Privacy Protection Framework with Defined Policies for Service-Oriented Architecture

Authors

David S. Allison, Western UniversityFollow
Miriam AM Capretz, Western UniversityFollow
Hany F. ELYamany, Suez Canal UniversityFollow
Shuying Wang, Western UniversityFollow

Document Type

Article

Publication Date

3-2012

Volume

5

Issue

3

Journal

Journal of Software Engineering and Applications

First Page

200

URL with Digital Object Identifier

http://dx.doi.org/10.4236/jsea.2012.53026

Last Page

215

Abstract

Service-Oriented Architecture (SOA) is a computer systems design concept which aims to achieve reusability and integration in a distributed environment through the use of autonomous, loosely coupled, interoperable abstractions known as services. In order to interoperate, communication between services is very important due to their autonomous nature. This communication provides services with their functional strengths, but also creates the opportunity for the loss of privacy. In this paper, a Privacy Protection Framework for Service-Oriented Architecture (PPFSOA) is described. In this framework, a Privacy Service (PS) is used in combination with privacy policies to create privacy contracts that outline what can and cannot be done with a consumer’s personally identifiable information (PII). The privacy policy consists of one-to-many privacy rules, with each rule created from a set of six privacy elements: collector, what, purpose, retention, recipient and trust. The PS acts as an intermediary between the service consumer and service provider, to establish an unbiased contract before the two parties begin sending PII. It is shown how many Privacy Services work together to form the privacy protection framework. An examination of what current approaches to protecting privacy in an SOA environment is also presented. Finally, the operations the PS must perform in order to fulfill its tasks are outlined.