ArticlePDF Available

Using P3P in a web services-based context-aware application platform

Authors:

Abstract and Figures

1 The work described in this paper has been sponsored by Freeband Knowledge Impulse, a joint initiative of Dutch Government, knowledge institutes and industry. Abstract This paper describes a proposal for a privacy control architecture to be applied in the WASP project. The WASP project aims to develop a context-aware service platform on top of 3G networks, using web services technology. The proposed privacy control architecture is based on the P3P privacy policy description standard de-fined by W3C. The paper identifies extensions to P3P and its associated preference expression lan-guage APPEL that are needed to operate in a context-aware environment.
Content may be subject to copyright.
1
Using P3P in a web services-based context-aware application platform1
Martijn Zuidweg, José Gonçalves Pereira Filho2, Marten van Sinderen
Centre for Telematics and Information Technology, University of Twente
PO Box 217, 7500 AE Enschede, The Netherlands
{zuidweg, filho, sinderen}@cs.utwente.nl
1 The work described in this paper has been sponsored by Freeband Knowledge Impulse, a joint initiative of Dutch Government,
knowledge institutes and industry.
2 On leave from Departamento de Informática, Universidade Federal do Espírito Santo, Brasil. E-mail: zegonc@inf.ufes.br
Abstract
This paper describes a proposal for a privacy
control architecture to be applied in the WASP
project. The WASP project aims to develop a
context-aware service platform on top of 3G
networks, using web services technology. The
proposed privacy control architecture is based on
the P3P privacy policy description standard de-
fined by W3C. The paper identifies extensions to
P3P and its associated preference expression lan-
guage APPEL that are needed to operate in a
context-aware environment.
1 Introduction
Context-aware computing is an emerging com-
puting paradigm that tries to exploit information
about the context of its users to provide new or
improved services.
Dey and Abowd [4] have defined context as
any information that can be used to character-
ize the situation of an entity. An entity is a per-
son, place, or object that is considered relevant
to the interaction between a user and an appli-
cation, including the user and applications
themselves”. This definition is widely used in
literature today.
Schilit [12] identified four classes of ser-
vices that can be provided using contextual in-
formation:
Proximate selection: selection of service
providers based on their location. An exam-
ple would be an application that can provide
a user with a list of museums within walk-
ing distance.
Automatic contextual reconfiguration:
application behaviour changes automatically
depending on the context. For example, a
mobile phone would know that a user is cur-
rently in a meeting and thus not ring when it
is called.
Contextual information and commands:
the same user request returns different re-
sults when executed in different contexts.
For example, a print request would always,
automatically, be routed to the nearest
printer in the building.
Context-triggered actions: commands are
automatically executed when certain con-
textual conditions are met. For example, a
user could set a trigger to receive a reminder
to buy bread when he passes by a bakery.
Context-aware computing environments
may use information provided by many sensors
to acquire knowledge about the context. These
sensors can be invisible to users. It is obvious
that these sensors, gathering information about
people without being noticed, can be a threat to
privacy. If the risks of privacy violation when
using a context-aware application cannot be es-
timated, users may be unwilling to use such a
system. This is why privacy control is essential
in the design of a context-aware computing
platform.
2
This paper aims at providing a privacy con-
trol architecture for the context-aware applica-
tion platform developed in the WASP project
(see section 2).
The rest of this paper is structured as fol-
lows. Section 2 presents a quick overview of the
WASP platform. In section 3, general privacy
issues are explained and the P3P standard is in-
troduced. This standard, originally developed
for web sites, will be used to provide privacy
control in WASP. The applicability of P3P in a
context-aware platform such as WASP is ex-
plained in section 4. Section 5 identifies the ex-
tensions needed to P3P to be used for context-
aware web services. Section 6 depicts the pri-
vacy control architecture of WASP, using P3P.
Section 7 discusses related work. Finally, sec-
tion 8 contains conclusions and presents future
work to be done.
2 WASP
In the WASP (Web Architectures for Services
Platforms) project [15], the University of
Twente, Ericsson and the Telematica Instituut
cooperate in developing a platform to support
context-aware applications based on web ser-
vices. The WASP platform operates on top of
3G networks, using Parlay X [11] as a web ser-
vices interface to 3G network functions.
Typically, users interact with service pro-
viders offering context-aware applications
through their mobile device. A context-aware
application uses context information available
from the WASP platform to provide its services
(Figure 1).
Initially, the WASP project will focus on
tourist applications using location-based ser-
vices. Service providers, called Points of Inter-
est (POI) in WASP, like museums and
restaurants, provide a web services interface.
The descriptions of these services are stored in
a registry, the POI registry. Users can look up
services of interest through this registry.












Figure 1: Interaction between a user, a
service provider (context-aware application)
and the WASP platform.
WASP users will mainly access WASP ap-
plications using mobile devices, such as PDAs
and smart phones. WASP will provide tight in-
tegration with the underlying 3G technology by
offering seamless invocation of network ser-
vices, such as directly making a voice call to the
POI from a WASP application.
3 Privacy and P3P
Whereas several architectures supporting con-
text-aware services have been proposed and
implemented, none of these architectures has
fully integrated privacy control. Nonetheless,
research on privacy has been recognized as an
important topic, and results have been published
on both privacy control in context-aware sys-
tems (see section 7) and privacy in general. This
research has led to a number of widely adopted
principles, both by researchers [1, 7] and legis-
lation (US Privacy Act of 1974 and the EU Di-
rective 95/46/EC):
Notice: People should be informed when
data is collected about them.
Choice and consent: People must explicitly
agree to data collection, and be able to opt
out of using a service if they do not agree
with its practises. Several privacy practise
options should be available if the service
can also be (partially) provided with less in-
trusion on user privacy, to avoid that people
with stronger privacy concerns cannot use a
particular service at all.
Access: An individual should have access to
any data that is gathered about him.
3
Anonymity and pseudonymity: If not nec-
essary, no personal information should be
stored. If services can be used anonymously
or using a pseudonym, this possibility
should be provided. Legislation lays no re-
striction on the collection of unidentifiable
data.
To provide privacy control in WASP, we
want to develop and apply an adapted version
of P3P. P3P (Platform for Privacy Preferences
Project, [14]) is a protocol for web sites to in-
form web users of their data-collection prac-
tices. It was developed by the World Wide Web
Consortium (W3C). P3P enables web sites to
express their privacy practises in an XML
document.
Figure 2 shows a part of such a P3P policy.
This statement explains that some contact in-
formation about the user will be collected to be
able to contact him for marketing purposes. As
indicated by the <RECIPIENT> element, the
information will used by the owner of the web
site and, if the user explicitly chooses for it,
spread to comparable companies.
<STATEMENT>
<CONSEQUENCE>
At your request, we will send you
carefully selected marketing
solicitations that we think you will be
interested in.
</CONSEQUENCE>
<PURPOSE>
<contact required="opt-in"/>
<individual-decision required="opt-in"/>
<tailoring required="opt-in"/>
</PURPOSE>
<RECIPIENT>
<ours/>
<same required="opt-in"/>
</RECIPIENT>
<RETENTION><stated-purpose/></RETENTION>
<DATA-GROUP>
<DATA ref="#user.name" optional="yes"/>
<DATA ref="#user.home-info.postal"
optional="yes"/>
<DATA
ref="#user.home-info.telecom.telephone"
optional="yes"/>
<DATA ref="#user.business-info.postal"
optional="yes"/>
<DATA ref="#user.business-
info.telecom.telephone"
optional="yes"/>
<DATA ref="#user.home-info.online.email"
optional="yes"/>
</DATA-GROUP>
</STATEMENT>
Figure 2: Example P3P statement. Ex-
tracted from [14].
P3P provides a standardized way of associ-
ating these policies with web sites or parts of
web sites, and includes a mechanism for trans-
porting the policies over HTTP.
The intention of P3P is to automatically ne-
gotiate about a web site’s privacy practice, ad-
dressing the principles of notice and choice and
(automatic) consent. To support this, a user
must have previously defined his privacy pref-
erences and stored these in a machine-readable
format. W3C has developed the privacy prefer-
ence description language APPEL [14] for this
purpose. When a user wants to access a web
site, a user agent (embedded in the user’s
browser) first retrieves the web site’s P3P pol-
icy. It then compares the policy with the user
preferences. If the policy complies with the
user’s preferences, the web site is retrieved. If
not, the user may be prompted for further
evaluation, or the request may be cancelled.
This behaviour is depicted in Figure 3.
 

 









 

 









Figure 3: P3P automatic negotiation
The scope of P3P is limited to the concepts
of notice, and choice and consent. Users are in-
formed of a web site’s privacy policy, and
based on this policy they can choose to use the
service or decline it. P3P does not intend to en-
force privacy by technical means. It is up to the
user to make a decision whether or not to trust
the service provider. No guarantee is given that
the service provider will actually conform to its
privacy policy. This should be regulated by law.
4
4 Applicability of P3P in WASP
P3P was developed as a standard for web sites.
Since the main purpose of P3P is to simply de-
scribe services, its applicability is actually much
wider. Web services, used as the enabling tech-
nology in the WASP project, follow a client-
server paradigm that is comparable to interac-
tion on the World Wide Web. Furthermore, P3P
is based on XML, as are web services. Integra-
tion of P3P into the domain of web services will
be quite straightforward. The requirements for
this integration are identified in section 5.
In a context-aware platform, contextual in-
formation is generally acquired through various
sensors. Some of these sensors may reside on
the user’s device, such as a GPS receiver inte-
grated in a mobile phone, while other sensors
may be installed in walls or ceilings of the
building close to or surrounding the user. It may
be simple for users to control the release of con-
textual information that is stored on their own
device, but it may be hard to control informa-
tion gathered at different places in the platform.
As P3P does not provide mechanisms for con-
trolling data release to interested parties, but
simply describes service behaviour, it is irrele-
vant to P3P where the data is coming from. So,
P3P is suitable for an environment where the
data is distributed.
Research has shown that the “inquirer”, i.e.,
the service provider using contextual informa-
tion, is an important determinant for people’s
privacy preferences [8]. This means that users
usually have the same preferences for the same
data collector, no matter where they are or what
they are doing. So, privacy preferences are
strongly influenced by a description of the data
collecting service, which is exactly what P3P
provides.
Other researchers have also proposed to use
(adapted versions of) P3P in context-aware sys-
tems. The works of Langheinrich [6], Myles et
al. [9] and Nilsson et al. [10] all propose pri-
vacy control mechanisms based on P3P for con-
text-aware or location-based environments.
These systems are discussed in more detail in
section 7.
5 Extensions to P3P
Whereas the suitability for P3P in a context-
aware web services-based environment such as
WASP has been argued in the previous section,
some extensions have to be implemented before
we can actually use P3P in such an environ-
ment. This section discusses the extensions
needed to P3P itself as well as to the privacy
preference expression language APPEL.
5.1 P3P in web services-based context-aware
environments
Two extensions to P3P are identified to make it
suitable for a web services-based context-aware
environment. First, P3P will need to be adapted
so that it works with web services instead of
just web sites. Next, P3P will need some
mechanism to reason about contextual informa-
tion. Finally, some adaptation is necessary to
integrate P3P with the context-aware environ-
ment. This will involve several issues:
Policy discovery. Web sites can reference their
policies in multiple ways. Either they can pub-
lish it at a well-know location (/w3c/p3p.xml
relative to the site’s address), they can link it
from the (X)HTML source file, or they can ref-
erence it in HTTP headers.
For web services, we propose to publish the
policy in either the WSDL file describing the
service, or in a registry such as UDDI, or the
WASP POI registry.
It is also possible to use a well-know func-
tion call (analogous to the well-known location
for web sites), but this means that a web service
has to be invoked before the policy is retrieved.
This problem is analogous to the problem of
linking to P3P files from an HTML document,
or sending a reference to the P3P file in HTTP
headers. In these cases, the web site has to be
accessed before its policy can be evaluated.
Contextual information. The P3P specification
describes many predefined data types. These
data types are categorised, and have associated
descriptions of their meaning. This allows also
semantic agreement on the data collected, so
5
that there is no ambiguity between a user and a
service provider about what is exactly collected.
However, as P3P was developed for web sites,
there are no data types addressing the kind of
data that would be gathered in context-aware
environments.
P3P provides extensibility in its specifica-
tion, i.e., a service provider can mention other
types of data (for example user location) than
the ones specified by P3P in a policy. There are
two problems with using such an extension.
First, there is no semantic agreement on the ac-
tual meaning of this data, so it may mean one
thing for one service provider and a completely
different thing for another service provider.
Second, if all contextual information has to be
redefined in every P3P policy, policies may be-
come quite large. This is especially problematic
in environments like the WASP platform, where
users typically use small devices with limited
bandwidth connections. So, contextual informa-
tion should be added to the list of predefined
data types.
Trust. Privacy control using P3P relies on trust.
P3P does not provide any technical means to
enforce privacy. This is left to law and other
regulations. To increase this trust, service pro-
viders could be screened by the context-aware
platform provider, and receive a certificate [16].
5.2 User privacy preferences
P3P is intended to provide privacy control for
simple request-reply web interaction. In this
case, one request leads to one reply. So, a user
can evaluate the site’s privacy policy before
each request, and decide whether or not to use
the service. After the invocation of the service,
no further interactions take place. A new inter-
action can only start on the initiative of the user.
In a context-aware system, it is common for
a user to register with a service once, after
which the service may contact the user many
times. For example, a user may register to a lo-
cation tracking service, which will provide the
user with information every time a certain con-
dition is met.
A problem that arises in this situation is that
user preferences may also be constrained by
context. For example, a user may allow his em-
ployer (in fact: a service acting on the em-
ployer’s behalf) to track his location, but only
during work hours. While a condition like this
may still be checked by the employer before
requesting a user’s location (since both the user
and the employer’s service can have the same
notion of time), it is not difficult to think of
more complicated situations. Suppose the user
will only allow his employer to track his loca-
tion while he is in the office. This condition can
no longer be checked by the employer before
actually retrieving the user’s location. In other
words, a service cannot publish this kind of be-
haviour in its P3P policy and take care of com-
plying with the policy itself. So, user
preferences containing constraints on the con-
textual data that is being collected must be
checked somewhere else, as they cannot be
checked by the service provider.
There is a good argument not to include
these context-dependent conditions in a privacy
policy of a service at all. Context-dependent
conditions are not part of the actual service be-
haviour. They describe user preferences, not
service characteristics.
To support the inclusion of this kind of con-
ditions in user preferences, we are currently de-
veloping an extension to APPEL. This
extension will support the expression of con-
straints on the values of the contextual data
specified by our extension to P3P. For example,
it enables a user to express that a particular ser-
vice provider may only retrieve data between
nine and five, or only retrieve his location while
the user is in his office building.
6 WASP privacy architecture
The proposed privacy architecture for the
WASP platform is depicted in Figure 4. A user
interacts with context-aware services through a
user agent, which can automatically retrieve
P3P policies for the requested services and
compare them to the user’s preferences. This
user agent can reside on the user’s device, or, in
case of small user devices with limited band-
6
width and processing power, somewhere in the
wired network.
Contextual information is shielded from
service providers by the privacy control layer.
This layer is responsible for checking context-
dependent privacy preferences, as explained
below.
Contextual information is available from the
contextual information interpreter. This compo-
nent aggregates all data from sensors and other
context providers (such as for example a user’s
calendar).
User
User agent
Context
aware
service
WASP platform
Privacy control layer
Contextual information interpreter
Sensor
Sensor
Third party
context provider
User
User agent
Context
aware
service
WASP platform
Privacy control layer
Contextual information interpreter
Sensor
Sensor
Third party
context provider
Figure 4: WASP privacy architecture
overview.
In WASP, we separate the evaluation of the
privacy policy of a service and the evaluation of
a user’s context-dependent preferences. Before
a user invokes a service, his user agent will re-
trieve the P3P policy of the service. This will be
compared against the user’s preferences, ex-
pressed in the extended version of APPEL. If
the service’s policy is acceptable (evaluated
automatically from the APPEL preferences, or
after interaction with the user if no suitable rule
is available for automatic evaluation), the user
agent will store the association between the
user, the service and the agreed privacy policy
in the platform’s privacy control layer.
Together with this association, the user’s
context-dependent part of the preferences will
be stored. Every time a service needs contextual
information, it will contact the WASP platform.
The privacy control layer will then check for an
association record between the service, its pol-
icy and the user it wants information about. If
this association exists, the privacy control layer
will evaluate the context-dependent preferences
expressed by the user. If the context-dependent
constraints are satisfied, the privacy control
layer will release the requested contextual in-
formation to the service.
The separation between the checking of the
privacy policy against the user’s preferences
and the checking of the request against the
user’s context-dependent preferences is made
for two reasons. First, it expresses the concep-
tual difference between a privacy policy, de-
scribing a service’s permanent characteristics,
and context-dependent preferences, which are
of a frequently changing nature. Second, it pro-
vides a performance improvement. P3P poli-
cies, which can be quite complex, need to be
compared to the user’s preferences only once.
For further requests for context by a context-
aware service, only the context-dependent con-
straints need to be evaluated.
In practise, this separation enables to estab-
lish the willingness of a user to use a certain
service in principle, even though there are some
conditions under which the user may temporar-
ily wish to stop being tracked by the service.
7 Related work
The use of P3P in context-aware systems has
been proposed by several researchers.
Marc Langheinrich has developed pawS [6],
a privacy-awareness system using P3P. In this
system, data collecting services, which may
also include sensors such as a camera system,
announce their presence to a user and provide
the user with a P3P policy describing their be-
haviour. The user may then choose whether or
not to use the service. Langheinrich expresses
the need to extend P3P with the capability to
describe contextual information. The system
focuses on tracking services that are on by de-
fault. The main difference to the WASP ap-
proach is that in the latter, users take the
7
initiative to request (web) services from service
providers.
Myles, Friday and Davies have also built a
privacy control system based on P3P, called
LocServ [9]. It addresses requests initiated
completely by a service provider. Users of the
context-aware system express their preferences
in so-called validators. These validators contain
APPEL-like rules. Whenever a service provider
wants to collect information about a user, the
context-aware platform will look for a validator
containing a rule that allows data collection by
this particular service provider. Only if a valida-
tor is found that accepts the request from the
service provider, context information is re-
leased. The validators support context-
dependent constraints.
Other approaches for controlling privacy in
context-aware and ubiquitous computing envi-
ronments include anonymous and pseudony-
mous communication [2, 3] and privacy control
of documents by attaching metadata describing
permissions on the documents [5].
8 Conclusions
In this paper, we identified the requirements for
applying a P3P based privacy control mecha-
nism in our context-aware WASP platform. A
privacy architecture has been designed based on
an extended version of P3P and its associated
preference expression language APPEL.
We are currently implementing the proposed
extensions to P3P and APPEL. The next step in
our research will be the actual design and im-
plementation of a prototype of the proposed
privacy architecture. This prototype will be in-
tegrated in the WASP project.
References
[1] Ackerman, A. et al., Privacy in context,
Human-Computer Interaction, 16, 2001, pp.
167-176.
[2] Al-Muhtadi, J. et al., Routing through
the Mist: Privacy Preserving Communication in
Ubiquitous Computing Environments, in Intl.
Conf. of Distributed Computing Systems
(ICDCS 2002) ,Vienna, July 2002, pp. 65-74.
[3] Beresford, A.R. and F. Stajano, Loca-
tion Privacy in Pervasive Computing, IEEE
Pervasive Computing, Jan.-Mar. 2003, pp. 46-
55.
[4] Dey, A. K. and G. D. Abowd, Towards
a Better Understanding of Context and Context-
Awareness, Technical Report 99-22, Georgia
Institute of Technology, 1999.
[5] Jiang, X. and J.A. Landay, Modeling
Privacy Control in Context-Aware Systems, in
IEEE Pervasive Computing, 2002.
[6] Langheinrich, M., A Privacy Awareness
System for Ubiquitous Computing Environ-
ments, in 4th Intl. Conf. on Ubiquitous Comput-
ing (UbiComp 2002), Springer-Verlag LNCS
2498, September 2002, pp. 237-245.
[7] Langheinrich, M., Privacy by Design -
Principles of Privacy-Aware Ubiquitous Sys-
tems, in 3th Intl. Conf. on Ubiquitous Comput-
ing (UbiComp 2001), Springer-Verlag LNCS
2201, 2001, pp. 273-291.
[8] Lederer, S. et al., Who Wants to Know
What When? Privacy Preference Determinants
in Ubiquitous Computing, to appear in Ex-
tended Abstracts of the 2003 Conf. on Human
Factors in Computing Systems (CHI 2003),
April 2003.
[9] Myles, G. et al., Preserving Privacy in
Environments with Location-Based Applica-
tions, IEEE Pervasive Computing, Jan.-Mar.
2003, pp. 56-64.
[10] Nilsson, M. et al., Privacy Enhance-
ments in the Mobile Internet, in IFIP WG
9.6/11.7 Working Conf. on Security and Control
of IT in Society, Bratislava, June 2001.
[11] Parlay Group, Parlay X Web Services
White Paper,
http://www.parlay.org/specs/library/ParlayX-
WhitePaper-1.0.pdf, 2002.
[12] Schilit, B. et al., Context-Aware Com-
puting Applications, in 1st Intl. Workshop on
Mobile Computing Systems and Applications,
1994, pp.85-90.
[13] W3C, A P3P Preference Exchange
Language 1.0 (APPEL1.0), available on
http://www.w3.org/TR/P3P-preferences/, April
2002.
8
[14] W3C, The Platform for Privacy Prefer-
ences 1.0 (P3P1.0) Specification, available on
http://www.w3.org/TR/P3P/, April 2002.
[15] WASP Project,
http://www.freeband.nl/projecten/wasp/ENinde
x.html, 2002.
[16] Wu, M. and A. Friday, Integrating Pri-
vacy Enhancing Services in Ubiquitous Com-
puting Environments, in Workshop on Security
in Ubiquitous Computing, 4th Intl. UbiComp
Conf., 2002.
... Soon, however, it was recognised that P3P, which was originally designed to support Web interactions typically involving e-commerce and business applications, could not meet the requirements of most context-aware applications. Studies such as [98,138] proposed extending the P3P protocol and the APPEL language with appropriate tags and datatypes that better fit the specific characteristics of Ambient Intelligence systems. ...
Article
Today, privacy is a key concept. It is also one which is rapidly evolving with technological advances, and there is no consensus on a single definition for it. In fact, the concept of privacy has been defined in many different ways, ranging from the “right to be left alone” to being a “commodity” that can be bought and sold. In the same time, powerful Ambient Intelligence (AmI) systems are being developed, that deploy context-aware, personalised, adaptive and anticipatory services. In such systems personal data is vastly collected, stored, and distributed, making privacy preservation a critical issue. The human-centred focus of AmI systems has prompted the introduction of new kinds of technologies, e.g. Privacy Enhancing Technologies (PET), and methodologies, e.g. Privacy by Design (PbD), whereby privacy concerns are included in the design of the system. One particular application field, where privacy preservation is of critical importance is Ambient Assisted Living (AAL). Emerging from the continuous increase of the ageing population, AAL focuses on intelligent systems of assistance for a better, healthier and safer life in their living environment. In this paper, we first build on our previous work, in which we introduced a new tripartite categorisation of privacy as a right, an enabler, and a commodity. Second, we highlight the specific privacy issues raised in AAL. Third, we review and discuss current approaches for privacy preservation. Finally, drawing on lessons learned from AAL, we provide insights on the challenges and opportunities that lie ahead. Part of our methodology is a statistical analysis performed on the IEEE publications database. We illustrate our work with AAL scenarios elaborated in cooperation with the city of Luxembourg.
... On the other hand, from the viewpoint of services, context awareness systems have potential for the following services: (1) Services responding to changes in location accompanying the user's movements, (2) Services involving acquisition of t he u s e r 's b eh av ior h i s tor y a nd s uppl y of cor respondi ng i n for mation, (3) Ser vices responding to changes in the environment, such as weather and temperature, and (4) Services involving autonomous calling of other services based on the context state. [11,14] 3 ...
Chapter
Privacy protection constitutes a genuine human right reflected both in the legislation and in different aspects of software engineering. Sensitive information needs to be protected in end-users interaction with Web Services especially in cases, where context-aware features are included. In this work the authors address the inclusion of consumer privacy preferences in the provision of context-aware Web Services. To achieve this the authors propose, on the one hand, a preferences language, where end-users can specify their privacy options, namely Consumer Privacy Language, and, on the other hand, a seamless enforcement mechanism that considers consumer preferences by intercepting and modifying appropriately Simple Object Access Protocol request and response messages. The enforcement approach has been evaluated based on various execution metrics for an example use case consisting of various Web Services and for different user configurations demonstrating the usefulness of the approach assisting towards the provision of privacy-aware environments.
Article
Context-aware e-Services offer entirely new opportunities for application developers and for end users by gathering context data and offering e-services solutions that are adapted to their context. In this paper, using a scenario, we argue for the need for an e-services framework that supports decision-making during fault management process in electricity distribution networks. Then we discuss the different aspects needed to be covered in such a framework and introduce a high-level view of its functional components. The framework functionality was implemented using web services and an android platform. Our experimental work shows improvement in repairing faults thus reducing the associated costs and accordingly increasing user satisfaction and savings in electric power distribution.
Article
Privacy protection constitutes a genuine human right reflected both in the legislation and in different aspects of software engineering. Sensitive information needs to be protected in end-users interaction with Web Services especially in cases, where context-aware features are included. In this work the authors address the inclusion of consumer privacy preferences in the provision of context-aware Web Services. To achieve this the authors propose, on the one hand, a preferences language, where end-users can specify their privacy options, namely Consumer Privacy Language, and, on the other hand, a seamless enforcement mechanism that considers consumer preferences by intercepting and modifying appropriately Simple Object Access Protocol request and response messages. The enforcement approach has been evaluated based on various execution metrics for an example use case consisting of various Web Services and for different users configurations demonstrating the usefulness of the approach assisting towards the provision of privacy-aware environments.
Conference Paper
Personalization or privacy control? is a question one frequently asks himself/herself nowadays with the wide spread of service provision for users on the move. The right to protect intimacy or the right of privacy is a permanent and genuine right of any person. Context-awareness, offering to users services that react proactively to user environment and service conditions, although desirable, breaks into the private sphere. In the Internet world Web Services are usually employed as building blocks in such context-aware applications. In this paper, the reflection of user privacy preferences in the provision of context-aware Web Services is addressed. A user privacy preferences language for context-aware Web Service environments, namely Consumer Privacy Language (CPL), is proposed along with an adaptation mechanism for SOAP messages. The adaptation remains transparent to the end-user, who can profit from Web Services offering both context- and privacy-awareness.
Article
The web has become the largest repository of multimedia information and its convergence with telecommunications is now bringing the benefits of web technology to hand-held devices. To optimize data access using these devices and provide services which meet the user needs through intelligent information retrieval, the system must sense and interpret the user environment and the communication context. In addition, natural spoken conversation with handheld devices makes possible the use of these applications in environments in which the use of GUI interfaces is not effective, provides a more natural human-computer interaction, and facilitates access to the web for people with visual or motor disabilities, allowing their integration and the elimination of barriers to Internet access. In this paper, we present an architecture for the design of context-aware systems that use speech to access web services. Our contribution focuses specifically on the use of context information to improve the effectiveness of providing web services by using a spoken dialog system for the user-system interaction. We also describe an application of our proposal to develop a context-aware railway information system, and provide a detailed evaluation of the influence of the context information in the quality of the services that are supplied.
Article
Full-text available
This paper discusses the use of context in Web services personalization. The objective of personalization is to accommodate user preferences, which are of different types varying from when the execution of a Web service should start to where the outcome of this execution should be delivered. Besides user preferences, computing resources on which the Web services operate have an impact on the personalization of Web services. To track the personalization of a Web service, three types of contexts are devised and referred to as user context, Web service context, and resource context.
Article
In this paper, we propose a security framework, looking at different policies for data access control in the mobile environments. We have started with extending the Platform for Privacy Preferences (P3P) policy for controlling the data access. The aim is to modify the P3P policy and to use it in the security capsule of a mobile handset. The service provider can publish the P3P policy in the WebServices and request the mobile client for the user preferences. With the introduction of P3P policy into the mobile device the access to the data is controlled including user preferences and identity mapping. Service provider data will always be encrypted and successful decryption will be a big challenge. Further we looked at the extensible Access Control Markup Language (XACML) policy as it is the way forward for the mobile environment and XACML is the latest policy that is operational smoothly in the mobile environment. Though XACML is a rich framework, it intentionally does not address how to preserve the privacy of authorization entities. For this, we require well-defined trust relationships between the participants, but first time business partners may not have pre-existing relationships. Therefore, a mechanism for gradual building of trust is needed and the security capsule that is presented in this work will provide this. This paper identifies the steps involved in performing transactions with the service provider through the retrieval of policy information and hence proposes an architecture that verifies the data access control.
Conference Paper
Full-text available
This paper describes systems that examine and react to an individual's changing context. Such systems can promote and mediate people's interactions with devices, computers, and other people, and they can help navigate unfamiliar places. We believe that a limited amount of information covering a person's proximate environment is most important for this form of computing since the interesting part of the world around us is what we can see, hear, and touch. In this paper we define context-aware computing, and describe four catagories of context-aware applications: proximate selection, automatic contextual reconfiguration, contextual information and commands, and contex-triggered actions. Instances of these application types have been prototyped on the PARCTAB, a wireless, palm-sized computer.
Article
Full-text available
Various aspects of location based applications in privacy issues are discussed. Global Positioning System (GPS) and phone based technologies come under the location based applications. The step in protecting users location privacy is notifying them of requests for the privacy information. LocServ is created to support the various location based applications which is a middleware service that lies between location based application and location tracking technologies. Validators check the acceptability of privacy policy and determines wheather a system should accept a request. Potential validator component includes user conformation, user data and context and external services.
Article
Full-text available
A technique called as the mix-zone, a new construction inspired by anonymous communication techniques, together with metrics for assessing user anonymity is discussed. Mix zones are based on location privacy, a particular type of information privacy. The applications of location privacy in pervasive computing are also discussed. When location systems track users automatically on an ongoing basis, they generate an enormous amount of potentially sensitive information. Privacy of location information controls access to this information.
Article
Significant complexity issues challenge designers of context-aware systems with privacy control. Information spaces provide a way to organize information, resources, and services around important privacy-relevant contextual factors. In this article, we describe a theoretical model for privacy control in context-aware systems based on a core abstraction of information spaces. We have previously focused on deriving socially based privacy objectives in pervasive computing environments. Building on Ravi Sandhu's four-layer OM-AM (objectives, models, architectures, and mechanisms) idea, we aim to use information spaces to construct a model for privacy control that supports our socially based privacy objectives. We also discuss how we can introduce decentralization, a desirable property for many pervasive computing systems, into our information space model, using unified privacy tagging.
Conference Paper
Protecting personal privacy is going to be a prime concern for the deployment of ubiquitous computing systems in the real world. With daunting Orwellian visions looming, it is easy to conclude that tamper-proof technical protection mechanisms such as strong anonymization and encryption are the only solutions to such privacy threats. However, we argue that such perfect protection for personal information will hardly be achievable, and propose instead to build systems that help others respect our personal privacy, enable us to be aware of our own privacy, and to rely on social and legal norms to protect us from the few wrongdoers. We introduce a privacy awareness system targeted at ubiquitous computing environments that allows data collectors to both announce and implement data usage policies, as well as providing data subjects with technical means to keep track of their personal information as it is stored, used, and possibly removed from the system. Even though such a system cannot guarantee our privacy, we believe that it can create a sense of accountability in a world of invisible services that we will be comfortable living in and interacting with.