E-P3P privacy policies and privacy authorization
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Web Privacy with P3p
An Agent Architecture for e-Services Privacy Policy Compliance
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 1
Computer Standards & Interfaces
Evaluating the disaster defense ability of information systems
PAISI'07 Proceedings of the 2007 Pacific Asia conference on Intelligence and security informatics
| Hi-index | 0.00 |
In the Internet era, enterprises want to use personal information of their own or other enterprises’ subscribers, and even provide it to other enterprises for their profit. On the other hand, subscribers to Internet enterprises expect their privacy to be securely protected. Therefore, a conflict between enterprises and subscribers can arise in using personal information for the enterprises’ benefits. In this paper, we introduce a privacy policy model and propose a policy-based privacy authorization system. The privacy policy model is used for authoring privacy policies and the privacy authorization system renders the authorization decision based on the privacy policies. In the proposed system, policies for enterprises and subscribers are described in XACML, an XML-based OASIS standard language for access control policies. In addition, we show the details of how the procedure of the privacy authorization and conflict resolution is processed in the proposed system.