Policies for Distributed Systems and Networks, IEEE International Workshop on (2011)
June 6, 2011 to June 8, 2011
We propose a novel way of managing how data on the Web is used with an infrastructure that enables accountability on the Web at the protocol level. We propose a protocol, HTTPA (Accountable Hyper Text Transfer Protocol), which requires that the data producer and the data consumer come to an agreement before an HTTP transaction takes place. This process makes both parties accountable for the agreement they had entered into, especially when reusing the data that was transferred. In HTTPA, the data consumer expresses her intentions of access and usage, and the data producer expresses her usage restrictions. The data transfer only happens when the intentions match the restrictions and the transfer along with the agreement is logged. This protocol cannot prevent the unauthorized reuse of data, but rather it can be used to develop accountability mechanisms that will identify violators allowing them to be held accountable for data they inappropriately consumed and served.
security, data privacy, authorization, authentication, accountability
O. Senevitane and L. Kagal, "Addressing Data Reuse Issues at the Protocol Level," 2011 IEEE International Symposium on Policies for Distributed Systems and Networks - POLICY 2011(POLICY), Pisa, 2011, pp. 141-144.