Date of Award
2009
Degree Type
Thesis
Degree Name
Master of Engineering Science
Program
Electrical and Computer Engineering
Supervisor
Dr. Miriam Capretz
Abstract
Service-Oriented Architecture (SOA) is a computer systems design concept which aims to achieve reusability and integration in a distributed environment through the use of autonomous, loosely coupled, interoperable abstractions known as services. In order to interoperate, communication between services is very important due to their autonomous nature. This communication provides services with their functional strengths, but also creates the opportunity for the loss of privacy. In this thesis, a Privacy Protection Framework for Service-Oriented Architecture (PPFSOA) is proposed. In this framework, a Privacy Service (PS) is used in combination with privacy policies to create privacy contracts that outline what can and cannot be done with a consumer’s personally identifiable information (PII). The privacy policy consists of one-to-many privacy rules, with each rule created from a set of six privacy elements: collector, what, purpose, retention, recipient and trust. These elements were carefully selected from a set of Fair Information Practices (FIP) which has been used as the basis for privacy legislation around the world. The PS plays the role of negotiator, comparing privacy policies to create privacy contracts and resolving any conflicts that arise during this process. The PS acts as an intermediary between the service consumer and service provider, to establish an unbiased contract before the two parties begin sending PII. An examination of what current approaches to protecting privacy in an SOA environment is also presented. Finally, a proof of concept is shown which demonstrates the behaviour of a functioning PS in multiple scenarios
Recommended Citation
Allison, David S., "Privacy Protection Framework for Service-Oriented Architecture" (2009). Digitized Theses. 3861.
https://ir.lib.uwo.ca/digitizedtheses/3861