W3C home > Mailing lists > Public > public-pling@w3.org > February 2008

RE: PLING Wiki Site: Use Cases, Policy Frameworks and Related Activities

From: <ardagna@dti.unimi.it>
Date: Fri, 8 Feb 2008 17:19:24 +0100 (CET)
Message-ID: <1524.159.149.71.78.1202487564.squirrel@mailserver.dti.unimi.it>
To: "public-pling@w3.org" <public-pling@w3.org>

Dear All,
I just added a use case to the PLING wiki site
(http://www.w3.org/Policy/pling/wiki/UseCases). For your convenience, I
have added the use case at the end of this mail.

Also I added a link to the Policy Languages and Framework developed in the
context of European PRIME project
(https://www.prime-project.eu/prime_products/): "The EU PRIME Project has
developed a privacy-aware access control policy language and a data
handling policy language, comprehensive of privacy obligation policies.
This R&D work is in progress. Documentation is available online, about the
overall PRIME approach and philosophy. The aim has primarily been to deal
with privacy management both at the user and enterprise/organisational
sides. PRIME R&D work factors in "privacy elements" into policies,
including users's preferences and organisational privacy constraints and
automates policy decision and enforcement steps. PRIME recognises that
different types of policies and languages are required in the privacy
management space, given its complexity and variety of needs and
requirements.".

Best Regards,
Claudio.

*******************

Title: Location-based Access Control Policies and Privacy in Pervasive and
Distributed Environments - Use Case

Description: The diffusion and reliability that mobile technologies have
achieved provide the means to exploit location information for improving
current location-based services in a novel way. Location awareness
supports an extended context of interaction for each user and resource in
the environment, eventually modelling a number of spatial-temporal
relationships among users and resources. In a location-aware environment,
context is not the static situation of a predefined environment; rather,
it is a dynamic part of the process of interacting with a changing
environment, composed of mobile users and resources.

In the context of access control model and languages, the requester’s
profile is not anymore the only thing that matters: context information
and, in particular, physical location of users may also play an important
role in determining access rights. The need of a Location-based Access
Control (LBAC) model then arises. Location-based information now
potentially available to access control modules includes the position and
mobility of the requester when a certain access request is submitted. This
kind of fine-grained context information potentially supports a new class
of location-aware conditions regulating access to and fruition of
resources. A requester then could be granted or denied access by
validating location-based credentials. Main requirements regarding LBAC
are:
- the integration of access control policies with location-based
conditions, focusing on policies evaluation and enforcement challenges
that such an extension to access control policies inevitably carries;
- when evaluating location-aware conditions, we need to consider that
location-based information is radically different from other
context-related knowledge inasmuch it is both approximate (all location
systems have a margin of error) and time-variant (location is subject to
fast changes, especially when the user is in motion).

The physical location of individuals is then rapidly becoming easily
available as a class of personal information that can be processed for
providing a new wave of online and mobile services, such as,
Location-based Access Control service. As an effect, however, privacy
concerns are increasing, calling for more sophisticated solutions for
providing users with different and manageable levels of privacy. Threats
to personal privacy in fact are ramping up, as witnessed by recent
security incidents targeting privacy of individuals, revealed faulty data
management practices, and unauthorized trading of users personal
information (including ID thefts and unauthorized profiling). Location
information is not immune from such threats and presents new dangers such
as stalking or physical harassment. In such a scenario, the lack of
location privacy protection could result in severe consequences that make
users the target of fraudulent attacks:
- unsolicited advertising, the location of the user could be exploited,
without her consent, to provide advertisements of products and services
available nearby the user position;
- physical attacks or harassment, the location of the user could be used
to carry physical assaults to individuals;
- users profiling, the location of the user, which intrinsically carries
personal information, could be used to infer other sensitive information
such as state of health, personal habits, professional duties, and the
like;
- denial of service, the location of the user could be used to deny
accesses to services under some circumstances.

The problem of protecting location privacy of the users by providing a
comprehensive solution aimed at preserving location privacy of individuals
through artificial perturbations of location information collected by
sensing technologies arises. An important requirement of solutions trying
to protect location privacy is to strike a balance between the need of
service providers, requiring a certain level of location accuracy for
high-quality service provisioning, and the need of users, asking to
minimize the disclosure of personal location information. Three different
classes of location privacy solutions have been introduced in the past:
anonymity-based, obfuscation-based, and policy-based. Anonymity-based
solutions have been primarily defined to protect identity privacy and then
the link between location information and users identity.
Obfuscation-based solution are well suited for position protection.
Policy-based techniques are in general suitable for protecting both
identity and location information of the users. However, they are usually
difficult to understand and manage for end users.

How can we address the requirements introduced by a LBAC scenario and at
the same time the need of solutions to protect the privacy of location
information, still preserving a level of accuracy?
Received on Friday, 8 February 2008 16:19:46 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 8 February 2008 16:19:47 GMT