Service-Oriented Digital Identity-Related Privacy Interoperability: Implementation Framework of Privacy-as-a-Set-of-Services (PaaSS)

  • Ghazi Ben Ayed
  • Solange Ghernaouti-Hélie
Part of the Lecture Notes in Business Information Processing book series (LNBIP, volume 122)


Protecting digital identity is crucial aspect in order to successfully enable collaboration between heterogeneous and distributed information systems. In this context, privacy could play a key role for digital identity protection and security. Thus, an identity layer in which interoperable privacy is delivered in the shape of a set of services, rather than monolithic applications, would be inevitably responding to the need of collaboration. In this article, we suggest a novel layered service-oriented implementation framework that information systems security projects’ members could borrow to successfully turn digital identity-related privacy requirements into a set of services. Several blocks are distributed amongst five layers and three mapping gateways determine the roadmap of the implementation effort governance. Seven loosely coupled, publicly hosted and available to on-demand calls services are specified to accommodate service-oriented architectures. OMG SoaML diagrams, BPMN process descriptions and SOA-artifacts specifications are provided and explained.


Digital identity privacy interoperability implementation framework SOA 


  1. 1.
    Duan, Y., Canny, J.: Protecting User Data in Ubiquitous Computing: Towards Trustworthy Environments. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 167–185. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  2. 2.
    Philippsohn, S.: ID and the Law. In: Birch, D.G.W. (ed.) Digital Identity Management: Perspectives on the Technological, Business and Social Implications, pp. 193–203. Gower Publishing Limited (2007)Google Scholar
  3. 3.
    Cochrane, P.: Forward of the Book. In: Birch, D.G.W. (ed.) Digital Identity Management: Perspectives on the Technological, Business and Social Implications. Gower Publishing Limited (2007)Google Scholar
  4. 4.
    Cameron, K.: The Laws of Identity. ed: Microsoft Corporation (2005)Google Scholar
  5. 5.
    Hansen, M., et al.: Privacy and Identity Management. IEEE Security & Privacy (2008)Google Scholar
  6. 6.
    Bell, G., Gemmel, J.: A Digital Life. Scientific American Magazine, 58–65 (2007)Google Scholar
  7. 7.
    International Telecommunication Union, Digital Life. ITU Internet Report (2006)Google Scholar
  8. 8.
    Windley, P.J.: Digital Identity: Unmasking identity management architecture (IMA). O’Reilly Media (2005)Google Scholar
  9. 9.
    Cukier, K.: A special report on managing information. The Economist February 23- March 5 (2010)Google Scholar
  10. 10.
    Organizing Committee of Digital Identity & Privacy (Human Capital & Social Innovation Technology Summit), Call for Controbution to Managing Digital Identities for Education, Employment and Business Development (2007) Google Scholar
  11. 11.
    Bellotti, V.: What You Don’t Know Can Hurt You: Privacy in Collaborative Computing. In: British Computer Society Conference on Human-Computer Interaction, pp. 241–261 (1996)Google Scholar
  12. 12.
    Afshar, M., et al.: SOA Governance: Framework and Best Practices (2007)Google Scholar
  13. 13.
    Kelley, D.: Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle (2009)Google Scholar
  14. 14.
    Ben Ayed, G., Ghernaouti-Hélie, S.: Architecting Interoperable Privacy within User-Centric Federated Digital Identity Systems: Overview of a Service-Oriented Implementation Framework. In: Benlamri, R. (ed.) NDT 2012, Part II. CCIS, vol. 294, pp. 165–177. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  15. 15.
    Ben Ayed, G., Ghernaouti-Hélie, S.: Privacy Requirements Specification for Digital Identity Management Systems Implementation: Towards a digital society of privacy. In: 6th International Conference for Internet Technology and Secured Transactions, ICITST 2011, Abu Dhabi, UAE (2011)Google Scholar
  16. 16.
    Ben Ayed, G.: Consolidating Fragmented Identity: Attributes Aggregation to Secure Information Systems. IADIS International Journal on Computer Science and Information Systems 4, 1–12 (2009)Google Scholar
  17. 17.
    ITU Focus Group on Identity Management (FG IdM), Report on Identity Management Use Cases and Gap Analysis (2007) Google Scholar
  18. 18.
    Jøsang, A., Pope, S.: User-Centric Identity Management. In: Proceedings of the AusCERT Asia Pacific Information Technology Security Conference, pp. 1–6 (2005)Google Scholar
  19. 19.
    OMG. Service oriented architecture Modeling Language (SoaML) - Specification for the UML Profile and Metamodel for Services (UPMS) (2009)Google Scholar
  20. 20.
    Elvesæter, B., et al.: Specifying Services Using the Service Oriented Architecture Modeling Language (SoaML): A baseline for specification of cloud-based services. In: The 1st International Conference on Cloud Computing and Services Science (CLOSER 2011), Noordwijkerhout, The Netherlands (2011)Google Scholar
  21. 21.
    Allison, D.S., et al.: Privacy and trust policies within SOA. In: International Conference for Internet Technology and Secured Transactions, ICITST 2009 (2009)Google Scholar
  22. 22.
    Allison, D.S., et al.: Metamodel for privacy policies within SOA. In: The 2009 ICSE Workshop on Software Engineering for Secure Systems, IWSESS 2009 (2009)Google Scholar
  23. 23.
    Garcia, D., et al.: An Electronic Contract Model for Privacy Protection in Service-Oriented Architecture. In: Fifth International Conference on Digital Information Management (ICDIM 2010), Thunder Bay, Canada (2010)Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2012

Authors and Affiliations

  • Ghazi Ben Ayed
    • 1
  • Solange Ghernaouti-Hélie
    • 1
  1. 1.Information Systems Institute, Faculty of Business and EconomicsUniversity of LausanneLausanneSwitzerland

Personalised recommendations