Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Design and Implementation of a Policy-Based Privacy Authorization System

  • Conference paper
Intelligence and Security Informatics (ISI 2006)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 3975))

Included in the following conference series:

  • 1890 Accesses

Abstract

In the Internet era, enterprises want to use personal information of their own or other enterprises’ subscribers, and even provide it to other enterprises for their profit. On the other hand, subscribers to Internet enterprises expect their privacy to be securely protected. Therefore, a conflict between enterprises and subscribers can arise in using personal information for the enterprises’ benefits. In this paper, we introduce a privacy policy model and propose a policy-based privacy authorization system. The privacy policy model is used for authoring privacy policies and the privacy authorization system renders the authorization decision based on the privacy policies. In the proposed system, policies for enterprises and subscribers are described in XACML, an XML-based OASIS standard language for access control policies. In addition, we show the details of how the procedure of the privacy authorization and conflict resolution is processed in the proposed system.

This research was supported by the MIC(Ministry of Information and Communication), Korea, under the ITRC(Information Technology Research Center) support program supervised by the IITA(Institute of Information Technology Assessment).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Magnuson, G., Reid, P.: Privacy and Identity Management Survey. In: IAPP Conference (2004)

    Google Scholar 

  2. Privacy and Security Best Practices. Liberty Alliance Project (2003)

    Google Scholar 

  3. Who Goes There?: Authentication Through the Lens of Privacy. Computer Science and Telecommunications Board (2003), http://www.nap.edu/catalog/10656.html

  4. PRIME: Privacy and Identity Management for Europe Date of preparation. PRIME Project (2004), http://www.prime-project.eu.org/

  5. Sun’s XACML Implementation. SUN (2005), http://sunxacml.sourceforge.net/

  6. eXtensible Access Control Markup Language. OASIS (2005), http://www.oasis-open.org

  7. Choi, H.-C., Lee, S.-Y., Lee, H.-H.: PIMS: An Access-Control based Privacy Model for Identity Management Systems. GESTS International Transaction on Computer Science and Engineering 9(1) (2005) (ISSN 1738-6438)

    Google Scholar 

  8. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.2). W3C (2003), http://www.w3.org/Submission/2003/SUBM-EPAL-20031110

  9. Yee, G., Korba, L.: An Agent Architecture for E-Services Privacy Policy Compliance. Advanced Information Networking and Application (2005)

    Google Scholar 

  10. Cranor, L.F.: Web Privacy with P3P. O’Reilly, Sebastopol (2002)

    Google Scholar 

  11. Lu, C.: P3P in the Context of Legislation and Education. Sensitive Information in a Wired World (2003)

    Google Scholar 

  12. XML SPY. Altova (2004), http://www.xml.com/pub/p/15

  13. Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P, Privacy Policies and Privacy Authorization. WPES (November 2002)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Dept. of Information Security, Chonnam National University, Gwangju, 500-757, Korea

    HyangChang Choi & SeungYong Lee

  2. Div. of Information and EC, Wonkwang University, Iksan, 570-749, Korea

    HyungHyo Lee

Authors
  1. HyangChang Choi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. SeungYong Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. HyungHyo Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. School of Information and Computer Science, University of California, Irvine

    Sharad Mehrotra

  2. MIS Department, University of Arizona, 85721, Tucson, AZ, USA

    Daniel D. Zeng

  3. Department of Management Information Systems, Eller College of Management, The University of Arizona, 85721, AZ, USA

    Hsinchun Chen

  4. University of Texas at Dallas,  

    Bhavani Thuraisingham

  5. Chinese Academy of Sciences, 100190, Beijing, China

    Fei-Yue Wang

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Choi, H., Lee, S., Lee, H. (2006). Design and Implementation of a Policy-Based Privacy Authorization System. In: Mehrotra, S., Zeng, D.D., Chen, H., Thuraisingham, B., Wang, FY. (eds) Intelligence and Security Informatics. ISI 2006. Lecture Notes in Computer Science, vol 3975. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11760146_12

Download citation

  • DOI: https://doi.org/10.1007/11760146_12

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-34478-0

  • Online ISBN: 978-3-540-34479-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation