Privacy protection in context-aware web services: Challenges and solutions

Enabling Context-Aware Web Services: Methods, Architectures, and Technologies

Volumn , Issue , 2010, Pages 393-420

  Kapitsaki, Georgia M ^a   Lioudakis, Georgios V ^a   Kaklamani, Dimitra I ^a   Venieris, Iakovos S ^a  

^a NATIONAL TECHNICAL UNIVERSITY OF ATHENS   (Greece)

Author keywords

[No Author keywords available]

Indexed keywords

DATA PRIVACY; WEBSITES;

ABSTRACT ARCHITECTURE; ARCHITECTURAL CONCEPTS; CONTEXT-AWARE WEB SERVICES; CONTEXTUAL INFORMATION; INNOVATIVE SERVICES; PERSONAL INFORMATION; TECHNICAL REQUIREMENT; TECHNOLOGICAL TRENDS;

WEB SERVICES;

EID: 84891766664     PISSN: None     EISSN: None     Source Type: Book    
DOI: 10.1201/EBK1439809853     Document Type: Chapter

References (57)

1. 3GPP. 2007. Technical Specification 3rd Generation Partnership Project. Technical Specification Group Services and System Aspects. 3GPP Generic User Profile-Architecture, Stage 2, Sophia-Antipolis.
2. Agrawal, R., Kiernan, J., Srikant, R. and Xu, Y. 2002. Hippocratic databases. Proceedings of the 28th International Conference on Very Large Data Bases (VLDB’02).
3. Agrawal, R., Kiernan, J., Srikant, R. and Xu, Y. 2005. XPref: A preference language for P3P. Computer Networks 48(5):809-827.
4. Ahmed, M., Anjomshoaa, A. and Tjoa, A M. 2008. Context-based privacy management of personal information using semantic desktop: SemanticLIFE case study. Proceedings of the 10th International Conference on Information Integration and Web-based Applications and Services (UWAS’08), 214-221.
5. Ardagna, C. A., Cremonini, M., Capitani di Vimercati and S. De, Samarati, P. 2007. Privacy-enhanced location-based access control. In Handbook of Database Security: Applications and Trends, ed. M. Gertz, and S. Jajodia, Springer-Verlag.
6. Ardagna, C. A., Cremonini, M., Damiani, E., Capitani di Vimercati and S. de, Samarati, P. 2007. Privacy-enhanced location services information. In Digital Privacy: Theory, Technologies and Practices, ed. Acquisti, De Capitani di Vimercati, Gritzalis, and Lambrinoudakis, Auerbach Publications (Taylor and Francis Group).
7. Article 29 Data Protection Working Party. 2005. Opinion 5/2005 on the use of location data with a view to providing value-added services.
8. Article 29 Data Protection Working Party. 2005. Working document on data protection issues related to RFID technology.
9. Ashley, P., Hada, S., Karjoth, G., Powers, C. and Schunter, M. 2003. Enterprise Privacy Authorization Language (EPAL 1.2), http://www.Zurich.ibm.com/security/enterprise-privacy/epal/Specif ication (accessed April 1, 2009).
10. Backes, M., Pfitzmann, B. and Schunter, M. 2003. A Toolkit for Managing Enterprise Privacy Policies. Proceedings of the 8th European Symposium on Research in Computer Security, 162-180, Springer-Verlag.
11. Bertino, E., Byun, J. and Li, N. 2005. Privacy-preserving database systems. In Foundations of Security Analysis and Design III, ed. A. Al-dini, R. Gorrieri, and F. Martinelli, 178-206, Springer-Verlag.
12. Birnhack, M. D. 2008. The EU data protection directive: An engine of a global regime. Computer Law and Security Report 24(6):508-520.
13. Byun, J.-W., Bertino, E. and Li, N. 2005. Purpose based access control of complex data for privacy protection. Proceedings of the 10th ACM Symposium on Access Control Models and Technologies, 102110. ACM Press.
14. Casassa Mont and M. 2004. Dealing with privacy obligations: Important aspects and technical approaches. In Trust and Privacy in Digital Business, ed. S. Fischer-Huebner, S. Furnell and C. Lambrinoudakis, 120-131, Springer-Verlag.
15. Casassa Mont, M. and Thyne, R. 2006. A systemic approach to automate privacy policy enforcement in enterprises. Proceedings of the 6th Workshop on Privacy Enhancing Technologies, 118-134.
16. Cranor, L. F. 2004. I bidn’t buy it for myself. In Designing Personalized User Experiences in E-Commerce, ed. C.-M. Karat, J.O. Blom, and J. Karat, 57-73, Norwell, MA, USA: Kluwer Academic Publishers.
17. Damiani, E., Anisetti, M. and Bellandi. V. 2005. Toward exploiting location-based and video information in negotiated access control policies. Proceedings of the 1st International Conference on Information Systems Security (ICISS’05), 21-35, Springer-Verlag.
18. Eldin, A. A. and Wagenaar, R. 2006. A privacy preferences architecture for context aware applications. Proceedings of the IEEE International Conference on Computer Systems and Applications, 1110-1113, IEEE Computer Society Press.
19. European Commission 2000. Commission Decision of 26 July 2000 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequacy of the protection provided by the safe harbour privacy principles and related frequently asked questions issued by the U.S. Department of Commerce, Official Journal of the European Communities L 215:7-47.
20. European Omnibus Survey “EOS Gallup Europe.” 2003. “European Union companies’ views about privacy.” Flash Eurobarometer EB 147, http://ec.europa.eu/public_opinion/flash/f1147_data_ protect.pdf (accessed June 6, 2009).
21. European Parliament and Council. 1995. Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data, Official Journal of the European Communities L 281:31-50.
22. European Parliament and Council. 2002. Directive 2002/58/EC of the European Parliament and of the Council concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications). Official Journal of the European Communities L 201:37-47.
23. European Parliament, Council, and Commission. 2000. Charter of fundamental rights of the European Union. Official Journal of the European Communities C 364:1-22.
24. Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, R.D. and Chandramouli, R. 2001. Proposed NIST Standard for role-based access control. A CM Transactions on Information and System Security 4(3):224-274.
25. Ferrini, R., Bertino, E. 2009. Supporting RBAC with XACML+OWL. Proceedings of the Hth ACM Symposium on Access Control Models and Technologies (SACMAT09), 145-154, ACM Press.
26. Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R., Winsborough, W. and Thuraisingham, B. 2008. ROWLBAC: Representing role based access control in OWL. Proceedings of the 13th ACM Symposium on Access Control Models and Technologies, 73-82, ACM Press.
27. Gallup Organization. 2008. Data protection in the European Union: Citizens’ perceptions-Analytical Report. Flash Eurobarom-eter 225, http://ec.europa.eu/public_opinion/flash/fl_225_ en.pdf (accessed June 6, 2009).
28. Gandon, F. L. and Sadeh, N. M. 2004. Context-awareness, privacy and mobile access: A web semantic and multiagent approach. Proceedings of the 1st French-speaking conference on Mobility and ubiquity computing (UbiMob’04), 123-130, ACM Press.
29. Gehring, S. and Gisch, M. 2008. The privacy badge revisited-Enhancement of a privacy-awareness user interface for small devices. Proceedings of the Workshop on Security and Privacy Issues in Mobile Phone Use 2008 (SPMU’08).
30. 1ST Simplicity project homepage, http://www.ist-simplicity.org/.
31. Jorns, O. Jung, O. and Quirchmayr, G. 2008. A platform for the development of location-based mobile applications with privacy protection. Proceedings of the 3rd International Conference on Communication Systems Software and Middleware and Workshops (COMSWARE’08), 120-127, IEEE Computer Society Press.
32. Kapitsaki, G. M., Kateros, D. A. and Venieris, I. S. 2008. Architecture for provision of context-aware web applications based on web services. Proceedings of the IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC’08), 1-5, IEEE Computer Society Press.
33. Liberty Alliance Project. 2005. Liberty ID-SIS Personal Profile Service Specification, Version 1.1, http://www.proj ectliberty.org/liberty/content/download/1028/7146/file/liberty-idsis-pp-vl. 1 .pdf (accessed June 06, 2009).
34. Lioudakis, G. V., Koutsoloukas, E. A., Delias, N., Tselikas, N., Kapellaki, S., Prezerakos, G. N., Kaklamani, D. I. and Venieris, I. S. 2007. A middleware architecture for privacy protection. Computer Networks 51(16): 4679-4696.
35. Lioudakis, G. V., Koutsoloukas, E. A., Delias, N., Gaudino, F., Kaklamani, D. I. and Venieris, I. S. 2007. Technical enforcement of privacy legislation. Proceedings of the IEEE International Symposium on Personal, Indoor and Mobile Radio Communications (PIMRC’07), 1-6, IEEE Computer Society Press.
36. Lioudakis, G. V., Koutsoloukas, E. A., Delias, N., Kapitsaki, G. M., Kaklamani, D. I. and Venieris, I. S. 2008. A Semantic Framework for Privacy-Aware Access Control. Proceedings of the International Multiconference on Computer Science and Information Technology, 813-820, IEEE Computer Society Press.
37. Mcllraith, S. A., Son, T. C. and Zeng, H. 2001. Semantic Web services. IEEEIntelligent Systems 16(2):46-53.
38. Ni, Q., Trombetta, A., Bertino, E. and Lobo, J. 2007. Privacy aware role based access control. Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, 41-50. ACM Press.
39. Noorollahi Ravari, A., Amini, M. and Jalili, R. 2008. A Semantic Aware Access Control Model with Real Time Constraints on History of Accesses. Proceedings of the International Multiconference on Computer Science and Information Technology, 827-836, IEEE Computer Society Press.
40. Organization for the Advancement of Structured Information Standards (OASIS). 2004. OASIS extensible Access Control Markup Language (XACML) TC. http://www.oasis-open.org/committees/xacml/ (accessed April 1, 2009).
41. Organization for Economic Co-operation and Development. 1980. Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, http://www.oecd.org/document/18/0,3343, en_2649_ 34255_1815186_l_l_l_1.00.html (accessed May 9, 2009).
42. Paolucci, M. and Sycara, K. 2003. Autonomous semantic Web services. IEEE Internet Computing 7(5):34-41.
43. Pletscher, T. 2005. Companies and the regulatory jungle. Proceedings of the 21th International Conference of Data Protection and Privacy Commissioners.
44. Poullet, Y. 2006. The Directive 95/46/EC: Ten years after. Computer Law and Security Report 22 (3): 206-217.
45. Rezgui, A., Ouzzani, M., Bouguettaya, A. and Medjahed, B. 2002. Preserving privacy in Web services. Proceedings of the 4th International Workshop on Web Information and Data Management, 56-62, ACM Fress.
46. Rukzio, E., Prezerakos, G. N., Cortese, G., Koutsoloukas, E. and Kapel-laki, S. 2004. Context for simplicity: A basis for context-aware systems based on the 3GPP generic user profile. Proceedings of the International Conference of Computational Intelligence (ICCI’04), 466469.
47. Rukzio, E., Schmidt, A. and Hussmann, H. 2004. Privacy-enhanced intelligent automatic form filling for context-aware services on mobile devices. Proceedings of the Workshop Artificial Intelligence in Mobile Systems (AIMS’04).
48. Solove, D. J. 2006. A brief history of information privacy law. In Proskauer on Privacy: A Guide to Privacy and Data Security Law in the Information Age, ed. C. Wolf, 1-46, Practising Law Institute.
49. Strimpakou, M. A., Roussaki, I. G., and Anagnostou, M. E. 2006. A context ontology for pervasive service provision. Proceedings of the 20th international Conference on Advanced information Networking and Applications (AINA’06).
50. Turner, A., Dogac, A., Toroslu and I. H. 2005. A semantic-based user privacy protection framework for Web services. Intelligent Techniques for Web Personalization, 289-305, Springer-Verlag.
51. United Nations. 1948. Universal Declaration of Human Rights, http: //www.ohchr.org/EN/UDHR/Documents/60UDHR/bookleten.pdf (accessed June 9, 2009).
52. U.S. Public Law No. 93-579. Dec. 31, 1974. 5 U.S.C. 552.
53. W3C. 2002. Platform for Privacy Preferences 1.0 (P3P1.0) Specification. http://www.w3.org/TR/2002/REC-P3P-20020416/ (accessed June 09, 2009).
54. W3C. 2002. A P3P Preference Exchange Language 1.0 (APPEL1.0). http://www.w3.org/TR/2002/WD-P3P-preferences-20020415 (accessed June 9, 2009).
55. W3C. 2004. Web Ontology Language (OWL), http://www.w3.org/2004/0WL/ (accessed June 09, 2009).
56. Warren, S. D., Brandeis and L. D. 1890. The right to privacy. Harvard Law Review 4(5):193-220.
57. Ying, X. and Fu-yuan, X. 2006. Research on context modeling based on ontology. Proceedings of the International Conference on Computational Intelligence for Modelling, Control and Automation, and International Conference on Intelligent Agents, Web Technologies and Internet Commerce, 188.