Abstract
Today many interactions are carried out online through Web sites and e-services and often private and/or sensitive information is required by service providers. A growing concern related to this widespread diffusion of on-line applications that collect personal information is that users’ privacy is often poorly managed and sometimes abused. For instance, it is well known how personal information is often disclosed to third parties without the consent of legitimate data owners or that there are professional services specialized on gathering and correlating data from heterogeneous repositories, which permit to build user profiles and possibly to disclose sensitive information not voluntarily released by their owners. For these reasons, it has gained great importance to design systems able to fully preserve information privacy by managing in a trustworthy and responsible way all identity and profile information.
In this paper, we investigate some problems concerning identity management for e-services and present the architecture of the Access Control Decision Function, a software component in charge of managing access request in a privacy-aware fashion. The content of this paper is a result of our ongoing activity in the framework of the PRIME project (Privacy and Identity Management for Europe) [18], funded by the European Commission, whose objective is the development of privacy-aware solutions for enforcing security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: A Web Service Architecture for Enforcing Access Control Policies. In: Proc. of the First International Workshop on Views On Designing Complex Architectures (VODCA 2004), Bertinoro, Italy, September 11-12 (2004)
Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Towards Privacy-Enhanced Authorization Policies and Languages. In: Proc. of the 19th Annual IFIPWG 11.3 Working Conference on Data and Applications Security (IFIP), Nathan Hale Inn, University of Connecticut, Storrs, USA, August 7-10 (2005)
Ardagna, C.A., De Capitani di Vimercati, S.: A comparison of modeling strategies in defining XML-based access control languages. Computer Systems Science & Engineering Journal (2004)
Ashley, P., Hada, S., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language(EPAL). IBM Research (2003)
Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P privacy policies and privacy authorization. In: Proc. of the ACM workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA, November 21 (2002)
Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: Proc. of the IEEE 6th International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, June 6-8 (2005)
Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002)
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, http://www.w3.org/TR/P3P/
Damiani, E., Corallo, A., Elia, G.: A Knowledge Management System Enabling Regional Innovation. In: Proc. of the VI international conference on Knowledge-Based Intelligent Information & Engineering Systems (KES 2002), Crema, Italy, September 16-18 (2002)
De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Access control: Principles and solutions. Software – Practice and Experience 33(5), 397–421 (2003)
Farrell, S., Housley, R.: An Internet Attribute Certificate for Authorization. Request For Comments 3281, Internet Engineering Task Force (2002)
Gunter, C.A., May, M.J., Stubblebine, S.G.: A Formal Privacy System and its Application to Location Based Services. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 256–282. Springer, Heidelberg (2005)
International Security, Trust, and Privacy Alliance (ISTPA), http://www.istpa.org/
ITU Telecommunication Standardization Sector (ITU-T). Information Technology Open Systems Interconnection - The Directory: Authentication Framework. Recommendation X.509 (03/00), International Telecommunication Union (2000)
Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 18–28 (2001)
Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises. In: Proc. of the 13th International Conference on Database and Expert Systems Applications (DEXA 2002), Aix-en-Provence, France, September 2-6 (2002)
PRIME (Privacy and Identity Management for Europe), http://www.prime-project.eu.org
Reasoning on the Web (REWERSE), http://www.pms.ifi.lmu.de/rewerse-wga1/index.html
Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)
XACML - (eXtensible Access Control Markup Language), http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=xacml#XACML20
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ardagna, C.A., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P. (2006). The Architecture of a Privacy-Aware Access Control Decision Component. In: Barthe, G., Grégoire, B., Huisman, M., Lanet, JL. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2005. Lecture Notes in Computer Science, vol 3956. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11741060_1
Download citation
DOI: https://doi.org/10.1007/11741060_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-33689-1
Online ISBN: 978-3-540-33691-4
eBook Packages: Computer ScienceComputer Science (R0)