Privacy is Linking Permission to Purpose

IRIS

The last years have seen a peak in privacy related research. The focus has been mostly on how to protect the individual from being tracked, with plenty of anonymizing solutions. We advocate another model that is closer to the ``physical'' world: we consider our privacy respected when our personal data is used for the purpose for which we gave it in the first place. Essentially, in any distributed authorization protocol, credentials should mention their purpose beside their powers. For this information to be meaningful we should link it to the functional requirements of the original application. We sketch how one can modify a requirement engineering methodology to incorporate security concerns so that we explicitly trace back the high-level goals for which a functionality has been delegated by a (human or software) agent to another one. Then one could be directly derive purpose-based trust management solutions from the requirements.

Privacy is Linking Permission to Purpose / Zannone, Nicola; Massacci, Fabio. - ELETTRONICO. - (2004).

Privacy is Linking Permission to Purpose

Zannone, Nicola;Massacci, Fabio

2004-01-01

Abstract

The last years have seen a peak in privacy related research. The focus has been mostly on how to protect the individual from being tracked, with plenty of anonymizing solutions. We advocate another model that is closer to the ``physical'' world: we consider our privacy respected when our personal data is used for the purpose for which we gave it in the first place. Essentially, in any distributed authorization protocol, credentials should mention their purpose beside their powers. For this information to be meaningful we should link it to the functional requirements of the original application. We sketch how one can modify a requirement engineering methodology to incorporate security concerns so that we explicitly trace back the high-level goals for which a functionality has been delegated by a (human or software) agent to another one. Then one could be directly derive purpose-based trust management solutions from the requirements.

Scheda breve

Scheda completa

Scheda completa (DC)

	Anno di pubblicazione (Date of publication)
	
			2004
		
	Luogo di edizione (Place of publication)
	
			Trento, Italia
		
	Casa editrice (Publisher)
	
			Università degli Studi di Trento. DEPARTMENT OF INFORMATION AND COMMUNICATION TECHNOLOGY
		
	Citazione
	
			Privacy is Linking Permission to Purpose / Zannone, Nicola; Massacci, Fabio. - ELETTRONICO. - (2004).
		
	Tutti gli autori
	
			Zannone, Nicola; Massacci, Fabio
		
	Appare nelle tipologie:
	
			07.2 Altre pubblicazioni (Other types of publications)

File in questo prodotto:

File	Dimensione	Formato
084.pdf accesso aperto Tipologia: Versione editoriale (Publisher’s layout) Licenza: Tutti i diritti riservati (All rights reserved) Dimensione 282.02 kB Formato Adobe PDF Visualizza/Apri	282.02 kB	Adobe PDF	Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/11572/359073

Attenzione

Attenzione! I dati visualizzati non sono stati sottoposti a validazione da parte dell'ateneo

Citazioni

ND

ND

ND

social impact