Estimating the privacy protection capability of a web service provider

International Journal of Web Services Research

Volumn 6, Issue 2, 2009, Pages 20-41

  Yee, George O M ^a  

^a NATIONAL RESEARCH COUNCIL CANADA   (Canada)

Author keywords

Estimates; Internet service; Privacy; Privacy protection capability; Web service

Indexed keywords

DATA PRIVACY; INTERNET SERVICE PROVIDERS; WEBSITES;

ESTIMATES; INTERNET SERVICES; PRIVACY PROTECTION; WEB SERVICE PROVIDERS;

WEB SERVICES;

EID: 77950336442     PISSN: 15457362     EISSN: 15465004     Source Type: Journal    
DOI: 10.4018/jwsr.2009092202     Document Type: Article

References (25)

1. Adams, C., & Barbieri, K. (2006). Privacy enforcement in e-services environments. In G. Yee (Ed.), Privacy protection for e-services. Hershey, PA: Idea Group, Inc.
2. Bauer, M. (2002). Practical threat analysis and risk management. Linux Journal, 2002(93), 9. Retrieved November 7, 2008, from http://www.linuxjournal. com/article/5567
3. Carnegie Mellon Software Engineering Institute. (n.d.). Welcome to the CMMI Website. Retrieved November 9, 2006, from http://www.sei.cmu.edu/cmmi/cmmi.html
4. Enright, K. P. (n.d.). Privacy audit checklist. Retrieved May 6, 2006, from http://cyber.law.harvard. edu/clinical/privacyaudit.html
5. Goldberg, I., Wagner, D., & Brewer, E. (1997). Privacy-enhancing technologies for the Internet. In Proceedings of the IEEE COMPCON'97 (pp. 103-109).
6. IBM. (2003, June 12). The enterprise privacy authorization language (EPAL 1.1). Retrieved June 2, 2007, http://www.zurich.ibm.com/security/enterprise- privacy/epal/
7. International Organization for Standardization. (n.d.). Selection and use of the ISO 9000:2000 family of standards. Retrieved January 28, 2006, from http://www.iso.org/iso/en/iso9000-14000/understand/selection-use/selection-use.html
8. Iyengar, V. S. (2002). Transforming data to satisfy privacy constraints. In Proceedings of the SIGKDD'02, Edmonton, Alberta (pp. 279-288).
9. Karger, P. A. (2006, July). Privacy and security threat analysis of the federal employee personal identity verification (PIV) program. In Proceedings of the Second Symposium on Usable Privacy and Security, Pittsburgh, Pennsylvania (pp. 114-121).
10. Kenny, S., & Korba, L. (2002, November). Adapting digital rights management to privacy rights management. Computers & Security, 21(7), 648-664.
11. Kobsa, A., & Schreck, J. (2003, May). Privacy through pseudonymity in user-adaptive systems. ACM Transactions in Internet Technology, 3(2), 149-183.
12. Lategan, F., & Olivier, M. (n.d.). PrivGuard: A model to protect private information based on its usage. Retrieved December 14, 2005, from http://mo.co. za/open/privgrd.pdf
13. O'Neill, M., Hallam-Baker, P., MacCann, S., Shema, M., Simon, E., Watters, P. A., et al. (2003). Web services security. McGraw-Hill/Osborne.
14. Rippon, W. J. (2006, April). Threat assessment of IP based voice systems. In Proceedings of the 1st IEEE Workshop on VoIP Management and Security 2006, Vancouver, B.C., Canada (pp. 19-28).
15. Salter, C., Saydjari, O. S., Schneier, B., & Wallner, J. (1998, September). Towards a secure system engineering methodology. In Proceedings of New Security Paradigms Workshop (pp. 2-10).
16. Song, R., Korba, L., & Yee, G. (2006). Pseudonym technology for e-services. In G. Yee (Ed.), Privacy protection for e-services. Hershey, PA: Idea Group, Inc.
17. Treasury Board of Canada. (n.d.). The privacy impact assessment guidelines: A framework to manage privacy risk. Retrieved May 6, 2006, from . tbs-sct.gc.ca/pgol-pged/piatp-pfefvp/course1/mod2/mod2-5-e.asp
18. U.S. Government. (n.d.). General overview of standards for privacy of individually identifiable health information. Retrieved October 19, 2006, from http://www.hhs.gov/ocr/hipaa/guidelines/overview.pdf
19. W3C. (n.d.). Platform for privacy preferences (P3P) project. Retrieved November 9, 2006, from http://www.w3.org/P3P/
20. W3C. (2002, April 15). A P3P preference exchange language 1.0 (APPEL1.0) (W3C Working Draft). Retrieved November 9, 2006, from http://www. w3.org/TR/P3P-preferences/
21. Yee, G. (2006, September 18-22). Measuring privacy protection in Web services. In Proceedings of the 2006 IEEE International Conference on Web Services (ICWS 2006), Chicago (pp. 647-654).
22. Yee, G., & Korba, L. (2003a, May 18-21). The negotiation of privacy policies in distance education. Paper presented at the 14th IRMA International Conference, Philadelphia.
23. Yee, G., & Korba, L. (2003b, January 27-31). Bilateral e-services negotiation under uncertainty. In Proceedings of the 2003 International Symposium on Applications and the Internet (SAINT2003), Orlando, Florida (pp. 352-355).
24. Yee, G., & Korba, L. (2004, July 6-9). Privacy policy compliance for Web services. In Proceedings of the 2004 IEEE International Conference on Web Services (ICWS 2004), San Diego (pp. 158-165).
25. Yee, G., & Korba, L. (2005). Semi-automatic derivation and use of personal privacy policies in e-business. International Journal of E-Business Research, 1(1), 54-69. IGI Global, Inc.