Machine-readable privacy certificates for services

Marco Anisetti; Claudio A. Ardagna; Michele Bezzi; Ernesto Damiani; Antonino Sabetta

doi:10.1007/978-3-642-41030-7_31

Machine-readable privacy certificates for services

Marco Anisetti, Claudio A. Ardagna, Michele Bezzi, Ernesto Damiani, Antonino Sabetta

Electrical Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Scopus citations

Abstract

Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.

Original language	British English
Title of host publication	On the Move to Meaningful Internet Systems
Subtitle of host publication	OTM 2013 Conferences - Confederated International Conferences: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013, Proceedings
Pages	434-450
Number of pages	17
DOIs	https://doi.org/10.1007/978-3-642-41030-7_31
State	Published - 2013
Event	Confederated International Conferences on On the Move to Meaningful Internet Systems, OTM 2013: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013 - Graz, Austria Duration: 9 Sep 2013 → 13 Sep 2013

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	8185 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Confederated International Conferences on On the Move to Meaningful Internet Systems, OTM 2013: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013
Country/Territory	Austria
City	Graz
Period	9/09/13 → 13/09/13

Keywords

certification
privacy
testing

Access to Document

10.1007/978-3-642-41030-7_31

Cite this

Anisetti, M., Ardagna, C. A., Bezzi, M., Damiani, E., & Sabetta, A. (2013). Machine-readable privacy certificates for services. In On the Move to Meaningful Internet Systems: OTM 2013 Conferences - Confederated International Conferences: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013, Proceedings (pp. 434-450). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8185 LNCS). https://doi.org/10.1007/978-3-642-41030-7_31

Anisetti, Marco ; Ardagna, Claudio A. ; Bezzi, Michele et al. / Machine-readable privacy certificates for services. On the Move to Meaningful Internet Systems: OTM 2013 Conferences - Confederated International Conferences: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013, Proceedings. 2013. pp. 434-450 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{655bfbcb5e124390b3dd5b7aa36d709c,

title = "Machine-readable privacy certificates for services",

abstract = "Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.",

keywords = "certification, privacy, testing",

author = "Marco Anisetti and Ardagna, {Claudio A.} and Michele Bezzi and Ernesto Damiani and Antonino Sabetta",

year = "2013",

doi = "10.1007/978-3-642-41030-7_31",

language = "British English",

isbn = "9783642410291",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "434--450",

booktitle = "On the Move to Meaningful Internet Systems",

note = "Confederated International Conferences on On the Move to Meaningful Internet Systems, OTM 2013: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013 ; Conference date: 09-09-2013 Through 13-09-2013",

}

Anisetti, M, Ardagna, CA, Bezzi, M, Damiani, E & Sabetta, A 2013, Machine-readable privacy certificates for services. in On the Move to Meaningful Internet Systems: OTM 2013 Conferences - Confederated International Conferences: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 8185 LNCS, pp. 434-450, Confederated International Conferences on On the Move to Meaningful Internet Systems, OTM 2013: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013, Graz, Austria, 9/09/13. https://doi.org/10.1007/978-3-642-41030-7_31

Machine-readable privacy certificates for services. / Anisetti, Marco; Ardagna, Claudio A.; Bezzi, Michele et al.
On the Move to Meaningful Internet Systems: OTM 2013 Conferences - Confederated International Conferences: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013, Proceedings. 2013. p. 434-450 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 8185 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Machine-readable privacy certificates for services

AU - Anisetti, Marco

AU - Ardagna, Claudio A.

AU - Bezzi, Michele

AU - Damiani, Ernesto

AU - Sabetta, Antonino

PY - 2013

Y1 - 2013

N2 - Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.

AB - Privacy-aware processing of personal data on the web of services requires managing a number of issues arising both from the technical and the legal domain. Several approaches have been proposed to matching privacy requirements (on the clients side) and privacy guarantees (on the service provider side). Still, the assurance of effective data protection (when possible) relies on substantial human effort and exposes organizations to significant (non-)compliance risks. In this paper we put forward the idea that a privacy certification scheme producing and managing machine-readable artifacts in the form of privacy certificates can play an important role towards the solution of this problem. Digital privacy certificates represent the reasons why a privacy property holds for a service and describe the privacy measures supporting it. Also, privacy certificates can be used to automatically select services whose certificates match the client policies (privacy requirements). Our proposal relies on an evolution of the conceptual model developed in the Assert4Soa project and on a certificate format specifically tailored to represent privacy properties. To validate our approach, we present a worked-out instance showing how privacy property Retention-based unlinkability can be certified for a banking financial service.

KW - certification

KW - privacy

KW - testing

UR - http://www.scopus.com/inward/record.url?scp=84886742286&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-41030-7_31

DO - 10.1007/978-3-642-41030-7_31

M3 - Conference contribution

AN - SCOPUS:84886742286

SN - 9783642410291

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 434

EP - 450

BT - On the Move to Meaningful Internet Systems

T2 - Confederated International Conferences on On the Move to Meaningful Internet Systems, OTM 2013: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013

Y2 - 9 September 2013 through 13 September 2013

ER -

Anisetti M, Ardagna CA, Bezzi M, Damiani E, Sabetta A. Machine-readable privacy certificates for services. In On the Move to Meaningful Internet Systems: OTM 2013 Conferences - Confederated International Conferences: CoopIS 2013, DOA-Trusted Cloud 2013, and ODBASE 2013, Proceedings. 2013. p. 434-450. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-642-41030-7_31

Machine-readable privacy certificates for services

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this