Using contract and ontology for privacy protection in Service-Oriented Architecture

Privacy protection in Service-Oriented Architecture (SOA) is an open problem. As privacy protection can be considered as a contractual issue, the solution for the problem of privacy protection in SOA requires the use of electronic contracts. This is important, as the service consumer's confidence of the protection of their privacy is a factor for the success of electronic services (e-services). This confidence may increase if the service consumer and provider can establish a contract, which states how the provider deals with information collected from the consumer. The service consumer can sign the contract if the privacy protection practices described in it meet what the consumer defines as appropriate practices. The goal of this paper is to use contract and ontology for privacy protection in SOA. Privacy contracts follow an approach based on feature modeling. In addition, they use a base ontology that provides a common privacy vocabulary.

[1]  Mike P. Papazoglou,et al.  Service-Oriented Computing , 2008 .

[2]  Herbert Burkert,et al.  Some Preliminary Comments on the DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. , 1996 .

[3]  Asuman Dogac,et al.  Using SAML and XACML for Web Service Security&Privacy , 2008 .

[4]  George Yee Privacy Protection for E-Services , 2006 .

[5]  Ismail Hakki Toroslu,et al.  A Semantic-Based User Privacy Protection Framework for Web Services , 2003, ITWP.

[6]  George Yee A privacy controller approach for privacy protection in web services , 2007, SWS '07.

[7]  H. P Gassmann,et al.  OECD guidelines governing the protection of privacy and transborder flows of personal data , 1981 .

[8]  Maria Beatriz Felgar de Toledo,et al.  Ws-Contract Establishment with QoS: an Approach Based on Feature Modeling , 2008, Int. J. Cooperative Inf. Syst..

[9]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[10]  Barbara Carminati,et al.  Exploring privacy issues in Web services discovery/agencies , 2005, IEEE Security & Privacy Magazine.

[11]  H. Elsheshtawy,et al.  Personal Information Protection and Electronic Documents Act , 2015 .

[12]  Paolo Traverso,et al.  Service-Oriented Computing: a Research Roadmap , 2008, Int. J. Cooperative Inf. Syst..

[13]  J. O'reilly The Privacy Act of 1974. , 1975 .

[14]  Mike P. Papazoglou,et al.  Introduction: Service-oriented computing , 2003, CACM.