Abstract
This chapter describes how users’ privacy preferences and services’ privacy policies are matched in order to decide whether personal data can be shared with services. Matching has to take into account data handling, i.e. does services handle collected data in a suitable way according to user expectations, and access control, i.e. do the service that will be granted access to the data comply with user expectations. Whereas access control describes the conditions that have to be fulfilled before data is released, data handling describes how the data has to be treated after it is released. Data handling is specified as obligations that must be fulfilled by the service and authorisations that may be used by the service. An important aspect of authorisation, especially in light of the current trend towards composed web services (so-called mash-ups), is downstream usage, i.e., with whom and under which data handling restrictions data can be shared.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Bussard, L., Neven, G., Preiss, FS. (2011). Matching Privacy Policies and Preferences:Access Control, Obligations, Authorisations, and Downstream Usage. In: Camenisch, J., Fischer-Hübner, S., Rannenberg, K. (eds) Privacy and Identity Management for Life. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20317-6_17
Download citation
DOI: https://doi.org/10.1007/978-3-642-20317-6_17
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20316-9
Online ISBN: 978-3-642-20317-6
eBook Packages: Business and EconomicsBusiness and Management (R0)