Options
Privacy policies verification in composite services using OWL
Publikationstyp
Journal Article
Date Issued
2017
Sprache
English
TORE-URI
Journal
Volume
67
Start Page
122
End Page
141
Citation
Computers and Security (67): 122-141 (2017)
Publisher DOI
Scopus ID
Publisher
Elsevier Science
Privacy has been an important issue for online services collecting customer data. P3P is a privacy policy language with a fixed vocabulary to express privacy practices of online services. The matching between the privacy practices (P3P policies) and users’ privacy preferences facilitates the users to be aware of services’ usage of their data. However, the change from single to composite online services raises more privacy concern due to the increasing amount of user data being collected, stored and shared. This change impacts on P3P since it was designed from a single service perspective. In addition, P3P allows the specification of policies containing semantic inconsistencies. In this paper, we extend P3P to be suitable for composite services and propose a formal semantics for P3P using OWL to facilitate reasoning about semantic ambiguities in P3P policies. The constraints defined in our ontology are used to verify potential semantic inconsistencies and to check for conflicts occurring from P3P policies of service members. We have implemented a P3P verification tool and verified five hundred P3P policies collected from actual websites. The verification result shows that more than half of these P3P policies contain conflicts.
Subjects
P3P policy
privacy policy
OWL ontology
composite service
reasoning
DDC Class
600: Technik