A conceptual framework for privacy policy negotiation in web services

Abstract

Research into privacy in web services based service-oriented environment gained attention in recent years. Business Transaction Level Data (TLD) privacy is important because in web services the interaction between the Service Provider and Service consumer is far more complicated than in the browser-server environment. This results in an enormous amount of data, and complex data, which raises many transaction level data privacy issues. In web services we can define arbitrary transaction inter-faces and hence, the privacy concerns and associated complexity increases. The existing privacy solutions only offer session level data privacy; therefore, we extend this solution by adding transaction level data privacy. This would offer the service provider and consumer more control over their privacy data, and so that is the difference between existing privacy negotiation protocols and new generation service oriented based privacy protocols. In this paper we tackle this issue of privacy policy negotiation in the distributed service-oriented computing environment. To solve this privacy issue we propose a framework that would negotiate and generate dynamic transaction-based privacy policies based on transaction-related confidential data and its associated privacy preferences. A detailed protocol and supporting context is provided to illustrate the applicability of our proposed framework.