Privacy Protocol

Privacy-aware Web Service Protocols

Modelling and development of privacy-aware Web service protocol

One of the problems in addressing privacy issues in Web services is that there is no proper modelling technique for capturing the privacy requirements for a Web service. That is, no current Web service modelling technologies offer a simple way to state a privacy requirement (e.g., The intended recipient of this message is a delivery service and the data should be removed after the delivery is completed.) in a Web service model.

Privacy policies do not discuss the behaviour of individual business applications within the organisation that actually collect/analyse and distribute personal data. This makes the enforcement of the policies difficult. We argue that a model-driven approach, where privacy policies are modelled explicitly as part of the Web service behaviour, can contribute to making the privacy policies explicit and enforceable. This project has two components:

Tool for modelling privacy-aware Web service protocol

We propose a Web service modeling technique and its supporting tool purposely designed to capture privacy abstractions while describing the behaviour of a Web service. The tool will provide the Web service protocol designer a way to annotate a Web service protocol with various privacy properties. The tool should also verify that the annotated model is correct with regards to some pre-defined criteria.

Technology: Eclipse (plug-ins), State Machines, XML, Java

References:

• Boualem Benatallah, Fabio Casati, Farouk Toumani, Julien Ponge, Hamid R. Motahari Nezhad: Service Mosaic: A Model-Driven Framework for Web Services Life-Cycle Management. IEEE Internet Computing 10(4): 55-63 (2006)
• Boualem Benatallah, Fabio Casati, Farouk Toumani, Rachid Hamadi: Conceptual Modeling of Web Service Conversations. CAiSE 2003: 449-467
• Conceptual Modeling of Privacy-Aware Web Service Protocols, Hamadi R, Paik H and Benatallah B, 19th International Conference on Advanced Information Systems Engineering (CAiSE 2007), 11-15 June 2007, Trondheim, Norway, pp.233-248 (PDF)

Automatic translation of privacy-aware Web service protocol into AOP-BPEL

The model proposed above enables expressing privacy requirements in Web service protocol. An application of such model is to automatically generate code (i.e., a BPEL file) from it. The idea is that the code generation process will ensure that the implementation of privacy requirements are 'injected' as aspects into BPEL. This provides an automated privacy enforcement framework for business processes.

Technology: BPEL, Aspect Oriented Programming, State Machines, XML, Java

References:

• Karim Baina, Boualem Benatallah, Fabio Casati, Farouk Toumani: Model-Driven Web Service Development. CAiSE 2004: 290-306
• Recent publications from the AO4BPEL Project Web site

• Helen Home -
• CSE HomePage
• SOC HomePage

Content

• Teaching
• Research
• Supervision
• Publications
• Professional Services
• Grants & Awards

Projects

• Current Projects
  • UNSW LBS (demo)
• Process Mashups
  • BOP
  • Vicki
• Personal Processes
• Privacy Protocol
• Task Memories
• Visualised Worklist

edit SideBar