Skip to main content
Springer Nature Link
Log in

Obligations: Building a Bridge between Personal and Enterprise Privacy in Pervasive Computing

  • Conference paper
Trust, Privacy and Security in Digital Business (TrustBus 2008)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5185))

Abstract

In this paper we present a novel architecture for extending the traditional notion of access control to privacy-related data toward a holistic privacy management system. The key elements used are obligations. They constitute a means for controlling the use of private data even after the data was disclosed to some third-party. Today’s laws mostly are regulating the conduct of business between an individual and some enterprise. They mainly focus on long-lived and static relationships between a user and a service provider. However, due to the dynamic nature of pervasive computing environments, rather more sophisticated mechanisms than a simple offer/accept-based privacy negotiation are required. Thus, we introduce a privacy architecture which allows a user not only to negotiate the level of privacy needed in a rather automated way but also to track and monitor the whole life-cycle of data once it has been disclosed.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Karjoth, G., Schunter, M., Waidner, M.: The platform for enterprise privacy practices - privacy enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language (EPAL 1.2) Specification (November 2003), http://www.zurich.ibm.com/security/enterprise-privacy/epal/

  3. Casassa Mont, M., Thyne, R.: A Systemic Approach to Automate Privacy Policy Enforcement in Enterprises. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 118–134. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  4. Alcalde Bagüés, S., Zeidler, A., Fernandez Valdivielso, C., Matias, I.R.: Sentry@home - leveraging the smart home for privacy in pervasive computing. International Journal of Smart Home 1(2) (2007)

    Google Scholar 

  5. Price, B.A., Adam, K., Nuseibeh, B.: Keeping ubiquitous computing to yourself: a practical model for user control of privacy. International Journal of Human-Computer Studies 63, 228–253 (2005)

    Article  Google Scholar 

  6. Alcalde Bagüés, S., Zeidler, A., Fernandez Valdivielso, C., Matias, I.R.: Towards personal privacy control. In: Meersman, R., Tari, Z., Herrero, P. (eds.) OTM-WS 2007, Part II. LNCS, vol. 4806, pp. 886–895. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Federal Trade Commission (FTC). Fair information practice principles. Privacy online: A (June 1998)

    Google Scholar 

  8. Camenisch, J., et al.: Privacy and Identity Management for Everyone. In: Proceedings of the ACM DIM (2005)

    Google Scholar 

  9. Hiltya, M., Basin, D.A., Pretschner, A.: On Obligations. In: di Vimercati, S.d.C., Syverson, P.F., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  10. Marco Casassa Mont. A System to Handle Privacy Obligations in Enterprises. Thesis (2005)

    Google Scholar 

  11. The CONNECT Project, http://www.ist-connect.eu/

  12. Alcalde Bagüés, S., Zeidler, A., Fernandez Valdivielso, C., Matias, I.R.: A user-centric privacy framework for pervasive environments. In: OTM Workshops (2), pp. 1347–1356 (2006)

    Google Scholar 

  13. Alcalde Bagüés, S., Zeidler, A., Fernandez Valdivielso, C., Matias, I.R.: Disappearing for a while - using white lies in pervasive computing. In: Proceedings of the 2007 ACM workshop on Privacy in electronic society (WPES 2007) (2007)

    Google Scholar 

  14. van de Riet, R.P., Burg, J.F.M.: Linguistic tools for modelling alter egos in cyberspace: Who is responsible? Journal of Universal Computer Science 2(9), 623–636 (1996)

    Google Scholar 

  15. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: Ponder: A language for specifying security and management policies for distributed systems (2000)

    Google Scholar 

  16. OASIS standard. eXtensible Access Control Markup Language. Version 2 (February 2005)

    Google Scholar 

  17. Park, J., Sandhu, R.: The uconabc usage control model. ACM Trans. Inf. Syst. Secur. 7(1), 128–174 (2004)

    Article  Google Scholar 

  18. Kagal, L.: A Policy-Based Approach to Governing Autonomous Behavior in Distributed Environments. Phd Thesis, University of Maryland Baltimore County (September 2004)

    Google Scholar 

  19. Mbanaso, U.M., Cooper, G.S., Chadwick, D.W., Anderson, A.: Obligations for privacy and confidentiality in distributed transactions. In: EUC Workshops, pp. 69–81 (2007)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Siemens AG, Corporate Technology, Munich, Germany

    Susana Alcalde Bagüés, Jelena Mitic & Andreas Zeidler

  2. Department of Electrical and Electronic Engineering, Public University of Navarra, Navarra, Spain

    Susana Alcalde Bagüés, Marta Tejada, Ignacio R. Matias & Carlos Fernandez Valdivielso

Authors
  1. Susana Alcalde Bagüés
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jelena Mitic
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Andreas Zeidler
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Marta Tejada
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Ignacio R. Matias
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Carlos Fernandez Valdivielso
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Steven Furnell Sokratis K. Katsikas Antonio Lioy

Rights and permissions

Reprints and permissions

Copyright information

© 2008 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Alcalde Bagüés, S., Mitic, J., Zeidler, A., Tejada, M., Matias, I.R., Fernandez Valdivielso, C. (2008). Obligations: Building a Bridge between Personal and Enterprise Privacy in Pervasive Computing. In: Furnell, S., Katsikas, S.K., Lioy, A. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2008. Lecture Notes in Computer Science, vol 5185. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85735-8_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-85735-8_17

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-85734-1

  • Online ISBN: 978-3-540-85735-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics