Privacy Issues in SOAP Message Exchange Pattern for Social Services

• Autorzy: Chen W. , Paik I. , Hung P. C. K.

Identyfikatory

DOI

10.3233/FI-2015-1178

• Języki publikacji: EN

Abstrakty

EN

A Web service is defined as an autonomous unit of application logic that provides either some business functionality or information to other applications through an Internet connection. Web services are based on a set of eXtensible Markup Language (XML) standards such as Universal Description, Discovery and Integration (UDDI), Web Services Description Language (WSDL), and Simple Object Access Protocol (SOAP). NowadaysWeb services are becoming more and more popular for supporting different social applications, thus there are also increasing demands and discussions aboutWeb services privacy protection in information. In general, privacy policies describe an organization’s data practices on what information they collect from individuals (e.g., consumers) and what (e.g., purposes) they do with it. To enable privacy protection for Web service consumers across multiple domains and services, the World Wide Web Consortium (W3C) published a document called “Web Services Architecture (WSA) Requirements” that defines some specific privacy requirements for Web services as a future research topic. This paper presents a mathematical model to construct the privacy policies in SOAP Message Exchange Patterns (MEP) for social services. Further, this paper also presents the privacy policies in security tokens with SOAP messages.

Słowa kluczowe

EN

web services; privacy policies; social services; SOAP; simple object access protocol; security token

• Wydawca: IOS Press
• Czasopismo: Fundamenta Informaticae
• Rocznik: 2015
• Tom: Vol. 137, nr 2
• Strony: 253--271
• Opis fizyczny: Bibliogr. 50 poz., rys.

Twórcy

autor

Chen W.

• School of Computer Science and Engineering University of Aizu, Fukushima, Japan

autor

Paik I.

• School of Computer Science and Engineering University of Aizu, Fukushima, Japan

autor

Hung P. C. K.

• Faculty of Business and Information Technology University of Ontario Institute of Technology (UOIT), Canada

Bibliografia

• [1] Universal Description, Discovery and Integration (UDDI). UDDI Version 3.0, UDDI Spec Technical Committee Specification, 19 July 2002. Online: uddi.org/pubs/uddi-v3.00-published-20020719.htm
• [2] WorldWideWeb Consortium(W3C).Web Services Description Language (WSDL), Version 1.2,W3CWorking Draft, 9 July 2002. Online: www.w3.org/TR/2002/WD-wsdl12-20020709/
• [3] World Wide Web Consortium (W3C). Web Services Architecture Usage Scenarios, W3C Working Draft, 30 July 2002. Online: www.w3.org/TR/2002/WD-ws-arch-scenarios-20020730/
• [4] WorldWideWeb Consortium(W3C). The Platform for Privacy Preferences 1.0 (P3P1.0) Specification,W3C Recommendation, 16 April 2002. Online: www.w3.org/TR/P3P/
• [5] WorldWideWeb Consortium(W3C). A P3P Preference Exchange Language 1.0 (APPEL1.0),W3CWorking Draft, 15 April 2002. Online: www.w3.org/TR/P3P-preferences/
• [6] World Wide Web Consortium (W3C). Web Services Architecture Requirements, W3C Working Draft, 14 November 2002. Online: www.w3.org/TR/2002/WD-wsa-reqs-20021114
• [7] World WideWeb Consortium (W3C). [P3P]: Beyond HTTP, P3P Task Force Report, 18 April 2003. Online: www.w3.org/P3P/2003/p3p-beyond-http/Overview.html
• [8] P. C. K. Hung and D. K. W. Chiu. Workflow-based Information Integration in a Web Services Environment, Proceedings of the First International Conference on Web Services (ICWS’03), Monte Carlo Resort, Las Vegas, Nevada, USA, June 23-26, 2003.
• [9] IBM Corporation. Security in a Web Services World: A Proposed Architecture and Roadmap, White Paper, Version 1.0, 2002. Online: www-106.ibm.com/developerworks/library/ws-secroad/
• [10] IBM Corporation. Enterprise Privacy Authorization Language (EPAL), IBM Research Report, 2003. Online: www.zurich.ibm.com/security/enterprise-privacy/epal
• [11] OASIS ebXML Collaboration Protocol Profile and Agreement Technical Committee. Automated Negotiation of Collaboration-Protocol Agreements Specification, Version 0.04, 2002. Online: www.oasisopen. org/committees/ebxml-cppa/negotiation
• [12] P3P BEYOND HTTP Task Force. Online: www.w3.org/P3P/2003/03-binding.html
• [13] P. Holland. BuildingWeb Services From Existing Application, eAI Journal, pp. 45-47, September 2002.
• [14] L. Aversano, G. De Canfora, A. Lucia and P. Gallucci. Integrating Document and Workflow Management Tools using XML and Web Technologies: A Case Study, Proceedings of Sixth European Conference on Software Maintenance and Reengineering, pp. 24-33, 2002.
• [15] Z. Zhang and C. Zhang. An Improvement toMatchmakingAlgorithms forMiddle Agents, Proceedings of the First International Joint Conference on Autonomous Agents and Multiagent Systems, pp. 1340-1347, 2002.
• [16] C. Mohen. Tutorial: Application Servers and Associated Technologies, ACM SIGMOD International Conference on Management of Data (SIGMOD’02),Madison, USA, June 2002.
• [17] Webmethod. Enterprise Web Services in the Financial Services Industry - Driving New Integration Solutions, Technical Document,March 2002.
• [18] A. Tumer, A. Dogac and H. Toroslu. A Semantic based Privacy Framework for Web Services, WWW’03 workshop on E-Services and the Semantic Web (ESSW 03), Budapest, Hungary,May 2003.
• [19] J. Grijpink. Privacy Law: Biometrics and Privacy, Computer Law & Security Report, vol. 17, no. 3, pp. 154-160, 2001.
• [20] A. Tumer, A. Dogac and H. Toroslu. Semantic based Privacy Framework for Web Services, Proceedings of WWW’03 workshop on E-Services and the Semantic Web (ESSW 03), Budapest, Hungary,May 2003.
• [21] World Wide Web Consortium (W3C). SOAP Version 1.2 Part 1: Messaging Framework, W3C Proposed Recommendation, 07 May 2003. Online: www.w3c.org/TR/2003/PR-soap12-part1-20030507/
• [22] World Wide Web Consortium (W3C). SOAP Version 1.2 Part 2: Adjuncts, W3C Proposed Recommendation, 07 May 2003. Online: www.w3.org/TR/2003/PR-soap12-part2-20030507/
• [23] World Wide Web Consortium (W3C). SOAP Version 1.2 Part 0: Primer, W3C Proposed Recommendation, 07 May 2003. Online: www.w3c.org/TR/2003/PR-soap12-part0-20030507/
• [24] H. Leino-Kilpi, M. Valimaki, T. Dassen, M. Gasull, C. Lemonidou, A. Scott and M. Arndt. Privacy: A Review of the Literature, International Journal of Nursing Studies, vol. 38, pp. 663-671, 2001.
• [25] M. Jackson. Data Protection in Australia, Computer Law & Security Report, vol. 15, no. 4, pp. 238-242, 1999.
• [26] C. J. Bennett. Arguments for the Standardization of Privacy Protection Policy: Canadian Initiatives and American and International Responses, Government Information Quarterly, vol. 14, no. 4, pp. 351-362, 1997.
• [27] V. Senicar, B. Jerman-Blazic and T. Klobucar. Privacy-Enhancing Technologies - approaches and development, Computer Standards & Interfaces, vol. 25, pp. 147-158, 2003.
• [28] L. Dreyer and M. Olivier. Dynamic Aspects of the InfoPrivModel, Proceedings of the Dexa 98 International Workshop on Security and Integrity of Data Intensive Applications, Vienna, Australia, August 1998.
• [29] M. Langheinrich. A Privacy Awareness System for Ubiquitous Computing Environments, Proceedings of the 4th International Conference on Ubiquitous Computing (UbiComp2002), Springer-Verlag LNCS 2498, pp. 237-245, September 2002.
• [30] A. Rezgui, Z.Wen and A. Bouguettaya. Enforcing Privacy in Interoperable E-GovernmentApplications, dg.o 2002 NSF Conference, Los Angeles, May 2002.
• [31] A. Rezgui, M. Ouzzani, A. Bouguettaya and B. Medjahed. Preserving Privacy in Web Services, Proceedings of the 4th International ACM Workshop on Web Information and Data Management, Virginia, USA, pp. 56-62, November 2002.
• [32] F. A. Lategan and M. S. Olivier. A Chinese Wall Approach to Privacy Policies for the Web, Proceedings of the 26th Annual International Computer Software and Applications Conference (COMPSAC’02), 2002.
• [33] The DAML Services Coalition. DAML-S: Semantic Markup for Web Services, Version 0.9, 2003. Online: www.daml.org/services/daml-s/0.9/daml-s.html
• [34] E. D. Schoeman. Philosophical Dimensions of Privacy: An Anthology, New York, NY, Cambridge Univ. Press, 1984.
• [35] World Wide Web Consortium (W3C). XML Encryption Syntax and Processing, W3C Proposed Recommendation, 10 December 2002. Online: www.w3.org/TR/2002/REC-xmlenc-core-20021210/
• [36] Junichi Toyouchi,Motohisa Funabashi, Shinsuke Honjo and Norihisa Komoda.Web Service Integration Platform with Privacy Preferences for One-stop Application, Proceedings of the First International Conference on Web Services (ICWS’03),Monte Carlo Resort, Las Vegas, Nevada, USA, June 23-26, 2003.
• [37] OASIS. SAML 1.0 Specification Set: Committee Specifications, 2002.
• [38] IBM Corporation. Web Services Security (WS-SECURITY), Version 1.0 05, April 2002. Online: www-106.ibm.com/developerworks/webservices/library/ws-secure/
• [39] D. Hutter and M. Volkamer. Information flow control to secure dynamic web-service composition, In 3nd International Confernce on Security in Pervasive Computing. Springer, LNCS, 2006.
• [40] D. Hutter, M.Volkamer, M. Klusch, and A.Gerber. Provably secure execution of composed semantic web services, In International AAMAS-Workshop on Privacy and Security in Agent-based Collaborative Environments, PSACE-2006, Hakodate, Japan, 2006.
• [41] D. M. Volpano and G. Smith. A type-based approach to program security, In TAP-SOFT’97: Theory and Practice of Software Development, pp. 607-621. Springer, LNCS 1214,1997.
• [42] E. Pignotti and P. Edwards. Using Web Services and Policies within a Social Platform to Support Collaborative Research, In AAAI Technical Report SS-12-04 Intelligent Web Services Meet Social Computing , pp. 64-69. 2012.
• [43] N. Faci, Z. Maamar and P. Ghodous. Which Social Networks Should Web Services Sign-Up In?, In AAAI Technical Report SS-12-04 Intelligent Web Services Meet Social Computing , pp. 22-26. 2012.
• [44] Z. Maamar, N. Faci, A. Loo, P Ghodous. Towards a Quality of Social Network (QoSN)Model in the Context of Social Web Services, In Dans International Conference on Exploring Services Science, Lecture Notes in Business Information Processing, Geneva, Switzerland, pp. 297?310, 2012.
• [45] Z.Maamar, H. Hacid andM. N. Huhns,WhyWeb Services Need Social Networks, IEEE Internet Computing, vol. 15, no. 2, pp. 90-94, 2011.
• [46] T. Pilioura and A. Tsalgatidou, Unified Publication and Discovery of Semantic Web Services, ACM Trans. Web, vol. 3, no. 3, pp. 1-44, 2009.
• [47] Wei Tan, et al., Providing Map and GPS Assistance to Service Composition in Bioinformatics. SCC 2011.
• [48] Jia Zhang, et al., Recommend-As-You-Go: A Novel Approach Supporting Services-Oriented Scientific Workflow Reuse. SCC 2011.
• [49] ZakariaMaamar, et al., Using Social Networks forWeb Services Discovery. IEEE Internet Computing, 2011.
• [50] W. Chen and I. Paik, Improving Efficiency of Service Discovery Using Linked Data-based Service Publication, Inf Syst Front, DOI 10.1007/s10796-012-9381-x, Sep. 2012.