Abstract
We propose a new privacy model for XML data called Privacy for All (P4A) to capture collectors privacy practice and data providers privacy preferences. Through P4A data collectors specify the purpose of data collection along with recipients, retention time and users. Data providers can agree to the collectors’ practice or impose their own privacy preferences. P4A offers more flexibility to both data collectors and providers in specifying privacy statements and preferences, including but not limited to full permission, denial, and conditional access to information.
A privacy practice defines purposes, recipients, retention period, and uses of data collection. Data providers share their private information with data collectors under restrictions specified by privacy preferences. P4A offers individualsmultiple options for restrictions such as conditional access, return results as range intervals for each data item and purpose.
Chapter PDF
Similar content being viewed by others
References
The Canadian Oxford Dictionary. The foremost authority on current Canadian English. Oxford University Press, Reading (1998)
Aggarwal, G., Bawa, M., Ganesan, P., Garcia-Molina, H., Kenthapadi, K., Mishra, N., Motwani, R., Srivastava, U., Thomas, D., Widom, J., Xu, Y.: Vision paper: Enabling privacy for paranoids. In: Proceedings of the 30th VLDB Conference, Toronto, Canada, pp. 708–719 (2004)
Agrawal, R.: Privacy in data systems. In: PODS 2003, p. 37 (2003)
Agrawal, R., Kierman, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceedings of the 28th VLDB Conference 2002, Hong Kong, China, pp. 143–154 (2002)
World Wide Web Consortium. The Platform for Privacy Preferences 1.0 (P3P1.0) specification (April 16, 2002) (Last checked on July 14, 2005), http://www.w3.org/TR/P3P/
Coyle, K.: P3P: Pretty Poor Privacy? A social analysis of the Platform for Privacy Preferences (P3P) (June 1999) (Last checked on July 14, 2005), http://www.kcoyle.net/p3p.html
Elmasri, R., Navathe, S.B.: Fundamentals of database systems (2007)
Center for Democracy and Technology. P3P and privacy: An update for the privacy community (March 28, 2000) (Last checked July 14, 2005), http://www.cdt.org/privacy/pet/p3pprivacy.shtml
Karjoth, G., Schunter, M., Waidner, M.: The platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, Springer, Heidelberg (2003)
Kaufman, J.H., Edlund, S., Ford, D.A., Powers, C.: The social contract core. In: Proceedings of the 11th ACM International Conference on World Wide Web, Hawaii, May 2002, pp. 210–220 (2002)
LeFevre, K., Agrawal, R., Ercegovac, V., Ramakrishnan, R., Xu, Y., DeWitt, D.: Limiting disclosure in hippocratic databases. In: Proceedings of the 30th VLDB Conference 2004, Toronto, Canada, pp. 108–119 (2004)
Lorch, M., Proctor, S., Lepro, R., Kafura, D., Shah, S.: First experiences using XACML for access control in distributed systems. In: XMLSEC 2003: Proceedings of the 2003 ACM workshop on XML security, pp. 25–37. ACM Press, New York (2003)
Lunt, T.F., Denning, D.E., Schell, R.R., Heckman, M., Shockley, W.R.: The SeaView security model. IEEE Transactions on Software Engineering 16, 593–607 (1990)
Massacci, F., Mylopoulos, J., Zannone, N.: Hierarchical hippocratic databases with minimal disclosure for virtual organizations. VLDB Journal 15(4), 370–387 (2006)
Rjaibi, W., Bird, P.: A multi-pupose implementation of mandatory access control in relational database management systems. In: Proceedings of the Thirtieth International Conference on Very Large Data Bases, Toronto, Canada (2004)
Walters, G.J.: Privacy and security: An ethical analysis. ACM SIGCAS Computers and Society 31(2), 8–23 (2001)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 IFIP International Federation for Information Processing
About this paper
Cite this paper
Duta, A.C., Barker, K. (2008). P4A: A New Privacy Model for XML. In: Atluri, V. (eds) Data and Applications Security XXII. DBSec 2008. Lecture Notes in Computer Science, vol 5094. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-70567-3_6
Download citation
DOI: https://doi.org/10.1007/978-3-540-70567-3_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-70566-6
Online ISBN: 978-3-540-70567-3
eBook Packages: Computer ScienceComputer Science (R0)