Privacy is Linking Permission to Purpose

 
EPrints.org
Agentlink Clearinghouse is powered by GNU EPrints developed by the School of Electronics and Computer Science of the University of Southampton.
Type: Conference or Workshop Item (Paper)

Massacci, F. and Zannone, N. (2004) Privacy is Linking Permission to Purpose. In: 12th International Workshop on Security Protocols, 26-28 April 2004, Cambridge, England.

Full text not available from this archive.

Abstract

The last years have seen a peak in privacy related research. The focus has been mostly on how to protect the individual from being tracked, with plenty of anonymizing solutions. We advocate another model that is closer to the ``physical'' world: we consider our privacy respected when our personal data is used for the purpose for which we gave it in the first place. Essentially, in any distributed authorization protocol, credentials should mention their purpose beside their powers. For this information to be meaningful we should link it to the functional requirements of the original application. We sketch how one can modify a requirement engineering methodology to incorporate security concerns so that we explicitly trace back the high-level goals for which a functionality has been delegated by a (human or software) agent to another one. Then one could be directly derive purpose-based trust management solutions from the requirements.

Deposited by Nicola Zannone on 23 February 2005

Archive Staff Only: edit this record

   

AgentLink is the European Commission's IST-funded Coordination Action for Agent-Based Computing
and is coordinated by the
University of Liverpool and University of Southampton
If you encounter any problems with these pages please contact web@agentlink.org.