Title: First Annual Research Report the Prime Project Receives Research Funding from the Community's Sixth Framework Programme and the Swiss Federal Office for Education and Science. Privacy and Identity Management for Europe Prime Privacy and Identity Management for Europe

ions can also be defined within the domains of users as well as objects. Intuitively, abstractions allow to group together users (objects, resp.) with common characteristics and to refer to the whole group with a name. 2.4 The access control language Our language supports only a subset of the requirements illustrated in the previous section. In particular, our current language deals with resource protection only and does not yet take into account obligation and purpose, which will be added in future releases. Although our approach provides the general notion of a policy language and of controlled release of personal information, at this stage, we did not address engineering issues regarding scalability and backward compatibility with current standards. Syntactically, an access control rule has the following form: subject with subject expression can action on object with object expression if conditions

[1]  David A. Cooper,et al.  Preserving privacy in a network of mobile computers , 1995, Proceedings 1995 IEEE Symposium on Security and Privacy.

[2]  Eyal Kushilevitz,et al.  Private information retrieval , 1995, Proceedings of IEEE 36th Annual Foundations of Computer Science.

[3]  Gene Tsudik,et al.  Mixing E-mail with Babel , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[4]  Paul F. Syverson,et al.  Hiding Routing Information , 1996, Information Hiding.

[5]  Michael K. Reiter,et al.  Crowds: anonymity for Web transactions , 1998, TSEC.

[6]  Marc Joye,et al.  A Practical and Provably Secure Coalition-Resistant Group Signature Scheme , 2000, CRYPTO.

[7]  Hannes Federrath,et al.  Web MIXes: A System for Anonymous and Unobservable Internet Access , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[8]  Dogan Kesdogan,et al.  Unobservable Surfing on the World Wide Web: Is Private Information Retrieval an Alternative to the MIX Based Approach? , 2002, Privacy Enhancing Technologies.

[9]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[10]  Mihir Bellare,et al.  Foundations of Group Signatures: Formal Definitions, Simplified Requirements, and a Construction Based on General Assumptions , 2003, EUROCRYPT.

[11]  Marco Casassa Mont,et al.  Dealing with Privacy Obligations: Important Aspects and Technical Approaches , 2004, TrustBus.

[12]  Ernesto Damiani,et al.  P2P-based collaborative spam detection and filtering , 2004 .

[13]  Nick Mathewson,et al.  Tor: The Second-Generation Onion Router , 2004, USENIX Security Symposium.

[14]  Sabrina De Capitani di Vimercati,et al.  A comparison of modeling strategies in defining XML-based access control languages , 2004, Comput. Syst. Sci. Eng..

[15]  Jan Camenisch,et al.  A Cryptographic Framework for the Controlled Release of Certified Data , 2004, Security Protocols Workshop.

[16]  Ernesto Damiani,et al.  Spam attacks: p2p to the rescue , 2004, WWW Alt. '04.

[17]  Ernesto Damiani Semantics-aware Privacy and Access Control: Motivation and Preliminary Results , 2004 .

[18]  Ernesto Damiani,et al.  XML-based access control languages , 2004, Inf. Secur. Tech. Rep..

[19]  Stefano Paraboschi Computing range queries on obfuscated data , 2004 .

[20]  David Chaum,et al.  The dining cryptographers problem: Unconditional sender and recipient untraceability , 1988, Journal of Cryptology.

[21]  Jan Camenisch,et al.  Group Signatures: Better Efficiency and New Theoretical Aspects , 2004, SCN.

[22]  Zinaida Benenson,et al.  User authentication in sensor networks (extended abstract) , 2004 .

[23]  Ernesto Damiani,et al.  An Open Digest-based Technique for Spam Detection , 2004, PDCS.

[24]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[25]  Ernesto Damiani,et al.  A protocol for reputation management in super-peer networks , 2004, Proceedings. 15th International Workshop on Database and Expert Systems Applications, 2004..

[26]  Dogan Kesdogan,et al.  The Hitting Set Attack on Anonymity Protocols , 2004, Information Hiding.

[27]  Marco Casassa Mont,et al.  Dealing with Privacy Obligations in Enterprises , 2004, ISSE.

[28]  Anas Abou El Kalam,et al.  A generic approach for healthcare data anonymization , 2004, WPES '04.

[29]  Andreas Pfitzmann,et al.  Privacy-Aware eLearning: Why and How , 2005 .

[30]  Marco Casassa Mont,et al.  Handling privacy obligations in enterprises: important aspects and technical approaches , 2005, Comput. Syst. Sci. Eng..

[31]  Tobias Scherner,et al.  A Multilaterally Secure, Privacy-Friendly Location-Based Service for Disaster Management and Civil Protection , 2005, ICN.

[32]  M. Mont,et al.  Handling Privacy Obligations and Constraints to Underpin Trust and Assurance , 2005 .

[33]  Lexi Pimenidis A Practical Approach to Tranparent und Usable Anonymity Networks , 2005, Sicherheit.

[34]  Siani Pearson,et al.  An Adaptive Privacy Management System for Data Repositories , 2005, TrustBus.

[35]  Siani Pearson,et al.  Trusted Computing: Strengths, Weaknesses and Further Opportunities for Enhancing Privacy , 2005, iTrust.

[36]  Alberto Ceselli,et al.  Modeling and assessing inference exposure in encrypted databases , 2005, TSEC.

[37]  Markulf Kohlweiss,et al.  Privacy for Profitable Location Based Services , 2005, SPC.

[38]  Siani Pearson How trusted computers can enhance privacy preserving mobile applications , 2005, Sixth IEEE International Symposium on a World of Wireless Mobile and Multimedia Networks.

[39]  Margherita Pagani Mobile and Wireless Systems Beyond 3G: Managing New Business Opportunities , 2005 .

[40]  A. Pfitzmann,et al.  Intra-Application Partitioning of Personal Data , 2005 .

[41]  Andreas Pfitzmann,et al.  Towards Privacy-Aware eLearning , 2005, Privacy Enhancing Technologies.

[42]  Pierangela Samarati,et al.  Towards identity management for e-services , 2005 .

[43]  Jan Camenisch,et al.  Compact E-Cash , 2005, EUROCRYPT.

[44]  Sabrina De Capitani di Vimercati,et al.  NEW DIRECTIONS IN ACCESS CONTROL , 2005 .

[45]  Siani Pearson,et al.  Persistent and Dynamic Trust: Analysis and the Related Impact of Trusted Platforms , 2005, iTrust.

[46]  Yves Deswarte,et al.  pMIX: Untraceability for Small Hiding Groups. , 2005, Fourth IEEE International Symposium on Network Computing and Applications.

[47]  Refik Molva,et al.  Policy-Based Cryptography and Applications , 2005, Financial Cryptography.

[48]  Ernesto Damiani,et al.  A Web Service Architecture for Enforcing Access Control Policies , 2004, VODCA@FOSAD.

[49]  Jan Camenisch Protecting (Anonymous) Credentials with the Trusted Computing Group's TPM V1.2 , 2006, SEC.

[50]  Ernesto Damiani,et al.  Fuzzy techniques for trust and reputation management in anonymous peer-to-peer systems , 2006, J. Assoc. Inf. Sci. Technol..