Machine-Readable Privacy Certificates for Services

  • Marco Anisetti
  • Claudio A. Ardagna
  • Michele Bezzi
  • Ernesto Damiani
  • Antonino Sabetta
Conference paper

DOI: 10.1007/978-3-642-41030-7_31

Part of the Lecture Notes in Computer Science book series (LNCS, volume 8185)
Cite this paper as:
Anisetti M., Ardagna C.A., Bezzi M., Damiani E., Sabetta A. (2013) Machine-Readable Privacy Certificates for Services. In: Meersman R. et al. (eds) On the Move to Meaningful Internet Systems: OTM 2013 Conferences. OTM 2013. Lecture Notes in Computer Science, vol 8185. Springer, Berlin, Heidelberg

Abstract

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements).

Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.

Keywords

privacy certification testing 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Marco Anisetti
    • 1
  • Claudio A. Ardagna
    • 1
  • Michele Bezzi
    • 2
  • Ernesto Damiani
    • 1
  • Antonino Sabetta
    • 2
  1. 1.Dipartimento di InformaticaUniversità degli Studi di MilanoItaly
  2. 2.SAP Product Security ResearchSophia-AntipolisFrance

Personalised recommendations