computer Software and Applications Conference (COMPSAC'02).
22. Leino-Kilpi, H., Valimaki, M., Dassen, T., Gasull, M., Lemonidou, C., Scott, A., & Arndt, M. (2001). Privacy: A review of the literature. International Journal of Nursing Studies, 38, 663-671.
23. Lupu, E. C., & Sloman, M. (1999). Conflicts in policy-based distributed systems management. IEEE Transactions on Software Engineering, 25(6), 852-869.
24. National Institute of Standard and Technology (NIST) (2005). Role based access control standards roadmap. 12 May 2005. Online: http://www.csrc.nist.gov/rbac/rbac-stds-roadmap.html.
25. OASIS (2002). Automated Negotiation of Collaboration-Protocol Agreements Specification. ebXML Collaboration Protocol Profile and Agreement Technical Committee, Version 0.04, 2002, Online: http://www.oasis-open.org/ committees/ebxml-cppa/negotiation.
26. OASIS (2003). extensible Access Control Markup Language (XACML). Online: http://www.oasis-open.org/cornrnittees/tc_home,php? wg_abbrev=xacml.
27. Power, E. M., & Trope, R. L. (2005). Averting security missteps in outsourcing, IEEE Security & Privacy Magazine, 5(2), 70-73 (March-April).
28. Ratnasingam, P. (2002). The importance of technology trust in web services security. Information Management & Computer Security, 10(5), 255-260.
29. Sahai, A., Durante, A., & Machiraju, V. (2002). Towards automated SLA management for web service. In HP Technical Report.
30. Schoeman, E. D. (1984). Philosophical dimensions of privacy: An anthology. New York, NY: Cambridge University Press.
31. Senicar, V., Jerman-Blazic, B., & Klobucar, T. (2003), Privacyenhancing technologies-Approaches and development. Computer Standards & Interfaces, 25, 147-158.
32. Stoica, A., & Farkas, C. (2004), Ontology guided Security Engine. Journal of Intelligent Information Systems, 23(2), 209-223 (Special issue).
33. W3C (2002). Web services architecture requirements. World Wide Web Consortium (W3C) Working Draft, 14 November 2002. Online: http://www.w3.org/TR/2002/WD-wsa-reqs-20021114.
34. W3C (2003). OWL Web Ontology Language. Web-Ontology (WebOnt) Working Group, World Wide Web Consortium (W3C), 2003. Online: http://www.w3.org/2001/sw/WebOnt.
35. W3C (2005). The platform for privacy preferences 1.1 (P3P1.1) specification. In World Wide Web Consortium (W3C) Recommendation, 1 July.
36. Yee, G., & Korba, L. (2004). Privacy policy compliance for Web services. In Proceedings of the IEEE International Conference on Weh Services (ICWS),6-9 July, pp. 158-165.
37. Zhang, L.-J., Li, H., & Lam, H. (2004). Services computing: Grid applications for today. IT Professional, 6(4), 5-7 (July-Aug).