End-to-end privacy control in service outsourcing of human intensive processes: A multi-layered Web service integration approach

Authors:
Patrick C. Hung;Dickson K. Chiu;W. W. Fung;William K. Cheung;Raymond Wong;Samuel P. Choi;Eleanna Kafeza;James Kwok;Joshua C. Pun;Vivying S. Cheng
Affiliations:
Faculty of Business and Information Technology, University of Ontario Institute of Technology, Osahwa, Canada;Dickson Computer Systems, Kowloon, Hong Kong;Department of Computer Science, The Hong Kong University of Science and Technology, Kowloon, Hong Kong;Department of Computing, Hong Kong Baptist University, Kowloon, Hong Kong;School of Computer Science and Engineering, University of New South Wales, Sydney, Australia;School of Business and Administration, The Open University of Hong Kong, Kowloon, Hong Kong;Department of Marketing and Communications, Athens University of Economics and Business, Athens, Greece;Department of Computer Science, The Hong Kong University of Science and Technology, Kowloon, Hong Kong;Department of Computer Science, The Hong Kong University of Science and Technology, Kowloon, Hong Kong;Department of Computer Science, The Hong Kong University of Science and Technology, Kowloon, Hong Kong
Venue:
Information Systems Frontiers
Year:
2007

Citing 14
Cited 7

Conflicts in Policy-Based Distributed Systems Management

IEEE Transactions on Software Engineering
A Chinese Wall Approach to Privacy Policies for the Web

COMPSAC '02 Proceedings of the 26th International Computer Software and Applications Conference on Prolonging Software Life: Development and Redevelopment
Privacy-enhancing technologies: approaches and development

Computer Standards & Interfaces
From Physical Marketing to Web Marketing: The Web-Marketing Mix

HICSS '02 Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 7 - Volume 7
Role-Based Access Control

Role-Based Access Control
Privacy Policy Compliance for Web Services

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Providing Privacy for Web Services by Anonymous Group Identification

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Towards Standardized Web Services Privacy Technologies

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Access Control for Semantic Web Services

ICWS '04 Proceedings of the IEEE International Conference on Web Services
Privacy risk models for designing privacy-sensitive ubiquitous computing systems

DIS '04 Proceedings of the 5th conference on Designing interactive systems: processes, practices, methods, and techniques
Services Computing: Grid Applications for Today

IT Professional
Averting Security Missteps in Outsourcing

IEEE Security and Privacy
Exploring Privacy Issues in Web Services Discovery Agencies

IEEE Security and Privacy
Ontology guided XML security engine

Journal of Intelligent Information Systems - Special issue: Database and applications security

Services computing as the foundation of enterprise agility: Overview of recent advances and introduction to the special issue

Information Systems Frontiers
Taking the high road to web services implementation: an exploratory investigation of the organizational impacts

ACM SIGMIS Database
Structure of service level agreements (SLA) in IT outsourcing: The construct and its measurement

Information Systems Frontiers
Information Hiding by Machine Learning: A Method of Key Generation for Information Extracting Using Neural Network

International Journal of Organizational and Collective Intelligence
Engineering e-Collaboration Services with a Multi-Agent System Approach

International Journal of Systems and Service-Oriented Engineering
Secure Key Generation for Static Visual Watermarking by Machine Learning in Intelligent Systems and Services

International Journal of Systems and Service-Oriented Engineering
Explaining the adoption of grid computing: An integrated institutional theory and organizational capability approach

The Journal of Strategic Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

With the recent adoption of service outsourcing, there have been increasing general demands and concerns for privacy control, in addition to basic requirement of integration. The traditional practice of a bulk transmission of the customers' information to an external service provider is no longer adequate, especially in the finance and healthcare sectors. From our consultancy experience, application-to-application privacy protection technologies at the middleware layer alone are also inadequate to solve this problem, particularly when human service providers are heavily involved in the outsourced process. Therefore, we propose a layered architecture and a development methodology for enforcing end-to-end privacy control policies of enterprises over the export of personal information. We illustrate how Web services, augmented with updated privacy facilities such as Service Level Agreement (SLA), Platform for Privacy Preferences Project (P3P), and the P3P Preference Exchange Language (APPEL), can provide a suitable interoperation platform for service outsourcing. We further develop a conceptual model and an interaction protocol to send only the required part of a customer's record at a time. We illustrate our approach for end-to-end privacy control in service outsourcing with a tele-marketing case study and show how the software of the outsourced call center can be integrated effectively with the Web services of a bank to protect privacy.