Abstract
When using electronic services, people are often asked to provide personal information. This raises many privacy issues. To gain the trust of the user, service providers can use privacy policy languages such as P3P to declare the purpose and usage of this personal information. User agents can compare these policies to privacy preferences of a user and warn the user if his privacy is threatened. This paper extends two languages: P3P and APPEL. It makes it possible to refer to certified data and credentials. This allows service providers to define the minimal level of assurance. It is also shown how different ways of disclosure (exact, blurred, verifiably encrypted, ...) can be specified to achieve more privacy friendly policies. Last, the paper describes a privacy agent that makes use of the policies to automate privacy friendly information disclosure.
An erratum to this chapter can be found at http://dx.doi.org/10.1007/11915034_125.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Camenisch, J., Van Herreweghen, E.: Design and Implementation of the Idemix Anonymous Credential System. In: Proc. 9th ACM Conf. Computer and Comm. Security (2002)
Brands, S.: Rethinking Public Key Infrastructures and Digital Certificates: Building in Privacy (2000)
Camenisch, J., Sommer, D., Zimmermann, R.: A general certification framework with applications to privacy-enhancing certificate infrastructures. Tech. Rep. RZ 3629, IBM Zurich Research Laboratory (July 2005)
Gevers, S., De Decker, B.: Automating privacy friendly information disclosure. Tech. Rep. CW441, Katholieke Universiteit Leuven (May 2006)
Yee, G., Korba, L.: Semi-Automated Derivation of Personal Privacy Policies. In: IRMA 2004: Proceedings of the 2004 Information Resources Management Association International Conference (2004)
AT&T Privacy Bird http://www.privacybird.com/
JRC P3P Resource Centre, http://p3p.jrc.it/
Microsoft CardSpace, http://msdn.microsoft.com/winfx/reference/infocard/default.aspx
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An XPath based preference language for P3P. In: Proc. of the 12th Intl. World Wide Web Conference (2003)
Kagal, L., Finin, T., Joshi, A.: A policy based approach to security for the semantic web. In: Proceedings of the 2nd International Semantic Web Conference (2003)
Li, J., Li, N., Winsborough, W.H.: Automated trust negotiation using cryptographic credentials. In: Proceedings of the 12th ACM Conference on Computer and Communications Security (2005)
The Enterprise Privacy Authorization Language (EPAL 1.1), http://www.zurich.ibm.com/security/enterprise-privacy/epal/
Housley, R., Ford, W., Polk, W., Solo, D.: RFC 2459: Internet X.509 Public Key Infrastructure Certificate and CRL Profile
Platform for Privacy Preferences (P3P) Project, http://www.w3.org/P3P/
A P3P Preference Exchange Language 1.0 (APPEL1.0), http://www.w3.org/TR/P3P-preferences/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gevers, S., De Decker, B. (2006). Privacy Friendly Information Disclosure. In: Meersman, R., Tari, Z., Herrero, P. (eds) On the Move to Meaningful Internet Systems 2006: OTM 2006 Workshops. OTM 2006. Lecture Notes in Computer Science, vol 4277. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11915034_87
Download citation
DOI: https://doi.org/10.1007/11915034_87
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-48269-7
Online ISBN: 978-3-540-48272-7
eBook Packages: Computer ScienceComputer Science (R0)