The Community for Technology Leaders
Policies for Distributed Systems and Networks, IEEE International Workshop on (2007)
Bologna, Italy
June 13, 2007 to June 15, 2007
ISBN: 0-7695-2767-1
pp: 109-118
Nahid Shahmehri , Linkopings Universitet, Sweden
Claudiu Duma , Linkopings Universitet, Sweden
Almut Herzog , Linkopings Universitet, Sweden
Uncontrolled disclosure of sensitive information during electronic transactions may expose users to threats like loss of privacy and identity theft. The means envisioned for addressing protection of security and privacy in the context of the Semantic Web are policy languages for trust establishment and management. Although a number of policy languages have been proposed, it is unclear how well each language can address users? privacy concerns. <p>The contribution of this work is an independent, scenario-based comparison of six prominent policy languages, namely Protune, Rei, Ponder, Trust-X, KeyNote and P3P-APPEL, with respect to the needs that users have in protecting their personal, sensitive data. We present how each language addresses access control for objects, such as user credentials and sensitive policies. We evaluate how each language defines or imports hierarchies of resources, whether the language supports protection of user information after it has been released, whether the language supports the principle of least privilege and more. The evaluation is not only an analytical literature study but also rich in actual implementations in all six languages.</p>
Nahid Shahmehri, Claudiu Duma, Almut Herzog, "Privacy in the Semantic Web: What Policy Languages Have to Offer", Policies for Distributed Systems and Networks, IEEE International Workshop on, vol. 00, no. , pp. 109-118, 2007, doi:10.1109/POLICY.2007.39
115 ms
(Ver 3.1 (10032016))