Abstract
Web users are increasingly becoming conscious about the personally identifiable information (PII) being collected and used by Web service providers. Users of these services are usually asked by the service providers to reveal their PII in order to access the services provided by them. While collecting this PII, the service providers must ensure their customers that the PII provided by them must be handled according to the privacy policies and laws. Currently, the enforcement of privacy policies and laws is done manually. This process is error prone and can leak information to the third parties which the information provider has never imagined. The automation of privacy policy enforcement is a must for Web service providers to deal with the privacy handling issue. This paper is an effort towards how to automate the privacy policy enforcement along with traditional authorization policies followed in legacy access control systems. As trust plays an important role in human life and we constantly update and upgrade our trust relationships with other people based on our outlooks in response to the changing situations, the dynamic nature of heterogeneous Web services collaboration is handled through a trust-based access control mechanism.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Barker, K., Askari, M., Banerjee, M., Ghazinour, K., Mackas, B., Majedi, M., Pun, S., Williams, A.: BNCOD, pp. 42–54 (2009)
Lampson, B.W.: Dynamic protection structures. In: Proceedings of American Federation of Information Processing Societies conference, Las Vegas, pp. 27–38. Nevada, USA (1969)
D.T.C.S.E.C. (TCSEC), DoD 5200.28-STD Foundations, MITRE Technical Report 2547 (1973)
Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations. The MITRE Corp, vol. 1–111, Bedford, Mass (1973)
Louwerse, K.: The electronic patient record; the management of access—case study: Leiden University Hospital. Int. J. Med. Inf. 49(1), 39–44 (1998)
World Wide Web consortium (W3C), platform for privacy preferences (P3P). Available at: www.w3.org/P3P
APPEL, A P3P preference exchange language 1.0 (APPEL1.0) (Working Draft), World Wide Web consortium (W3C), April 2002. Available at: http://www.w3.org/TR/P3P-preferences/
IBM, the enterprise privacy authorization language (EPAL),EPAL 1.1 specification, 2004. Available at: http://www.zurich.ibm.com/security/enterprise-privacy/epal/
Casassa Mont, M., Thyne, R., Chan, K., Bramhall, P.: Available at: http://www.hpl.hp.com/techreports/2005/HPL-005-110.pdf (2005)
Byun, J. W., Bertino, E., Li, N.: Purpose based access control of complex data forprivacy In: Proceedings of SACMAT’05, pp. 102–110. ACM Press, New York (2005)
Byun, J.W., Bertino, E., Li, N.: Purpose based access control for privacy protection in relational database systems. Technical Report 2004-52, Purdue University (2004)
Byun, J.W., Bertino, E.: Micro-views, or on how to protect privacy while enhancing data usability: concepts and challenges. SIGMOD Rec. 35(1), 9–13 (2006)
Li, M., Wang, H., Ross, D.: Trust-based access control for privacy protection in collaborative environment. In: The 2009 IEEE International Conference on e-Business Engineering, pp. 425—430. Macau, China (2009)
Li, M., Wang, H.: Protecting information sharing in distributed collaborative environment. In: 10th Asia-Pacific Web Conference Workshop, pp. 192–200. Shenyang, China (2008)
Bhatia, R., Singh, M.: Trust based privacy preserving access control in web services paradigm. In: the Second IEEE International Conference on Advanced Computing, Networking and Security, ADCONS, pp. 243—246 (2013)
Wang, Y., Vassileva, J.: Trust and reputation model in collaborative networks. In: Proceedings of 3rd IEEE International Conference Collaborative Computing, pp. 150–157 (2003)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2015 Springer India
About this paper
Cite this paper
Bhatia, R., Singh, M. (2015). A Novel Trust-Based Privacy Preserving Access Control Framework in Web Services Paradigm. In: Jain, L., Patnaik, S., Ichalkaranje, N. (eds) Intelligent Computing, Communication and Devices. Advances in Intelligent Systems and Computing, vol 308. Springer, New Delhi. https://doi.org/10.1007/978-81-322-2012-1_46
Download citation
DOI: https://doi.org/10.1007/978-81-322-2012-1_46
Published:
Publisher Name: Springer, New Delhi
Print ISBN: 978-81-322-2011-4
Online ISBN: 978-81-322-2012-1
eBook Packages: EngineeringEngineering (R0)