AN ONTOLOGICAL APPROACH TO VERIFYING P3P POLICIES

Assadarat Khurat, Boontawee Suntisrivaraporn

2011

Abstract

Privacy has become a crucial issue in the online services realm. P3P policy is a privacy policy enabling websites to express their privacy practices. With this policy, online users can check against their privacy preferences which facilitates the users to decide whether or not the service should be used. However, the interpretation of a P3P policy is unwieldy due to the lack of a precise semantics of its descriptions and constraints. For instance, it is admissible to have purpose and recipient values that have inconsistent meaning. Thus, there is a need for an explicit formal semantics for P3P policy to mitigate this problem. In this paper, we propose to use an OWL ontology to systematically and precisely describe the structures and constraints inherent in the P3P specification. Additional constraints are also defined and incorporated into the ontology in such a way that the reasons of an invalid P3P policy can be disclosed after the verification done by an OWL reasoner.

References

  1. Bechhofer, S., van Harmelen, F., Hendler, J., Horrocks, I., McGuinness, D. L., Patel-Schneider, P. F., and Stein, L. A. (2004). OWL Web Ontology Language reference. W3C Recommendation.
  2. Cranor, L. (2003). P3P 1.1 user agent guidelines. P3P User Agent Task Force Report 23.
  3. Cranor, L., Langheinrich, M., Marchiori, M., PreslerMarshall, M., and Reagle, J. (2002). The Platform for Privacy Preference 1.0 (P3P1.0) Specification. W3C Recommendation.
  4. Damiani, E., De Capitani di Vimercati, S., Fugazza, C., and P.Samarati (2004). Semantics-aware privacy and access control: Motivation and preliminary results. In 1st Italian Semantic Web Workshop, Ancona, Italy.
  5. Hogben, G. (2004). P3P using the semantic web (Web ontology, RDF policy and RDQL rules). W3C Working Group Note 3 September 2004.
  6. Hogben, G. (2005). Describing the P3P base data schema using OWL. In WWW2005, Workshop on Policy Management for the Web.
  7. Karjoth, G., Schunter, M., Herreweghen, E. V., and Waidner, M. (2003). Amending P3P for clearer privacy promises. In 14th International Workshop on Database and Expert Systems Applications. IEEE Computer Society.
  8. Li, N., Yu, T., and Antón (2003). A semantics-based approach to privacy languages. Technical Report TR2003-28, CERIAS.
  9. Yu, T., Li, N., and Antón, A. (2004). A formal semantics for P3P. In ACM Workshop on Secure Web Services.
Download


Paper Citation


in Harvard Style

Khurat A. and Suntisrivaraporn B. (2011). AN ONTOLOGICAL APPROACH TO VERIFYING P3P POLICIES . In Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: KEOD, (IC3K 2011) ISBN 978-989-8425-80-5, pages 349-353. DOI: 10.5220/0003628203490353


in Bibtex Style

@conference{keod11,
author={Assadarat Khurat and Boontawee Suntisrivaraporn},
title={AN ONTOLOGICAL APPROACH TO VERIFYING P3P POLICIES},
booktitle={Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: KEOD, (IC3K 2011)},
year={2011},
pages={349-353},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0003628203490353},
isbn={978-989-8425-80-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Knowledge Engineering and Ontology Development - Volume 1: KEOD, (IC3K 2011)
TI - AN ONTOLOGICAL APPROACH TO VERIFYING P3P POLICIES
SN - 978-989-8425-80-5
AU - Khurat A.
AU - Suntisrivaraporn B.
PY - 2011
SP - 349
EP - 353
DO - 10.5220/0003628203490353