Privacy-Respecting Access Control in Collaborative Workspaces

  • Stefanie Pötzsch
  • Katrin Borcea-Pfitzmann
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 320)


In these days’ information society, people share their life with others not only in their direct, personal environment, but also on the Internet by using social software such as collaborative workspaces. In this context, an important issue is maintaining control over personal data, i.e., who is able to access which information. In this paper, we argue why traditional access control mechanisms are inappropriate for collaborative workspaces in general and present a concept for privacy-respecting access control in a web forum as an instance of collaborative workspaces.


Access Control Collaborative Workspaces Personal Data Privacy Web Forum 


  1. [ACK+09]
    Ardagna, C.A., Camenisch, J., Kohlweiss, M., Leenes, R., Neven, G., Priem, B., Samarati, P., Sommer, D., Verdicchio, M.: Exploiting Cryptography for Privacy-Enhanced Access Control: A result of the PRIME Project. Journal of Computer Security, JCS (2009) (to appear)Google Scholar
  2. [Ada99]
    Adams, A.: The implications of users’ privacy perception on communication and information privacy policies. In: Proceedings of Telecommunications Policy Research Conference, Washington, DC (1999)Google Scholar
  3. [Cha85]
    Chaum, D.: Security without identification: Transaction systems to make big brother obsolete. Communications of the ACM 28, 1030–1044 (1985)CrossRefGoogle Scholar
  4. [Cut95]
    Cutler, R.H.: Distributed presence and community in cyberspace. Interpersonal Computer and Technology 3(2), 12–32 (1995)Google Scholar
  5. [CvH02]
    Camenisch, J., van Herreweghen, E.: Design and implementation of the idemix anonymous credential system. In: Proceedings of the 9th ACM conference on Computer and communications security, pp. 21–30 (2002)Google Scholar
  6. [FWBBP06]
    Franz, E., Wahrig, H., Böttcher, A., Borcea-Pfitzmann, K.: Access Control in A Privacy-Aware eLearning Environment. In: First International Conference on Availability, Reliability and Security, pp. 879–886 (2006)Google Scholar
  7. [HBPP05]
    Hansen, M., Borcea-Pfitzmann, K., Pfitzmann, A.: PRIME - Ein europäisches Projekt für nutzerbestimmtes Identitätsmanagement. It - Information Technology, Oldenbourg 6(47), 352–359 (2005)CrossRefGoogle Scholar
  8. [KWM+08]
    Kao, D.-Y., Wang, S.-J., Mathur, K., Jain, S., Huang, F.F.-Y.: Privacy Concealments: Detective Strategies Unveiling Cyberstalking on Internet. In: APSCC 2008: Proceedings of the 2008 IEEE Asia-Pacific Services Computing Conference, Washington, DC, USA, pp. 1364–1368. IEEE Computer Society, Los Alamitos (2008)CrossRefGoogle Scholar
  9. [Lam71]
    Lampson, B.: Protection. In: 5th Princeton Symposium on Information Science and Systems, pp. 437–443 (1971)Google Scholar
  10. [Pöt09a]
    Pötzsch, S.: Privacy Awareness: A Means to Solve the Privacy Paradox? In: IFIP Advances in Information and Communication Technology, vol. 298, pp. 226–236. Springer, Boston (2009)Google Scholar
  11. [Pöt09b]
    Pötzsch, S.: Untersuchung des Einflusses von wahrgenommener Privatsphäre und Anonymität auf die Kommunikation in einer Online-Community. In: Fischer, S., Maehle, E., Reischuk, R. (eds.) Informatik 2009, Im Fokus das Leben, Lübeck, Bonn, September 28-October 2. LNI, vol. 154, pp. 2152–2165. Gesellschaft fr Informatik (2009)Google Scholar
  12. [PP09]
    Pekárek, M., Pötzsch, S.: A comparison of privacy issues in collaborative workspaces and social networks. In: Identity in the Information Society, Special Issue on Social Web and Identity (2009)Google Scholar
  13. [RI07]
    Razavi, M.N., Iverson, L.: Towards usable privacy for social software. Technical Report LERSSE-TR-2007-03, University of British Columbia (2007)Google Scholar
  14. [RI08]
    Razavi, M.N., Iverson, L.: Supporting selective information sharing with people-tagging. In: Proceedings of the ACM CHI 2008 Extended Abstracts on Human Factors in Computing Systems, Florence, Italy (April 2008)Google Scholar
  15. [SCFY96]
    Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer 29(2), 38–47 (1996)Google Scholar
  16. [TAPH05]
    Tolone, W., Ahn, G.-J., Pai, T., Hong, S.-P.: Access control in collaborative systems. ACM Comput. Surv. 37(1), 29–41 (2005)CrossRefGoogle Scholar
  17. [Tho97]
    Thomas, R.K.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: RBAC 1997: Proceedings of the second ACM workshop on Role-based access control, pp. 13–19. ACM, New York (1997)CrossRefGoogle Scholar
  18. [Wor09]
    Online harassment and cyberstalking cumulative statistics for the years 2000-2008 (2009),

Copyright information

© IFIP 2010

Authors and Affiliations

  • Stefanie Pötzsch
    • 1
  • Katrin Borcea-Pfitzmann
    • 1
  1. 1.Faculty of Computer ScienceTechnische Universität DresdenDresdenGermany

Personalised recommendations