An Implementation Model for Privacy Aware Access Control in Web Services Environment

Bhatia, Rekha; Singh, Manpreet

doi:10.1007/978-981-10-0129-1_50

Rekha Bhatia⁶ &
Manpreet Singh⁷

Part of the book series: Advances in Intelligent Systems and Computing ((AISC,volume 408))

1454 Accesses
2 Citations

Abstract

The last decade has witnessed an incremental growth in the number of web service providers as well as web service users who carry out financial transactions online. While this enhanced usage of web to provide financial services has boosted e-business productivity, it has raised significant concerns regarding client’s sensitive personal information privacy. In this paper, we have proposed a framework that addresses client’s privacy concerns in the context of web services environment. Our approach involves service producers storing their privacy policies in the form of an ontology class and service users storing their privacy preferences in the form of a rule specified in semantic web rule language. Our framework provides automated reasoning techniques for matching the service provider’s privacy policies for compliance with the client’s privacy preferences. In the event of a policy match, our framework supports automatic generation of the list of service providers who agree to provide service. We demonstrate our approach with the implementation of an example web services scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 169.00; Price excludes VAT (USA)

Softcover Book: USD 219.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

Ardagna, C. A., Cremonini, M., De Capitani Di Vimercati, S., & Samarati, P. (2008). A privacy-aware access control system. Journal of Computer Security, 16, 369–397.
Google Scholar
Casassa Mont, M., Thyne, R., Chan, K., & Bramhall, P. (2005). http://www.hpl.hp.com/techreports/2005/HPL-005-110.pdf.
Oberholzer, H., & Olivier, M. S. (2005). Privacy contracts as an extension of privacy policies. In International Conference on Data Engineering Workshops (ICDEW’05), 0:1192, 2005.
Google Scholar
Byun, J. W., Bertino, E., & Li, N. (2004). Purpose based access control for privacy protection in relational database systems. Technical Report 2004-52, Purdue University, 2004.
Google Scholar
The World Wide Web Consortium (W3C): OWL Web Ontology Language Overview, February 2004, W3C Recommendation.
Google Scholar
Tonti, G., Bradshaw, J., Jeffers, R., Montanari, R., Suri, N., & Uszok, A. (2003). Semantic web languages for policy representation and reasoning: A comparison of kaos, rei, and ponder. In The SemanticWeb—ISWC 2003, LNCS (Vol. 2870, pp. 419–437). Springer Berlin/Heidelberg.
Google Scholar
Mitra, P., Pan, C. C., Liu, P., & Atluri, V. (2006). Privacy-preserving semantic interoperation and access control of heterogeneous databases. In ASIACCS ‘06: Proceedings of the 2006 ACM Symposium on Information, Computer and Communications Security (pp. 66–77). ACM.
Google Scholar
Pan, C. C., Mitra, P., & Liu, P. (2006). Semantic access control for information interoperation. In SACMAT ‘06: Proceedings of the 11th ACM Symposium on Access Control Models and Technologies (pp. 237–246). ACM, New York, NY, USA.
Google Scholar
Sun, Y., Pan, P., Leung, H. F., & Shi, B. (2007). Ontology based hybrid access control for automatic interoperation. In B. Xiao, L. Yang, J. Ma, C. Muller-Schloer, & Y. Hua, Autonomic and Trusted Computing, LNCS (Vol. 4610, pp. 323–332). Springer Berlin/Heidelberg.
Google Scholar
Garcia, D., Toledo, M. B. F., Capretz, M., & Allison, D. (2009). Towards a base ontology for privacy protection in service-oriented architecture. In 2009 IEEE International Conference on Service-Oriented Computing and Applications (SOCA) (pp. 1–8).
Google Scholar
Ge, Qiang, et al. (2014). The application of SWRL based ontology inference for privacy protection. Journal of Software, 9(5), 1217–1222.
Article Google Scholar
Kayes, A. S. M., Han, J., & Colman, A. (2014, January). PO-SAAC: A purpose-oriented situation-aware access control framework for software services. In Advanced Information Systems Engineering (pp. 58–74). Springer International Publishing.
Google Scholar

Download references

Author information

Authors and Affiliations

Punjabi University Regional Centre, Mohali, India
Rekha Bhatia
Punjabi University, Patiala, India
Manpreet Singh

Authors

Rekha Bhatia
View author publications
You can also search for this author in PubMed Google Scholar
Manpreet Singh
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Rekha Bhatia .

Editor information

Editors and Affiliations

Dept of Comp Sci Engg, Anil Neerukonda Ins Tech & Sci, Visakhapatnam, Andhra Pradesh, India
Suresh Chandra Satapathy
Sabarkantha, Sabar Institute of Technology, Sabarkantha, Gujarat, India
Amit Joshi
Studies and Management, Narsinhbhai Institute of Computer, Kadi, Gujarat, India
Nilesh Modi
Computer Studies and Management, Narsinhbhai Institute of, Kadi, Gujarat, India
Nisarg Pathak

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Bhatia, R., Singh, M. (2016). An Implementation Model for Privacy Aware Access Control in Web Services Environment. In: Satapathy, S., Joshi, A., Modi, N., Pathak, N. (eds) Proceedings of International Conference on ICT for Sustainable Development. Advances in Intelligent Systems and Computing, vol 408. Springer, Singapore. https://doi.org/10.1007/978-981-10-0129-1_50

Download citation

DOI: https://doi.org/10.1007/978-981-10-0129-1_50
Published: 11 February 2016
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-0127-7
Online ISBN: 978-981-10-0129-1
eBook Packages: EngineeringEngineering (R0)

Publish with us

Policies and ethics