Privacy policy compliance for Web services

The growth of the Internet has been accompanied by the growth of Web services (e.g. e-commerce, e-health). This proliferation of Web services and the increasing regulatory and legal requirements for personal privacy have fueled the need to protect the personal privacy of Web service users. We advocate a privacy policy negotiation approach to protecting personal privacy (Yee and Korba, 2003; ). We provided semiautomated approaches for deriving personal privacy policies (Yee and Korba, 2004). However, it is evident that approaches are also needed to ensure that providers of Web services comply with the privacy policies of service users. In this paper, we examine privacy legislation to derive requirements for privacy policy compliance systems. We then propose an architecture for a privacy policy compliance system that satisfies the requirements and discuss the strengths and weaknesses of our proposed architecture.

[1]  Larry Korba,et al.  Applying digital rights management systems to privacy rights management , 2002, Comput. Secur..

[2]  Thu D. Nguyen,et al.  A hierarchical policy specification language, and enforcement mechanism, for governing digital enterprises , 2002, Proceedings Third International Workshop on Policies for Distributed Systems and Networks.

[3]  Prasad Rao,et al.  Automatic management of network security policy , 2001, Proceedings DARPA Information Survivability Conference and Exposition II. DISCEX'01.

[4]  Atul Prakash,et al.  A flexible architecture for security policy enforcement , 2003, Proceedings DARPA Information Survivability Conference and Exposition.

[5]  George Yee,et al.  Bilateral e-services negotiation under uncertainty , 2003, 2003 Symposium on Applications and the Internet, 2003. Proceedings..

[6]  Mark O'Neill,et al.  Web Services Security , 2003 .

[7]  Randy Chow,et al.  Enforcing complex security policies for commercial applications , 1995, Proceedings Nineteenth Annual International Computer Software and Applications Conference (COMPSAC'95).