Delegation logic: A logic-based approach to distributed authorization
ACM Transactions on Information and System Security (TISSEC)
Towards requirements-driven information systems engineering: the Tropos project
Information Systems - The 13th international conference on advanced information systems engineering (CAiSE*01)
DATALOG with Constraints: A Foundation for Trust Management Languages
PADL '03 Proceedings of the 5th International Symposium on Practical Aspects of Declarative Languages
Tropos: An Agent-Oriented Software Development Methodology
Autonomous Agents and Multi-Agent Systems
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
IJCAI'03 Proceedings of the 18th international joint conference on Artificial intelligence
Protecting privacy during on-line trust negotiation
PET'02 Proceedings of the 2nd international conference on Privacy enhancing technologies
Hierarchical hippocratic databases with minimal disclosure for virtual organizations
The VLDB Journal — The International Journal on Very Large Data Bases
Towards the development of privacy-aware systems
Information and Software Technology
Optimal Privacy-Aware Path in Hippocratic Databases
DASFAA '09 Proceedings of the 14th International Conference on Database Systems for Advanced Applications
Hi-index | 0.00 |
The last years have seen a peak in privacy related research. The focus has been mostly on how to protect the individual from being tracked, with plenty of anonymizing solutions. We advocate another model that is closer to the “physical” world: we consider our privacy respected when our personal data is used for the purpose for which we gave it in the first place. Essentially, in any distributed authorization protocol, credentials should mention their purpose beside their powers. For this information to be meaningful we should link it to the functional requirements of the original application. We sketch how one can modify a requirement engineering methodology to incorporate security concerns so that we explicitly trace back the high-level goals for which a functionality has been delegated by a (human or software) agent to another one. Then one could be directly derive purpose-based trust management solutions from the requirements.