Obligations: Building a Bridge between Personal and Enterprise Privacy in Pervasive Computing

Authors:
Susana Alcalde Bagüés;Jelena Mitic;Andreas Zeidler;Marta Tejada;Ignacio R. Matias;Carlos Fernandez Valdivielso
Affiliations:
Siemens AG, Corporate Technology, Munich, Germany and Department of Electrical and Electronic Engineering, Public University of Navarra, Navarra, Spain;Siemens AG, Corporate Technology, Munich, Germany;Siemens AG, Corporate Technology, Munich, Germany;Department of Electrical and Electronic Engineering, Public University of Navarra, Navarra, Spain;Department of Electrical and Electronic Engineering, Public University of Navarra, Navarra, Spain;Department of Electrical and Electronic Engineering, Public University of Navarra, Navarra, Spain
Venue:
TrustBus '08 Proceedings of the 5th international conference on Trust, Privacy and Security in Digital Business
Year:
2008

Citing 9
Cited 1

The UCONABC usage control model

ACM Transactions on Information and System Security (TISSEC)
Keeping ubiquitous computing to yourself: a practical model for user control of privacy

International Journal of Human-Computer Studies - Special isssue: HCI research in privacy and security is critical now
Privacy and identity management for everyone

Proceedings of the 2005 workshop on Digital identity management
Disappearing for a while - using white lies in pervasive computing

Proceedings of the 2007 ACM workshop on Privacy in electronic society
Towards personal privacy control

OTM'07 Proceedings of the 2007 OTM Confederated international conference on On the move to meaningful internet systems - Volume Part II
Obligations for privacy and confidentiality in distributed transactions

EUC'07 Proceedings of the 2007 conference on Emerging direction in embedded and ubiquitous computing
A user-centric privacy framework for pervasive environments

OTM'06 Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part II
On obligations

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A systemic approach to automate privacy policy enforcement in enterprises

PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies

KEMNAD: A Knowledge Engineering Methodology For Negotiating Agent Development

Computational Intelligence

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper we present a novel architecture for extending the traditional notion of access control to privacy-related data toward a holistic privacy management system. The key elements used are obligations. They constitute a means for controlling the use of private data even after the data was disclosed to some third-party. Today's laws mostly are regulating the conduct of business between an individual and some enterprise. They mainly focus on long-lived and static relationships between a user and a service provider. However, due to the dynamic nature of pervasive computing environments, rather more sophisticated mechanisms than a simple offer/accept-based privacy negotiation are required. Thus, we introduce a privacy architecture which allows a user not only to negotiate the level of privacy needed in a rather automated way but also to track and monitor the whole life-cycle of data once it has been disclosed.