Privacy for Service Oriented Architectures

This chapter describes requirements for privacy in service-oriented architectures. It collects 39 legal and technical requirements, grouped in the five categories. These requirements are the starting point for a technical framework that brings privacy-enhanced data handling to multi-layered, multi-domain service compositions. We describe an abstract framework that is technology agnostic and allows for late adoption also in already existing SOA applications. We describe the general building blocks that are necessary on a PII provider’s side and on a PII consumer’s side. Finally, we look at the technical implementation of a very common, yet complicated aspect: the composition of policies when composing information artifacts. We describe how the composition of data influences the composition of policies.