Abstract
Business networking has substantially reshaped common enterprise procedures and has paved the way for the development of ground-breaking information sharing patterns and inter-organizational cooperative practices. Yet, critical issues still stand unaddressed; privacy and sensitive information confidentiality implications threaten to diminish the economic and social benefits derived from online collaboration. Nevertheless, privacy preservation refers to a multidimensional and cross-disciplinary subject, accompanied by both legal as well as technical challenges. In this context, this paper describes the design of a privacy-aware decision engine operating within synergistic contexts. Decision making regarding the production of authorizations and information usage rules is founded on a detailed privacy context and the enforcement of a deductive reasoning algorithm. The proposed reasoning process spans two distinct phases, taking into account an a priori perspective of the system while at the same time maintaining responsiveness in dynamic contexts.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
References
Acquisti, A. (2010). The economics of personal data and the economics of privacy. OECD Conference Centre. WPISP-WPIE Roundtable.
Antonakopoulou, A., Lioudakis, G. V., Gogoulos, F., Kaklamani, D. I., & Venieris, I. S. (2012). Leveraging access control for privacy protection: A survey. In G. Yee (Ed.), Privacy protection measures and technologies in business organizations: Aspects and standards (pp. 65–94). Hershey: IGI Global.
Ardagna, C. A., Cremonini, M., Capitani, D., di Vimercati, S., & Samarati, P. (2008). A privacy-aware access control system. Journal of Computer Security, 16(4), 369–397.
Bianchi, G., Boschi, E., Kaklamani, D. I., Koutsoloukas, E. A., Lioudakis, G. V., Oppedisano, F., et al. (2007). Towards privacy-preserving network monitoring: Issues and challenges. In Proceedings of the 18th Annual IEEE International Symposium on Personal Indoor and Mobile Radio Communications (PIMRC 2007).
Bughin, J. (2008). The rise of enterprise 2.0. Journal of Direct, Data and Digital Marketing Practice, 9(3), 251–259. Palgrave Macmillan.
Camenisch, J., & Groß, T. (2008). Efficient attributes for anonymous credentials. In Proceedings of the 15th ACM conference on Computer and communications security (CCS ’08), (pp. 345–356). New York: ACM.
Cavoukian, A., & Tapscott, D. (2006). Privacy and the enterprise 2.0. New Paradigm Learning Corporation, (pp. 1–26).
Couppens, F., & Cuppens-Boulahia, N. (2008). Modeling contextual security policies. International Journal of Information Security, 7(4), 285–305.
Datta, P., & Chatterjee, S. (2011). Online consumer market inefficiencies and intermediation. SIGMIS Database, 42(2), 55–75. New York, USA: ACM.
European Opinion Research Group. (2011). Attitudes on data protection and electronic identity in the European Union. Technical Report Special Eurobarometer 359. European Commission. Bruxelles, Belgium.
European Parliament and Council. (1995). Directive 95/46/EC of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities, L 281, 31–50.
European Parliament and Council. (2002). Regulation 2195/2002/ EC of the European parliament and of the council on the common procurement vocabulary (CPV). Official Journal of the European Communities, L 340, 1–562.
Fatema, K., Chadwick, D. W., & Lievens, S. (2011). A multi-privacy policy enforcement system. In Privacy and identity management for life, (pp. 297–310). Berlin: Springer.
Ferreira A., Chadwick D., Farinha P., Correia R., Zao G., Chilro R., et al. (2009). How to securely break into RBAC: The BTG-RBAC Model. In Proceedings of the 2009 Annual Computer Security Applications Conference (ACSAC ’09). Washington, DC: IEEE Computer Society
Finin, T., Joshi, A., Kagal, L., Niu, J., Sandhu, R. S., Winsborough, W., et al. (2008). ROWLBAC: Representing role based access control in OWL. In Proceedings of the 13th ACM Symposium on Access Control Models and Technologies (pp. 73–82). New York: ACM.
Gogoulos, F., Antonakopoulou, A., Lioudakis, G. V., Mousas, A. S., Kaklamani, D. I., & Venieris, I. S. (2010). Privacy-aware access control and authorization in passive network monitoring infrastructures. In Computer and Information Technology (CIT), 2010 I.E. 10th International Conference on, (pp. 1114–1121). IEEE.
Gogoulos, F., Antonakopoulou, A., Lioudakis, G. V., Kaklamani, D. I., & Venieris, I. S. (2013). Trust in an enterprise world: A survey. In M. M. Cruz-Cunha, F. Moreira, & J. Varajão (Eds.), Handbook of research on enterprise 2.0. Hershey: IGI Global.
International Telecommunications Union. (2005). Information technology—open systems interconnection—the directory: Public-key and attribute certificate frameworks, ITU-T Recommendation X.509.
Karjoth, G., Schunter, M., & Waidner, M. (2003). Platform for enterprise privacy practices: privacy-enabled management of customer data. In Proceedings of the 2nd international conference on Privacy enhancing technologies, (PET’02), (pp. 69–84). Berlin: Springer-Verlag.
Koshutanski, H., & Maa, A. (2010). Interoperable semantic access control for highly dynamic coalitions. Security and Communication Networks, 3(6), 565–594.
Lioudakis, G. V., Gaudino, F., Boschi, E., Bianchi, G., Kaklamani, D. I., & Venieris, I. S. (2010). Legislation-aware privacy protection in passive network monitoring. In I. M. Portela & M. M. Cruz-Cunha (Eds.), Information communication technology law, protection and access rights: Global approaches and issues. New York: IGI Global Pubs.
Marín Pérez, J. M., Bernabé, J. B., Alcaraz Calero, J. M., Garcia Clemente, F. J., Pérez, G. M., & Gómez Skarmeta, A. F. (2011). Semantic-based authorization architecture for grid. Future Generation Computer Systems, 27(1), 40–55.
Milojicic, D. (2008). Interview with Rich Friedrich, Dave Cohen, and Alex Dreiling. IEEE Internet Computing, 12(1), 10–13.
Mont, M. C. (2004). Dealing with privacy obligations: Important aspects and technical approaches. In Proceedings of the International Workshop on Trust and Privacy in Digital Business (TrustBus 2004) (LNCS 3184, pp. 120–131). Berlin: Springer Berlin/Heidelberg.
Organization for Economic Co-operation and Development – OECD. (1980). Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
Organization for the Advancement of Structured Information Standards – OASIS. (2005). eXtensible Access Control Markup Language (XACML), Version 2.0.
Österle, H., Fleisch, E., & Alt, R. (2000). Business networking: Shaping enterprise relationships on the internet. Berlin: Springer. ISBN: 3- 540- 66612- 5.
Pletscher, T. (2005). Companies and the regulatory jungle. In Proceedings of the 27th International Conference of Data Protection and Privacy Commissioners.
Poullet, Y. (2006). The Directive 95/46/EC: ten years after. Computer Law and Security Report, 22(3), 206–217.
Schaub, F., Konings, B., Weber, M., & Kargl, F. (2012). Towards context adaptive privacy decisions in ubiquitous computing. In Pervasive Computing and Communications Workshops (PERCOM Workshops), IEEE International Conference on, (pp. 407–410). IEEE.
Trabelsi, S., Njeh, A., Bussard, L., & Neven, G. (2010). The ppl engine: A symmetric architecture for privacy policy handling. In W3C Workshop on Privacy and data usage control, 4(5).
Westerinen, A., Schnizlein, J., Strassner, J., Scherling, M., Quinn, B., Herzog, S., et al. (2001). RFC-3198: Terminology for policy-based management. Internet Engineering Task Force.
Wohlgemuth, S., Echizen, I., Müller, G., & Sonehara, N. (2011). On privacy-compliant disclosure of personal data to third parties using digital watermarking. International Journal of Information Hiding and Multimedia Signal Processing, 2(3), 270–281.
World Wide Web Consortium. (2004). OWL web ontology language overview, W3C Recommendation.
Author information
Authors and Affiliations
Corresponding author
Additional information
Responsible Editor: Sven Wohlgemuth
Rights and permissions
About this article
Cite this article
Gogoulos, F.I., Antonakopoulou, A., Lioudakis, G.V. et al. On the design of a privacy aware authorization engine for collaborative environments. Electron Markets 24, 101–112 (2014). https://doi.org/10.1007/s12525-014-0155-9
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12525-014-0155-9