Abstract
User-centric privacy management is an important component of the Personal Web, and even more so in the context of personal health applications. We describe the motivations behind the development of a personal web privacy framework and outline a layered model for self-management of privacy in the context of Personal Health Record applications. In this paper we provide an overview of our framework. The privacy goals and settings mediator model addresses the understandability problem of privacy agreements and settings by supporting the users’ privacy decision-making process. This model provides privacy experts with the tool support to encode their knowledge and fill the gap between the end-users’ high-level privacy intentions and what personal health applications offer as privacy features. The second model in our framework, smart privacy model, is an ontological model that supports privacy enforcement. The model provides interoperable and computer interpretable translations of privacy settings, allowing the privacy settings selected by a user, to be translated as enforceable constraints on the data and processes of a personal workflow.
Access provided by Autonomous University of Puebla. Download to read the full chapter text
Chapter PDF
Similar content being viewed by others
Keywords
References
Chignell, M., Cordy, J., Ng, J., Yesha, Y. (eds.): The Smart Internet. LNCS, vol. 6400. Springer, Heidelberg (2010)
Mandl, K.D., Kohane, I.S.: No Small Change for the Health Information Economy. N. Engl. J. Med. 360(13), 1278–1281 (2009)
Chechik, M., Simmonds, J., Ben-David, S., Nejati, S., Sabetzadeh, M., Salay, R.: Modeling and analysis of personal web applications: A vision. In: Proc. of CASCON, vol. 10 (2010)
Eytan, T.: Coming to Social Media in Care Deliver Tech Demo Day: Lininkg Social Networks and PHRs (2011), http://www.tedeytan.com/2011/07/28/8708
Mandl, K., Simons, W., Crawford, W., Abbett, J.: Indivo: a personally controlled health record for health information exchange and communication. BMC Medical Informatics and Decision Making 7(1), 25 (2007)
Markle Foundation: Knowledge network: Survey on public opinions on the potential and privacy considerations of individually controlled electronic personal health records. Knowledge Network, Connection for Health (2008)
Pollach, I.: What’s wrong with online privacy policies? Commun. ACM 50(9), 103–108 (2007)
Yu, E., Giorgini, P., Maiden, N., Mylopoulos, J.: Social Modeling for Requirements Engineering. MIT Press (2011)
Greenspan, S., Borgida, A., Mylopoulos, J.: A requirements modeling language and its logic. Information Systems 11(1), 9–23 (1986)
Nuseibeh, B., Easterbrook, S.: Requirements engineering: a roadmap. In: The Future of Software Engineering, pp. 35–46. ACM (2000)
OpenOME: An open-source Organization Modeling Environement (OME) (2010), https://se.cs.toronto.edu/trac/ome/wiki
Samavi, R., Consens, M.P., Topaloglou, T.: Privacy goals and settings mediator model for PHRs. In: SocialCom/PASSAT, pp. 1141–1146 (2011)
Cranor, L., Langheinrich, M., Marchiori, M., Reagle, J.: The platform for privacy preferences (P3P)1.0 specification. W3C Recommendation (2002), http://www.w3c.org/TR/P3P/
OASIS: OASIS eXtensible Access Control Markup Language v2.0 (XACML) (February 2005)
Backes, M., Pfitzmann, B., Schunter, M.: A toolkit for managing enterprise privacy policies. In: Proc. ESORICS, pp. 162–180 (2003)
Gruninger, M.: Ontology of the process specification language. In: Handbook on Ontologies, pp. 575–592 (2004)
Cavoukian, A.: Privacy By Design, Take The Challeneg. Office of Information and Privacy Commissioner of Ontario (2009)
Barth, A., Datta, A., Mitchell, J.C., Nissenbaum, H.: Privacy and contextual integrity: Framework and applications. In: Proc. SP, pp. 184–198 (2006)
May, M.J., Gunter, C.A., Lee, I.: Privacy APIs: Access Control Techniques to Analyze and Verify Legal Privacy Policies. In: CSFW, pp. 85–97. IEEE Computer Society (2006)
Pollach, I.: Online privacy as a corporate social responsibility: an empirical study. Business Ethics: A European Review 20(1), 88–102 (2011)
HL7 International: Consent directive use cases. online by Community-Based Collaborative Care (2008), http://wiki.hl7.org/index.php?title=Consent_Directive_Use_Cases
Van Lamsweerde, A.: Goal-oriented requirements engineering: A guided tour. In: RE, pp. 249–262. IEEE (2001)
Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Reasoning with goal models. In: Conceptual Modeling-ER 2002, pp. 167–181 (2003)
Sebastiani, R., Giorgini, P., Mylopoulos, J.: Simple and minimum-cost satisfiability for goal models. In: Persson, A., Stirna, J. (eds.) CAiSE 2004. LNCS, vol. 3084, pp. 20–35. Springer, Heidelberg (2004)
Kvale, S., Brinkmann, S.: Interviews: Learning the craft of qualitative research interviewing. Sage Publications (2008)
Horkoff, J., Yu, E.: Finding solutions in goal models: an interactive backward reasoning approach. In: Parsons, J., Saeki, M., Shoval, P., Woo, C., Wand, Y. (eds.) ER 2010. LNCS, vol. 6412, pp. 59–75. Springer, Heidelberg (2010)
Grau, G., Horkoff, J., Yu, E., Abdulhadi, S.: I star guide (2010), http://istar.rwth-aachen.de/tiki-view_articles.php
Horkoff, J.: Iterative, Interactive Analysis of Agent-goal Models for Early Requirements Engineering. PhD thesis, University of Toronto (2012)
Grau, G., Franch, X., Maiden, N.A.M.: Prim: An i*-based process reengineering method for information systems specification. Information & Software Technology 50(1-2), 76–100 (2008)
Strohmaier, M., Horkoff, J., Yu, E., Aranda, J., Easterbrook, S.: Can patterns improve i* modeling? two exploratory studies. Requirements Engineering: Foundation for Software Quality, 153–167 (2008)
Nissenbaum, H.: Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford Law Books (2009)
Liaskos, S., Lapouchnian, A., Wang, Y., Yu, Y., Easterbrook, S.: Configuring common personal software: a requirements-driven approach. In: RE, pp. 9–18. IEEE (2005)
Liu, L., Yu, E., Mylopoulos, J.: Security and privacy requirements analysis within a social setting. In: RE, pp. 151–161. IEEE (2003)
Yu, E., Cysneiros, L.: Designing for privacy in a multi-agent world. Trust, Reputation, and Security: Theories and Practice (2003) 259–269
Samavi, R., Topaloglou, T.: Designing privacy-aware personal health record systems. In: Song, I.-Y., et al (eds.) ER Workshops 2008. LNCS, vol. 5232, pp. 12–21. Springer, Heidelberg (2008)
Mouratidis, H., Giorgini, P., Manson, G.: When security meets software engineering: a case of modelling secure information systems. Information Systems 30(8), 609–629 (2005)
Giorgini, P., Massacci, F., Mylopoulos, J., Zannone, N.: Modeling security requirements through ownership, permission and delegation. In: RE, pp. 167–176. IEEE (2005)
Hilty, M., Basin, D., Pretschner, A.: On obligations. In: di Vimercati, S.d.C., Syverson, P., Gollmann, D. (eds.) ESORICS 2005. LNCS, vol. 3679, pp. 98–117. Springer, Heidelberg (2005)
Halamka, J., Mandl, K., Tang, P.: Early experiences with personal health records. Journal of the American Medical Informatics Association 15(1), 1–7 (2008)
Kaelber, D., Jha, A., Johnston, D., Middleton, B., Bates, D.: A research agenda for personal health records (phrs). Journal of the American Medical Informatics Association 15(6), 729–736 (2008)
Gellman, R.: Personal health records: Why many phrs threaten privacy. Technical report, World Privacy Forum (2008)
Wynia, M., Dunn, K.: Dreams and nightmares: practical and ethical issues for patients and physicians using personal health records. The Journal of Law, Medicine & Ethics 38(1), 64–73 (2010)
He, Q., Antón, A., et al.: A framework for modeling privacy requirements in role engineering. In: Proc. of REFSQ, vol. 3, pp. 137–146 (2003)
Cranor, L., Langheinrich, M., Marchiori, M.: A P3P preference exchange language 1.0 (APPEL1.0). W3C Working Draft (2002)
Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: An xpath-based preference language for P3P. In: WWW, pp. 629–639 (2003)
Becker, M., Malkis, A., Bussard, L.: S4p: A generic language for specifying privacy preferences and policies. Technical report, Technical Report MSR-TR-2010-32, Microsoft Research (2010)
Ni, Q., Bertino, E., Lobo, J.: An obligation model bridging access control policies and privacy policies. In: Proc. SACMAT, pp. 133–142 (2008)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this chapter
Cite this chapter
Samavi, R., Consens, M.P., Topaloglou, T. (2013). A Privacy Framework for the Personal Web. In: Chignell, M., Cordy, J.R., Kealey, R., Ng, J., Yesha, Y. (eds) The Personal Web. Lecture Notes in Computer Science, vol 7855. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-39995-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-39995-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-39994-7
Online ISBN: 978-3-642-39995-4
eBook Packages: Computer ScienceComputer Science (R0)