Policy Merger System for P3P in a Cloud Aggregation Platform

Olurin, Olumuyiwa

09 January 2013

The need for aggregating privacy policies is present in a variety of application areas today. In traditional client/server models, websites host services along with their policies in different private domains. However, in a cloud-computing platform where aggregators can merge multiple services, users often face complex decisions in terms of choosing the right services from service providers. In this computing paradigm, the ability to aggregate policies as well as services will be useful and more effective for users that are privacy conscious regarding their sensitive or personal information. This thesis studies the problems associated with the Platform for Privacy Preference (P3P) language, and the present issues with communicating and understanding the P3P language. Furthermore, it discusses some efficient strategies and algorithms for the matching and the merging processes, and then elaborates on some privacy policy conflicts that may occur after merging policies. Lastly, the thesis presents a tool for matching and merging P3P policies. If successful, the merge produces an aggregate policy that is consistent with the policies of all participating service providers.

P3P

Cloud Computing

XML Merger

Policy Languages

Privacy

XML

Privacy Policy

Aggregation Platform

Three-way Merge

Policy Merger System for P3P in a Cloud Aggregation Platform

Olurin, Olumuyiwa

January 2013

The need for aggregating privacy policies is present in a variety of application areas today. In traditional client/server models, websites host services along with their policies in different private domains. However, in a cloud-computing platform where aggregators can merge multiple services, users often face complex decisions in terms of choosing the right services from service providers. In this computing paradigm, the ability to aggregate policies as well as services will be useful and more effective for users that are privacy conscious regarding their sensitive or personal information. This thesis studies the problems associated with the Platform for Privacy Preference (P3P) language, and the present issues with communicating and understanding the P3P language. Furthermore, it discusses some efficient strategies and algorithms for the matching and the merging processes, and then elaborates on some privacy policy conflicts that may occur after merging policies. Lastly, the thesis presents a tool for matching and merging P3P policies. If successful, the merge produces an aggregate policy that is consistent with the policies of all participating service providers.

P3P

Cloud Computing

XML Merger

Policy Languages

Privacy

XML

Privacy Policy

Aggregation Platform

Three-way Merge

WWW Privacy - P3P Platform of Privacy Preferencers

Foerster, Marian

10 July 2000

Gemeinsamer Workshop von Universitaetsrechenzentrum und Professur Rechnernetze und verteilte Systeme (Fakultaet fuer Informatik) der TU Chemnitz. Workshop-Thema: Infrastruktur der ¨Digitalen Universitaet¨ WWW Privacy - P3P Platform of Privacy Preferencers Der Vortrag soll einen Einblick in das z.Zt. noch in der Entwicklung stehenden Protokolls P3P des W3C geben. Dabei wird das Grundprinzip von P3P, einige technische Realisierungsmoeglichkeiten sowie ein Demo-Einkaufssystem vorgestellt.

info:eu-repo/classification/ddc/004

ddc:004

P3P

Digitale Universitaet

WWW Privacy

Platform of Privacy Preferencers

Online Privatsphaere

Or Best Offer: A Privacy Policy Negotiation Protocol

Walker, Daniel David

12 July 2007

Users today are concerned about how their information is collected, stored and used by Internet sites. Privacy policy languages, such as the Platform for Privacy Preferences (P3P), allow websites to publish their privacy practices and policies in machine readable form. Currently, software agents designed to protect users' privacy follow a "take it or leave it" approach when evaluating these privacy policies. This approach is inflexible and gives the server ultimate control over the privacy of web transactions. Privacy policy negotiation is one approach to leveling the playing field by allowing a client to negotiate with a server to determine how that server collects and uses the client's data. We present a privacy policy negotiation protocol, "Or Best Offer", that includes a formal model for specifying privacy preferences and reasoning about privacy policies. The protocol is guaranteed to terminate within three rounds of negotiation while producing policies that are Pareto-optimal, and thus fair to both parties. That is, it remains fair to both the client and the server.

privacy

p3p

privacy policies

privacy policy negotiation

utility

Pareto-optimality

Pareto-efficiency

policy

negotiation

protocol

Computer Sciences

Política de privacidad en Internet: noción y tecnología

González, Héctor Raúl

January 2006

Este trabajo intenta encontrar sentido a la noción de intimidad analizando distintas definiciones; estudia algunas tecnologías que ponen en tensión esta noción. Desarrolla dos mecanismos que tienden a proteger la intimidad de las personas: la perspectiva de mayor legislación y la perspectiva enmarcada en el modelo que preconiza la autorregulación de las empresas utilizando la tecnología. Propone una guía que pueden asumir los padres y docentes para minimizar el riesgo de la intimidad de los niños; se aplica esta guía en el estudio de sitios Web en idioma español orientados a niños. Por último hay un breve estudio sobre los principios de privacidad en los sistemas elearning y el estudio de los requerimientos de privacidad entre los componentes de un modelo estándar.

Ciencias Informáticas

Educación

Informática

Aplicación informática

Internet

語意性的隱私政策-落實於銀行內部隱私保護的研究 / Semantic privacy policies－Research for the enforcement of privacy protection inside the bank

李家輝, Lee, Chia Hui

Unknown Date

網際網路的興起帶動銀行業電子商務的發展；然而，在開放式的網路環境下，個人的財務、交易等具有隱私的資訊，可能因金融機構本身資訊安全防護技術未落實、資料處理流程權限控管不當、或相關稽核機制不健全等因素，造成銀行個人資料外洩，而影響個人財務及公司商譽的損失。現今在銀行業電子商務的網站上，雖然有使用隱私權政策聲明的方式來表示履行客戶資料隱私保護的責任，但是此形式宣告的方式大於實質保護的意義，沒有任何作用。客戶資料的隱私資訊，亦應受到法律的保護；在我國主要的法律有電腦處理個人資料保護法、內部控制法及金控共同行銷規範等。本研究旨在針對銀行業電子商務交易流程中提出企業內部客戶隱私資料保護的架構模型，將客戶隱私資訊做分類，並遵循相關法律條文規範，以訂立具有語意的隱私權政策來落實企業內部客戶隱私資料的保護。我期望本研究的成果能貢獻未來金融業於客戶隱私資料保護的參考依循。 / The rising of Internet drives the development of e-commerce in banking industry. However, in the opening environment of Internet, the personal and confidential data which includes finance and transaction may be exposed because its poor secure protection technology or improper permission control for the procedure of data processing, or defective auditing mechanism in financial institutes. Therefore, it could influence the loss of personal finance and goodwill of companies. Although the e-commence website of banking industry protect customers’ data through the stated of right to privacy, the announced meaning is far more than the real protection. The customers’ private data should be protected by law, such as Computer Processing Personal Data Protection Act and Rules Concerning Cross-Selling by Financial Holding Company Subsidiaries in Taiwan.The purpose of the thesis offers the enterprise internal privacy construction model which classifies customers’ private data, follows the related law regulation, and establishes semantic privacy policies in order to achieve the protection of enterprise internal customers’ data for the transaction flow of e-commence in banking industry. I expect the research can contribute some references to follow in customers’ data protection for financial institutions in the future.

隱私權

企業隱私偏好平台

語意網

本體論

語意規則語言

隱私偏好平台

個人資料保護法

金控共同行銷規範

電子商務消費者保護綱領

Privacy

E-P3P

Semantic Web

Ontology

SWRL

P3P

XACML

EPAL

Protection des données personnelles côté utilisateur dans le e-commerce

Dari Bekara, Kheira

18 December 2012

L'informatique et Internet en particulier favorisent grandement la collecte de données à l'insu de l'utilisateur, leur divulgation à des tiers et le croisement des données. La densité des activités humaines dans le monde numérique constitue donc un terrain fertile pour de potentielles atteintes à la vie privée des utilisateurs. Les présents travaux examinent d'abord le contexte légal de la protection de la vie privée, ainsi que les divers moyens informatiques destinés à la protection des données personnelles. Il en ressort un besoin de solutions centrées utilisateur, lui donnant davantage de contrôle sur ses données personnelles. Dans cette perspective, nous analysons le cadre légal français et européen pour en tirer des axes de protection. Nous spécifions ensuite les contraintes tirées de ces axes, en proposant de les introduire dans les modèles de politiques de sécurité existants. Ainsi, nous suggérons l'application d'un seul modèle pour le contrôle d'accès et la protection de la vie privée. Le modèle de contrôle d'accès doit être étendu par de nouvelles conditions et paramètres d'accès. Pour cela, nous définissons le langage XPACML (eXtensible Privacy aware Access Control Markup Language) conçu sur la base d'extensions apportées au modèle de contrôle d'accès XACML. Placés dans un contexte E-Commerce, nous avons défini un modèle sémantique permettant de représenter les contextes liés aux différentes transactions électroniques. Ainsi nous avons pu effectuer une génération dynamique des politiques XPACML en fonction du contexte en cours. A la quête d'une protection étendue des données personnelles, nous avons consacré la dernière partie de nos travaux aux négociations possibles qui peuvent être effectuées entre un utilisateur et un fournisseur de service. Ainsi nous avons proposé deux protocoles. Le premier porte sur la négociation des termes et conditions des politiques de protection des données, alors que le deuxième porte sur la négociation des données à dévoiler elles mêmes

[INFO:INFO_OH] Computer Science/Other

[INFO:INFO_OH] Informatique/Autre

Vie privée

E-commerce

Données personnelles

Protection des données

XPACML

Négociation de politiques

P3P

Théorie des jeux

Bridging the Privacy Gap : a proposal for enhanced technical mechanisms to strengthen users' privacy control online in the age of GDPR and CCPA / Överbryggande av integritetsgapet : ett förslag till förbättrade tekniska mekanismer för att stärka användarnas integritetskontroll online i en tid av GDPR och CCPA

Bruhner, Carl Magnus

January 2022

In the age of the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), privacy and consent control have become even more apparent for every-day users of the internet. Privacy banners in all shapes and sizes asks for your permission through more or less challenging designs and makes privacy control more of a struggle than actually helping the users’ privacy. This thesis presents a novel solution expanding on the Advanced Data Protection Control (ADPC) mechanism in order to bridge current gaps in user data and privacy control. It moves the consent control to the browser interface to give a seamless and hassle-free experience for users, while at the same time offering content providers a way to be legally compliant with legislation including the GDPR. Motivated by an extensive academic review to evaluate previous work and identify current gaps in user data control, the aim of this thesis is to present a blueprint for future implementation of suggested features to support privacy control online for users globally.

cookies

privacy

consent

gdpr

ccpa

adpc

gpc

p3p

dnt

Computer and Information Sciences

Data- och informationsvetenskap

Computer Sciences

Datavetenskap (datalogi)

Information Systems

Human Computer Interaction

Other Computer and Information Science

Annan data- och informationsvetenskap

Workshop: INFRASTRUKTUR DER ¨DIGITALEN UNIVERSIAET¨

Huebner, Uwe

09 August 2000

Gemeinsamer Workshop von Universitaetsrechenzentrum und Professur Rechnernetze und verteilte Systeme (Fakultaet fuer Informatik) der TU Chemnitz. Workshop-Thema: Infrastruktur der ¨Digitalen Universitaet¨

Digitale Universitaet

Apache API

Archiv

Archivierung

CGI

Computer Based Training

Computerunterstützter Unterricht

Computerunterstütztes Lernen

Cyrus

DVD

Distance Learning

Dublincore

Fernunterricht

GIMP

Grafiksoftware

HTML

IP-Multicast

ImageMagick

Instant Messaging Systeme

JSP

Jabber

Java Beans

KDE

KOffice

Latex

Learning Technology

Lebenslanges Lernen

Linux

MBONE

MONARCH

MPEG2

Mailbox-Server

Multi Media Online Archiv Chemnitz

Multimedia

Officesuite

Online Privatsphaere

Open Source

P-Telephony

P3P

PHP

Platform of Privacy Preferencers

Port Hacking

Preismodelle

Protocols

Präsentation

Präsentationssoftware

Publikation

Qt 2.0

RDF

RPC

Ressourcenbeschreibung

SOAP

Security

Selbstgesteuertes Lernen

Servlets

Sketch

Stardraw

Starpresenter

System Administration

Systemadministration

Video

WWW Privacy

Webserver Erweiterungen

XML

XML-basiertes Protokoll

XSL

mod_dtcl

mod_perl

ddc:004

Workshop: INFRASTRUKTUR DER ¨DIGITALEN UNIVERSIAET¨

09 August 2000

Gemeinsamer Workshop von Universitaetsrechenzentrum und Professur Rechnernetze und verteilte Systeme (Fakultaet fuer Informatik) der TU Chemnitz. Workshop-Thema: Infrastruktur der ¨Digitalen Universitaet¨

info:eu-repo/classification/ddc/004

ddc:004

XSL, mod_dtcl, mod_perl