Policies for Distributed Systems and Networks, IEEE International Workshop on (2007)
June 13, 2007 to June 15, 2007
Claudiu Duma , Linkopings Universitet, Sweden
Almut Herzog , Linkopings Universitet, Sweden
Nahid Shahmehri , Linkopings Universitet, Sweden
Uncontrolled disclosure of sensitive information during electronic transactions may expose users to threats like loss of privacy and identity theft. The means envisioned for addressing protection of security and privacy in the context of the Semantic Web are policy languages for trust establishment and management. Although a number of policy languages have been proposed, it is unclear how well each language can address users? privacy concerns. <p>The contribution of this work is an independent, scenario-based comparison of six prominent policy languages, namely Protune, Rei, Ponder, Trust-X, KeyNote and P3P-APPEL, with respect to the needs that users have in protecting their personal, sensitive data. We present how each language addresses access control for objects, such as user credentials and sensitive policies. We evaluate how each language defines or imports hierarchies of resources, whether the language supports protection of user information after it has been released, whether the language supports the principle of least privilege and more. The evaluation is not only an analytical literature study but also rich in actual implementations in all six languages.</p>
N. Shahmehri, C. Duma and A. Herzog, "Privacy in the Semantic Web: What Policy Languages Have to Offer," Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'07)(POLICY), Bologna, 2007, pp. 109-118.