Enforcing P3P policies using a digital rights management system

Authors:
Farzad Salim;Nicholas Paul Sheppard;Rei Safavi-Naini
Affiliations:
School of Computer Science and Software Engineering, University of Wollongong, NSW, Australia;School of Computer Science and Software Engineering, University of Wollongong, NSW, Australia;Department of Computer Science, University of Calgary, Calgary, Canada
Venue:
PET'07 Proceedings of the 7th international conference on Privacy enhancing technologies
Year:
2007

Citing 10
Cited 5

Role-Based Access Control Models

Computer
Open letter to P3P developers & replies

Proceedings of the tenth conference on Computers, freedom and privacy: challenging the assumptions
The role-based access control system of a European bank: a case study and discussion

SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Use of a P3P user agent by early adopters

Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Privacy-Enabled Services for Enterprises

DEXA '02 Proceedings of the 13th International Workshop on Database and Expert Systems Applications
Translating Privacy Practices into Privacy Promises—How to Promise What You Can Keep

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Specifying privacy policies with P3P and EPAL: lessons learned

Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Enterprise privacy promises and enforcement

WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
A formal semantics for P3P

SWS '04 Proceedings of the 2004 workshop on Secure web service
Protecting privacy with the MPEG-21 IPMP framework

PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies

On implementing mpeg-21 intellectual property management and protection

Proceedings of the 2007 ACM workshop on Digital Rights Management
Privacy policies compliance across digital identity management systems

SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Enforcing purpose of use via workflows

Proceedings of the 8th ACM workshop on Privacy in the electronic society
A rights management approach to protection of privacy in a cloud of electronic health records

Proceedings of the 11th annual ACM workshop on Digital rights management
Understanding privacy policies

Empirical Software Engineering

Quantified Score

Hi-index	0.00

Visualization

Abstract

The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRMis one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumer's privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.