Abstract
The rapid growth of web applications has prompted increasing interest in the area of composite web services that involve several service providers. This increased use of composite services has meant that more and more personal information of consumers is being shared with web service providers, leading to the need to guarantee the privacy of consumers. This paper proposes a trust-based privacy authorization model for service composition, it uses privacy authorization policies to specify the privacy privileges of services. Then it utilizes the trust relationships among services to make privacy authorization decisions. Comparing to the traditional privacy access control approaches, this model can make the fine-grained authorization decision, thus efficiently protecting consumers’ privacy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic databases. In: Proceeding of the 28th International Conference on Very Large Data Based, Hong Kong, China, pp. 143–154 (2002)
Byun, J.W., Bertino, E., Li, N.: Purpose based access control of complex data for privacy protection. In: Proceedings of 10th ACM Symposium on Access Control Models and Technologies, pp. 102–110. ACM Press (2006)
Guarda, P., Zannone, N.: Towards the development of privacy-aware systems. Information and Software Technology 51(2), 337–350 (2009)
Karjoth, G., Schunter, M., Herreweghen, E.V.: Translating privacy practices into privacy promises -how to promise what you can keep. In: Proceeding of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, pp. 135–146 (2003)
Liu, L., Huang, Z., Zhu, H.: Role-based consistency verification for privacy-aware Web services. In: Proceeding of the 7th Int. Symposium on Collaborative Technologies and Systems, Irvine, CA, USA, pp. 399–407 (2009)
Rezgui, A., Bouguettaya, A., Eltoweissy, M.: Privacy on the Web: facts, challenges, and solutions. IEEE Security & Privacy 1(6), 40–49 (2003)
W3C. The Platform for Privacy Preferences 1.0 Specification, P3P (2002), http://www.w3.org/P3P
OASIS Standard. Extensible access control markup language version 2.0 (XACML), OASIS Standard (2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
Xu, W., Venkatakrishnan, V.N., Sekar, R., Ramakrishnan, I.V.: A Framework for building privacy-conscious composite Web services. In: Proceeding of the International Conference on Web Services, pp. 655–662 (2006)
Yee, G., Korba, L.: Privacy policy compliance for Web services. In: Proceedings of 2004 IEEE International Conference on Web Services, pp. 158–165 (2004)
Zhang, J., Chang, C.K., Zhang, L.J., Hung, P.C.K.: Toward a service-oriented development through a case study. IEEE Transaction on Systems, Man, Cybernetics, Part A 37(6), 955–969 (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag GmbH Berlin Heidelberg
About this paper
Cite this paper
Zheng, J., Huang, Z., Hu, J., Wei, O., Liu, L. (2012). Trust-Based Privacy Authorization Model for Web Service Composition. In: Wu, Y. (eds) Software Engineering and Knowledge Engineering: Theory and Practice. Advances in Intelligent and Soft Computing, vol 115. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25349-2_41
Download citation
DOI: https://doi.org/10.1007/978-3-642-25349-2_41
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25348-5
Online ISBN: 978-3-642-25349-2
eBook Packages: EngineeringEngineering (R0)