UI prototypes : Policy administration and presentation (version 1)

Privacy Policies are an important prerequisite for user control in privacy-enhancing identity management. The transparency of privacy policies can be enhanced if users are informed about mismatches of a site’s policy with the user’s preferences. Investigating understandable and transparent privacy policies as well as simplified and usable privacy preference (data release policy) management "on the fly" are the objectives of the deliverable. For this, it is discussing icons presenting the content of policies and different User Interface (UI) prototypes for policy display and preference administration, which have been partly compared and tested in an Online user study. Finally, legal requirements for policy display in social network sites and how they translate to Human Computer Interaction (HCI) requirements are investigated.

[1]  Sabrina De Capitani di Vimercati,et al.  Expressive and Deployable Access Control in Open Web Service Applications , 2011, IEEE Transactions on Services Computing.

[2]  Siani Pearson,et al.  How ordinary internet users can have a chance to influence privacy policies , 2006, NordiCHI '06.

[3]  李幼升,et al.  Ph , 1989 .

[4]  Sabrina De Capitani di Vimercati,et al.  Enabling Privacy-preserving Credential-based Access Control with XACML and SAML , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[5]  David Chaum,et al.  Security without identification: transaction systems to make big brother obsolete , 1985, CACM.

[6]  Marcus Helfrich,et al.  EG Datenschutzrichtlinie : Kurzkommentar , 1999 .

[7]  Clare-Marie Karat,et al.  Evaluating interfaces for privacy policy rule authoring , 2006, CHI.

[8]  Janice Y. Tsai,et al.  1 Symbols of Privacy , 2006 .

[9]  John Sören Pettersson,et al.  Making PRIME usable , 2005, SOUPS '05.

[10]  Gregory Neven,et al.  Downstream Usage Control , 2010, POLICY.

[11]  M. Rundle International Personal Data Protection and Digital Identity Management Tools , 2006 .

[12]  Wolfgang Däubler Bundesdatenschutzgesetz : Kompaktkommentar zum BDSG , 2010 .

[13]  Lorrie Faith Cranor,et al.  User interfaces for privacy agents , 2006, TCHI.

[14]  Pierangela Samarati,et al.  Exploiting cryptography for privacy-enhanced access control: A result of the PRIME Project , 2010, J. Comput. Secur..

[15]  John Karat,et al.  Privacy in information technology: Designing to enable privacy policy management in organizations , 2005, Int. J. Hum. Comput. Stud..

[16]  Jan Camenisch,et al.  An Efficient System for Non-transferable Anonymous Credentials with Optional Anonymity Revocation , 2001, IACR Cryptol. ePrint Arch..

[18]  John Sören Pettersson HCI guidance and proposals , 2005 .

[19]  Clare-Marie Karat,et al.  An empirical study of natural language parsing of privacy policy rules using the SPARCLE policy workbench , 2006, SOUPS '06.

[20]  Sebastian Mödersheim,et al.  A card requirements language enabling privacy-preserving access control , 2010, SACMAT '10.

[21]  Almut Herzog,et al.  Linköping Studies in Science and Technology Usable Security Policies for Runtime Environments , 2022 .

[22]  Lorrie Faith Cranor,et al.  A "nutrition label" for privacy , 2009, SOUPS.

[23]  Stefan A. Brands,et al.  Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy , 2000 .