Abstract
As online services are moving from the single service to the composite service paradigm, privacy is becoming an important issue due to the amount of user data being collected and stored. The Platform for Privacy Preferences (P3P) was defined to provide privacy protection by enabling services to express their privacy practices, which in turn helps users decide whether to use the services or not. However, P3P was designed for the single service model, bringing some challenges when employing it with composite services. Moreover the P3P language may lead to misinterpretation by P3P user agents due to its flexibility and may have internal semantic inconsistencies due to a lack of clear semantics. Therefore, we enhance P3P to be able to support composite services, propose a formal semantic for P3P to preserve semantic consistency, and also define combining methods to obtain the privacy policies of composite services.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Cranor, L., et al.: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification, W3C Working Group Note (November 2006)
Yu, T., Li, N., Antón, A.: A Formal Semantics for P3P. In: ACM Workshop on Secure Web Services (October 2004)
Cranor, L.: P3P 1.1 User Agent Guidelines, P3P User Agent Task Force Report 23 (May 2003)
Schunter, M., Herreweghen, E.V., Waidner, M.: Expressive Privacy Promises-How to Improve the Platform for Privacy Preferences (P3P). In: Position paper for W3C Workshop on the Future of P3P (September 2002)
Cranor, L., Langheinrich, M., Marchiori, M.: A P3P Preference Exchange Language 1.0 (APPEL 1.0), W3C Working Draft (April 2002)
Alves, A., et al.: Web Services Business Process Execution Language Version 2.0, OASIS Standard (April 2007)
Satoh, F., Tokuda, T.: Security Policy Composition for Composite Services. In: ICWE 2008: Proceedings of the 8th International Conference on Web Engineering, IEEE Computer Society, Los Alamitos (2008)
Li, Y.H., Paik, H.Y., Benatallah, B., Benbernou, S.: Formal Consistency Verification between BPEL Process and Privacy Policy. In: PST 2006: Proceedings of International Conference on Privacy, Security and Trust. ACM, New York (2006)
Karjoth, G., Schunter, M., Herreweghen, E.V., Waidner, M.: Amending P3P for Clearer Privacy Promises. In: Proceedings of the 14th International Workshop on Database and Expert Systems Applications. IEEE Computer Society, Los Alamitos (September 2003)
Antón, A.I., Bertino, E., Li, N., Yu, T.: A Roadmap for Comprehensive Online Privacy Policy Management. Communications of the ACM 50(7), 109–116 (2007)
Cranor, L.F., Egelman, S., Sheng, S., McDonald, A.M., Chowdhury, A.: P3P Deployment on Websites. Electronic Commerce Research and Applications Autumn. 7(3), 274–293 (Autumn 2008)
Liu, X., Hui, Y., Sun, W., Liang, H.: Towards Service Composition Based on Mashup. In: IEEE Congress on Services, pp. 332–339 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Khurat, A., Gollmann, D., Abendroth, J. (2010). A Formal P3P Semantics for Composite Services. In: Jonker, W., Petković, M. (eds) Secure Data Management. SDM 2010. Lecture Notes in Computer Science, vol 6358. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15546-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-642-15546-8_9
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-15545-1
Online ISBN: 978-3-642-15546-8
eBook Packages: Computer ScienceComputer Science (R0)