Safeguarding Personal Data using Rights Management in Distributed Applications

  • Adolf Hohl
  • Alf Zugenmaier
Part of the IFIP International Federation for Information Processing book series (IFIPAICT, volume 232)


Privacy includes the right to determine the use of personal information after it has been released. Some compliance solutions have been proposed already. However, they are usually monolithic systems operating only within one database system or requiring a customized infrastructure. This paper explores the possibility to use an off-the-shelf document rights management platform to enable enforcement of usage policies. First experiences from a building a demonstration application are encouraging.


Privacy Policy Personal Data Service Application Management Platform Trust Computing Group 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Zugenmaier, A., Ciaessens, J.: Privacy in Eletronic Communications. In: Network Security. IEEE Press (to appear)Google Scholar
  2. 2.
    Stajano, F.: Will your digital butlers betray you? In: WPES’ 04: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, New York, NY, USA, ACM Press (2004) 37–38CrossRefGoogle Scholar
  3. 3.
    Korba, L., Kenny, S.: Towards Meeting the Privacy Challenge: Adapting DRM. (2002) ACM Workshop on Digital Rights Management.Google Scholar
  4. 4.
    Trusted Computing Group: TCG Backgrounder. (2003)Google Scholar
  5. 5.
    Hohl, A., Zugenmaier, A.: Safeguarding personal data using rights management in pervasive computing for distributed applications (to appear)Google Scholar
  6. 6.
    Clarke, R.: P3p re-visited. In: Privacy Law and Policy Reporter. (2001) 81–83Google Scholar
  7. 7.
    Cranor, L.F., Lessig, L.: Web Privacy with P3p. O’Reilly & Associates, Inc., Sebastopol, CA, USA (2002)Google Scholar
  8. 8.
    Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P Privacy Policies and Privacy Authorization. In: Proc. 1st ACM Workshop on Privacy in the Electronic Society (WPES). (2002) 103–109Google Scholar
  9. 9.
    Karjoth, G., Schunter, M., Waidner, M.: The platform for enterprise privacy practices — privacy enabled management of customer data. In: 2nd Workshop on Privacy Enhancing Technologies (PET 2002). LNCS, Springer (2003) 69–84Google Scholar
  10. 10.
    Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled services for enterprises. In: DEXA Workshops. (2002) 483–487Google Scholar
  11. 11.
    Langheinrich, M., Cranor, L., Marchiori, M.: APPEL: A P3P preference exchange language. W3C Working Draft (2002)Google Scholar
  12. 12.
    Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: 28th Int’l Conf. on Very Large Databases (VLDB), Hong Kong. (2002)Google Scholar
  13. 13.
    Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policies and Enforceable Tracing Services. (2003) HPL-2003-49.Google Scholar
  14. 14.
    Mont, M., Thyne, R., Chan, K., Bramhall, P.: Extending HP Identity Management Solutions to Enforce Privacy Policies and Obligations for Regulatory Compliance by Enterprises. Technical Report HPL-2005-110, HP Laboratories Bristol (2005)Google Scholar
  15. 15.
    Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement with HP Select Access for Regulatory Compliance. Technical Report HPL-2005-10, HP Laboratories Bristol (2005)Google Scholar
  16. 16.
    Langheinrich, M.: A Privacy Awareness System for Ubiquitous Computing Environments. (2001)Google Scholar

Copyright information

© International Federation for Information Processing 2007

Authors and Affiliations

  • Adolf Hohl
    • 1
  • Alf Zugenmaier
    • 2
  1. 1.University of FreiburgGermany
  2. 2.DoCoMo Euro-LabsGermany

Personalised recommendations