Abstract
Privacy has become a crucial issue in the online services realm. P3P policy, which is a privacy policy, enables websites to express their privacy practices so that users can be well-informed about the data collection and its usage. Besides, this privacy policy can be checked against its users’ privacy preferences to help decide whether or not the service should be used. However, the interpretation of a P3P policy is unwieldy due to the lack of a precise semantics of its descriptions and constraints. For instance, it is admissible to have purpose and recipient values that have inconsistent meaning. There is a need for an explicit formal semantics for P3P policy to mitigate this problem. In this paper, we propose to use an OWL ontology to systematically and precisely describe the structures and constraints inherent in the P3P specification. Additional constraints are also defined and incorporated into the ontology in such a way that P3P policy verification can be automated with the help of an OWL reasoner.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data. Official Journal of the European Communities (November 1995)
Baader, F., Calvanese, D., McGuinness, D., Nardi, D., Patel-Schneider, P. (eds.): The Description Logic Handbook: Theory, Implementation and Applications, 2nd edn. Cambridge University Press (2007)
Bechhofer, S., van Harmelen, F., Hendler, J., Horrocks, I., McGuinness, D.L., Patel-Schneider, P.F., Stein, L.A.: OWL Web Ontology Language reference. W3C Recommendation, February 10 (2004)
Cranor, L.: P3P 1.1 user agent guidelines. P3P User Agent Task Force Report 23 (May 2003)
Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Hamphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J., Schunter, M., Stampley, D.A., Wenning, R.: The Platform for Privacy Preference 1.1 (P3P1.1) Specification. W3C Working Group Note 13 (November 2006)
Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preference 1.0 (P3P1.0) Specification. W3C Recommendation (April 2002)
Damiani, E., De Capitani di Vimercati, S., Fugazza, C., Samarati, P.: Semantics-aware privacy and access control: Motivation and preliminary results. In: 1st Italian Semantic Web Workshop, Ancona, Italy (December 2004)
Hogben, G.: P3P using the semantic web (web ontology, rdf policy and rdql rules). In: W3C Working Group Note 3 (September 2004)
Hogben, G.: Describing the P3P base data schema using OWL. In: WWW 2005, Workshop on Policy Management for the Web (2005)
Karjoth, G., Schunter, M., Herreweghen, E.V., Waidner, M.: Amending P3P for clearer privacy promises. In: 14th International Workshop on Database and Expert Systems Applications, IEEE Computer Society (September 2003)
Khurat, A., Gollmann, D., Abendroth, J.: A Formal P3P Semantics for Composite Services. In: Jonker, W., Petković, M. (eds.) SDM 2010. LNCS, vol. 6358, pp. 113–131. Springer, Heidelberg (2010)
Li, N., Yu, T., AntĂłn, A.: A semantics-based approach to privacy languages. Technical Report TR2003-28, CERIAS (November 2003)
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. Organisation for Economic Co-operation and Development (OECD) (September 1980)
Spackman, K.A., Dionne, R., Mays, E., Weis, J.: Role grouping as an extension to the Description Logic of Ontylog, motivated by concept modeling in Snomed. In: Proceedings of the 2002 AMIA Annual Symposium, Hanley&Belfus (2002)
Yu, T., Li, N., AntĂłn, A.: A formal semantics for P3P. In: ACM Workshop on Secure Web Services (October 2004)
Li, Y.H., Benbernou, S.: Representing and Reasoning About Privacy Abstractions. In: Ngu, A.H.H., Kitsuregawa, M., Neuhold, E.J., Chung, J.-Y., Sheng, Q.Z. (eds.) WISE 2005. LNCS, vol. 3806, pp. 390–403. Springer, Heidelberg (2005)
Uszok, A., Bradshaw, J., Jeffers, R., Suri, N., Hayes, P., Breedy, M., Bunch, L., Johnson, M., Kulkarni, S., Lott, J.: KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement. In: IEEE Policy Workshop (June 2003)
Kagal, L.: Rei Ontology Specifications version 2.0, http://www.cs.umbc.edu/~lkagal1/rei/
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proceedings of the 28th International Conference on Very Large Data Bases, VLDB 2002 (2002)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Suntisrivaraporn, B., Khurat, A. (2011). Formalizing and Reasoning with P3P Policies Using a Semantic Web Ontology. In: Sombattheera, C., Agarwal, A., Udgata, S.K., Lavangnananda, K. (eds) Multi-disciplinary Trends in Artificial Intelligence. MIWAI 2011. Lecture Notes in Computer Science(), vol 7080. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-25725-4_8
Download citation
DOI: https://doi.org/10.1007/978-3-642-25725-4_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-25724-7
Online ISBN: 978-3-642-25725-4
eBook Packages: Computer ScienceComputer Science (R0)