Privatheit bei dezentraler Verwaltung von Benutzerprofilen

Eine dezentrale Verwaltung von Benutzerprofilen ermoglicht die Wiederverwendung von personlichen Daten fur verschiedene Personalisierungs-Dienste, erzeugt aber auch Probleme hinsichtlich der Privatheit der Informationen. In dieser Arbeit wurde daher ein Mechanismus entworfen, der eine Autorisation von Benutzerprofilzugriffen sicherstellt. Der Ansatz verbindet eine XML-basierte Formalisierung von Zugriffsrechten mit Privacy Enhancing Technologies und erweitert dies um neue Konzepte.

[1]  Andreas Pfitzmann,et al.  Mehrseitige Sicherheit in offenen Netzen , 2000 .

[2]  Ernesto Damiani,et al.  Securing XML Documents , 2000, EDBT.

[3]  Helmut Bäumler,et al.  Datenschutz im Internet , 2000 .

[4]  Terry Winograd,et al.  A network-centric design for relationship-based rights management , 1997 .

[5]  Michael Koch,et al.  Das CommunityItemsTool—Interoperable Unterstützung von Interessens-Communities in der Praxis , 2001 .

[6]  Simson L. Garfinkel,et al.  Web Security, Privacy and Commerce , 2001 .

[7]  Oren Etzioni,et al.  Privacy interfaces for information management , 1999, CACM.

[8]  John Leubsdorf,et al.  Privacy and Freedom , 1968 .

[9]  Joan Feigenbaum,et al.  Privacy Engineering for Digital Rights Management Systems , 2001, Digital Rights Management Workshop.

[10]  Louis D. Brandeis,et al.  The Right to Privacy , 1890 .

[11]  Michael Koch An Architecture for Community Support Platforms - Modularization and Integration , 2002 .

[12]  Paul Syverson,et al.  Onion Routing for Anonymous and Private Internet Connections , 1999 .

[13]  Roger Clarke,et al.  Internet privacy concerns confirm the case for intervention , 1999, CACM.

[14]  Matt Curtin,et al.  Developing Trust: Online Privacy and Security , 2001 .

[15]  Hannes Federrath,et al.  Project “anonymity and unobservability in the Internet” , 2000, CFP '00.

[16]  Lorrie Faith Cranor,et al.  Platform for Privacy Preferences - P3P , 2000, Datenschutz und Datensicherheit.

[17]  Wolfgang Wörndl,et al.  Privatheit bei Verwaltung von Benutzerprofilen , 2002, Mensch & Computer.

[18]  Elisa Bertino,et al.  Securing XML Documents with Author-X , 2001, IEEE Internet Comput..

[19]  Wolfgang Wörndl,et al.  The CommunityItemsTool-interoperable community support in practice , 2001, Proceedings Tenth IEEE International Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises. WET ICE 2001.

[20]  Fabio Abbattista,et al.  Intelligent E-Commerce with Guiding Agents Based on Personalized Interaction Tools , 2003 .

[21]  Vipul Kashyap,et al.  InfoSleuth: agent-based semantic integration of information in open and dynamic environments , 1997, SIGMOD '97.

[22]  Michael Kreutzer,et al.  Mobile Identity Management , 2002 .

[23]  Martin Reichenbach,et al.  Sicherheitskonzepte für das Internet , 2001 .

[24]  Günter Müller,et al.  Benutzbare Sicherheit — Der Identitätsmanager als universelles Sicherheitswerkzeug , 2001 .

[25]  Birgit Pfitzmann,et al.  Datenschutz garantierende offene Kommunikationsnetze , 1988, Informatik-Spektrum.

[26]  Ari Schwartz,et al.  Your place or mine?: privacy concerns and solutions for server and client-side storage of personal information , 2000, CFP '00.

[27]  Andreas Pfitzmann Diensteintegrierende Kommunikationsnetze mit teilnehmerüberprüfbarem Datenschutz , 1990, Informatik-Fachberichte.

[28]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[29]  Lorrie Faith Cranor Agents of Choice: Tools that Facilitate Notice and Choice about Web Site Data Practices , 2000, ArXiv.

[30]  Andreas Pfitzmann,et al.  Charakteristika von Schutzzielen und Konsequenzen für Benutzungsschnittstellen , 2000, Informatik-Spektrum.

[31]  Andreas Pfitzmann,et al.  Anonymity, Unobservability, and Pseudonymity - A Proposal for Terminology , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[32]  Timothy W. Finin,et al.  KQML as an agent communication language , 1994, CIKM '94.

[33]  Simone Fischer-Hübner,et al.  IT-Security and Privacy , 2001, Lecture Notes in Computer Science.

[34]  Pattie Maes,et al.  Agents that buy and sell , 1999, CACM.

[35]  Marc Langheinrich,et al.  A Privacy Awareness System for Ubiquitous Computing Environments , 2002, UbiComp.

[36]  David Davenport,et al.  Anonymity on the Internet: why the price may be too high , 2002, CACM.

[37]  Joel R. Reidenberg,et al.  Can User Agents Accurately Represent Privacy Policies , 2002 .

[38]  Johann H. Schlichter,et al.  Informationsmanagement und Communities Überblick und Darstellung zweier Projekte der IMC-Gruppe München , 2001, Informatik Forschung und Entwicklung.

[39]  Elizabeth D. Mynatt,et al.  Design for network communities , 1997, CHI.

[40]  P. Samarati,et al.  Access control: principle and practice , 1994, IEEE Communications Magazine.

[41]  Michael Koch Community-Support-Systeme , 2001, CSCW-Kompendium.

[42]  Pattie Maes,et al.  Agent-mediated Electronic Commerce : A Survey , 1998 .

[43]  Michael C. Loui,et al.  Taking the byte out of cookies: privacy, consent, and the Web , 1998, SIGCAS Comput. Soc..

[44]  Oliver Berthold,et al.  Identity Management Based on P3P , 2000, Workshop on Design Issues in Anonymity and Unobservability.

[45]  Marit Köhntopp Technische Randbedingungen für einen datenschutzgerechten Einsatz biometrischer Verfahren , 1999 .

[46]  Dogan Kesdogan,et al.  Privacy im Internet - vertrauenswürdige Kommunikation in offenen Umgebungen , 1999, DuD-Fachbeiträge.

[47]  Wolfgang Wörndl,et al.  Community support and identity management , 2001, ECSCW.

[48]  Marianne Winslett,et al.  Negotiating Trust on the Web , 2002, IEEE Internet Comput..

[49]  Ko Fujimura,et al.  General-purpose Digital Ticket Framework , 1998, USENIX Workshop on Electronic Commerce.

[50]  Gerald L. Lohse,et al.  On site: to opt-in or opt-out?: it depends on the question , 2001, CACM.

[51]  Wolfgang Wörndl,et al.  A FRAMEWORK FOR PERSONALIZABLE COMMUNITY WEB PORTALS , 2001 .

[52]  Yossi Matias,et al.  Consistent, yet anonymous, Web access with LPWA , 1999, CACM.

[53]  Paul Lorenzen,et al.  Lehrbuch der konstruktiven Wissenschaftstheorie , 2000 .

[54]  Victoria Bellotti,et al.  Design for privacy in multimedia computing and communications environments , 1997 .

[55]  Len LaPadula,et al.  Secure Computer Systems: A Mathematical Model , 1996 .

[56]  Robert Boguslaw,et al.  Privacy and Freedom , 1968 .

[57]  Terry Winograd,et al.  A Network-Centric Design for Relationship-Based Security and Access Control , 1997, J. Comput. Secur..

[58]  Ramakrishnan Srikant,et al.  Implementing P3P using database technology , 2003, Proceedings 19th International Conference on Data Engineering (Cat. No.03CH37405).

[59]  Aviel D. Rubin,et al.  Risks of the Passport single signon protocol , 2000, Comput. Networks.

[60]  Barry Crabtree,et al.  Knowing Me, Knowing You: Practical Issues in the Personalisation of Agent Technology , 2002 .

[61]  Michael C. Loui,et al.  Taking the byte out of cookies , 1998 .

[62]  Mauro Barni,et al.  Managing Copyright in Open Networks , 2002, IEEE Internet Comput..

[63]  David Chaum,et al.  Untraceable electronic mail, return addresses, and digital pseudonyms , 1981, CACM.

[64]  James A. Hendler,et al.  The Semantic Web" in Scientific American , 2001 .

[65]  J. Hagel,et al.  Net Worth: Shaping Markets When Customers Make the Rules , 1999 .

[66]  Simson L. Garfinkel,et al.  PGP: Pretty Good Privacy , 1994 .

[67]  Marc Langheinrich,et al.  Allgegenwärtigkeit des Computers — Datenschutz in einer Welt intelligenter Alltagsdinge , 2001 .

[68]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.