Abstract
The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRM is one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data.
The specification of a license by a data owner binds the enterprise data handling to the consumer’s privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Barth, A., Mitchell, J.C.: Enterprise privacy promises and enforcement. In: WITS 2005: Proceedings of the 2005 Workshop on Issues in the Theory of Security, Long Beach, California, pp. 58–66. ACM Press, New York (2005)
Bormans, J., Hill, K.: International standards organization. Information technology - multimedia framework (MPEG-21) - part 5: Rights expression language. ISO/IEC 21000-5:2004
Bucker, A., Haase, B., Moore, D., Keller, M., Koblinger, O., Wu, H.-F.: IBM tivoli privacy manager solution design and best practices. In: Redbooks (2002)
Catlett, J.: Open letter to P3P developers and replies. In: ACM Conference on Computers, Freedom and Privacy, pp. 157–164. ACM Press, New York (2000)
Coyle, K.: P3P: Pretty poor privacy? a social analysis of the platform for privacy preferences (P3P)
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M.: The platform for privacy preferences 1.0 (P3PÂ 1.0) specification (2002)
Cranor, L.F., Arjula, M., Guduru, P.: Use of a P3P user agent by early adopters. In: WPES, pp. 1–10 (2002)
Cranor, L.F., Langheinrich, M., Marchiori, M.: A P3P preference exchange language 1.0 (APPELÂ 1.0). In: W3C Working Draft (2002)
Karjoth, G., Schunter, M., Herreweghen, E.V.: Translating privacy practices into privacy promises: How to promise what you can keep. In: POLICY 2003: Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks, p. 135. IEEE Computer Society, Washington, DC (2003)
Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled services for enterprises. In: Hameurlain, A., Cicchetti, R., Traunmüller, R. (eds.) DEXA 2002. LNCS, vol. 2453, pp. 483–487. Springer, Heidelberg (2002)
Kenny, S., Korba, L.: Applying digital rights management systems to privacy rights management. Computers & Security 21(7), 648–664 (2002)
Research Report 3485: IBM Research. Enterprise Privacy Authorization Language (EPAL) (2003)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)
Schaad, A., Moffett, J., Jacob, J.: The role-based access control system of a european bank: a case study and discussion. In: SACMAT 2001: Proceedings of the Sixth ACM Symposium on Access Control Models and Technologies, pp. 3–9. ACM Press, New York (2001)
Sheppard, N.P., Safavi-Naini, R.: Protecting privacy with the MPEG-21 IPMP framework. In: 6th Workshop on Privacy Enhancing Technologies, pp. 152–171 (2006)
Stufflebeam, W.H., Antón, A.I., He, Q., Jain, N.: Specifying privacy policies with P3P and EPAL: lessons learned. In: WPES, p. 35 (2004)
Yu, T., Li, N., Anton, A.I.: A formal semantics for P3P. In: SWS 2004: Proceedings of the 2004 Workshop on Secure Web Service, pp. 1–8. ACM Press, New York (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Salim, F., Sheppard, N.P., Safavi-Naini, R. (2007). Enforcing P3P Policies Using a Digital Rights Management System. In: Borisov, N., Golle, P. (eds) Privacy Enhancing Technologies. PET 2007. Lecture Notes in Computer Science, vol 4776. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-75551-7_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-75551-7_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-75550-0
Online ISBN: 978-3-540-75551-7
eBook Packages: Computer ScienceComputer Science (R0)