A Novel Trust-Based Privacy Preserving Access Control Framework in Web Services Paradigm

Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 308)


Web users are increasingly becoming conscious about the personally identifiable information (PII) being collected and used by Web service providers. Users of these services are usually asked by the service providers to reveal their PII in order to access the services provided by them. While collecting this PII, the service providers must ensure their customers that the PII provided by them must be handled according to the privacy policies and laws. Currently, the enforcement of privacy policies and laws is done manually. This process is error prone and can leak information to the third parties which the information provider has never imagined. The automation of privacy policy enforcement is a must for Web service providers to deal with the privacy handling issue. This paper is an effort towards how to automate the privacy policy enforcement along with traditional authorization policies followed in legacy access control systems. As trust plays an important role in human life and we constantly update and upgrade our trust relationships with other people based on our outlooks in response to the changing situations, the dynamic nature of heterogeneous Web services collaboration is handled through a trust-based access control mechanism.


Privacy Access control Trust Web services PII 


  1. 1.
    Barker, K., Askari, M., Banerjee, M., Ghazinour, K., Mackas, B., Majedi, M., Pun, S., Williams, A.: BNCOD, pp. 42–54 (2009)Google Scholar
  2. 2.
    Lampson, B.W.: Dynamic protection structures. In: Proceedings of American Federation of Information Processing Societies conference, Las Vegas, pp. 27–38. Nevada, USA (1969)Google Scholar
  3. 3.
    D.T.C.S.E.C. (TCSEC), DoD 5200.28-STD Foundations, MITRE Technical Report 2547 (1973)Google Scholar
  4. 4.
    Bell, D.E., LaPadula, L.J.: Secure computer systems: mathematical foundations. The MITRE Corp, vol. 1–111, Bedford, Mass (1973)Google Scholar
  5. 5.
    Louwerse, K.: The electronic patient record; the management of access—case study: Leiden University Hospital. Int. J. Med. Inf. 49(1), 39–44 (1998)CrossRefGoogle Scholar
  6. 6.
    World Wide Web consortium (W3C), platform for privacy preferences (P3P). Available at:
  7. 7.
    APPEL, A P3P preference exchange language 1.0 (APPEL1.0) (Working Draft), World Wide Web consortium (W3C), April 2002. Available at:
  8. 8.
    IBM, the enterprise privacy authorization language (EPAL),EPAL 1.1 specification, 2004. Available at:
  9. 9.
    Casassa Mont, M., Thyne, R., Chan, K., Bramhall, P.: Available at: (2005)
  10. 10.
    Byun, J. W., Bertino, E., Li, N.: Purpose based access control of complex data forprivacy In: Proceedings of SACMAT’05, pp. 102–110. ACM Press, New York (2005)Google Scholar
  11. 11.
    Byun, J.W., Bertino, E., Li, N.: Purpose based access control for privacy protection in relational database systems. Technical Report 2004-52, Purdue University (2004)Google Scholar
  12. 12.
    Byun, J.W., Bertino, E.: Micro-views, or on how to protect privacy while enhancing data usability: concepts and challenges. SIGMOD Rec. 35(1), 9–13 (2006)CrossRefGoogle Scholar
  13. 13.
    Li, M., Wang, H., Ross, D.: Trust-based access control for privacy protection in collaborative environment. In: The 2009 IEEE International Conference on e-Business Engineering, pp. 425—430. Macau, China (2009)Google Scholar
  14. 14.
    Li, M., Wang, H.: Protecting information sharing in distributed collaborative environment. In: 10th Asia-Pacific Web Conference Workshop, pp. 192–200. Shenyang, China (2008)Google Scholar
  15. 15.
    Bhatia, R., Singh, M.: Trust based privacy preserving access control in web services paradigm. In: the Second IEEE International Conference on Advanced Computing, Networking and Security, ADCONS, pp. 243—246 (2013)Google Scholar
  16. 16.
    Wang, Y., Vassileva, J.: Trust and reputation model in collaborative networks. In: Proceedings of 3rd IEEE International Conference Collaborative Computing, pp. 150–157 (2003)Google Scholar

Copyright information

© Springer India 2015

Authors and Affiliations

  1. 1.Punjabi University Regional CentreMohaliIndia
  2. 2.Punjabi UniversityPatialaIndia

Personalised recommendations