- From: <ardagna@dti.unimi.it>
- Date: Fri, 8 Feb 2008 17:19:24 +0100 (CET)
- To: "public-pling@w3.org" <public-pling@w3.org>
Dear All, I just added a use case to the PLING wiki site (http://www.w3.org/Policy/pling/wiki/UseCases). For your convenience, I have added the use case at the end of this mail. Also I added a link to the Policy Languages and Framework developed in the context of European PRIME project (https://www.prime-project.eu/prime_products/): "The EU PRIME Project has developed a privacy-aware access control policy language and a data handling policy language, comprehensive of privacy obligation policies. This R&D work is in progress. Documentation is available online, about the overall PRIME approach and philosophy. The aim has primarily been to deal with privacy management both at the user and enterprise/organisational sides. PRIME R&D work factors in "privacy elements" into policies, including users's preferences and organisational privacy constraints and automates policy decision and enforcement steps. PRIME recognises that different types of policies and languages are required in the privacy management space, given its complexity and variety of needs and requirements.". Best Regards, Claudio. ******************* Title: Location-based Access Control Policies and Privacy in Pervasive and Distributed Environments - Use Case Description: The diffusion and reliability that mobile technologies have achieved provide the means to exploit location information for improving current location-based services in a novel way. Location awareness supports an extended context of interaction for each user and resource in the environment, eventually modelling a number of spatial-temporal relationships among users and resources. In a location-aware environment, context is not the static situation of a predefined environment; rather, it is a dynamic part of the process of interacting with a changing environment, composed of mobile users and resources. In the context of access control model and languages, the requester’s profile is not anymore the only thing that matters: context information and, in particular, physical location of users may also play an important role in determining access rights. The need of a Location-based Access Control (LBAC) model then arises. Location-based information now potentially available to access control modules includes the position and mobility of the requester when a certain access request is submitted. This kind of fine-grained context information potentially supports a new class of location-aware conditions regulating access to and fruition of resources. A requester then could be granted or denied access by validating location-based credentials. Main requirements regarding LBAC are: - the integration of access control policies with location-based conditions, focusing on policies evaluation and enforcement challenges that such an extension to access control policies inevitably carries; - when evaluating location-aware conditions, we need to consider that location-based information is radically different from other context-related knowledge inasmuch it is both approximate (all location systems have a margin of error) and time-variant (location is subject to fast changes, especially when the user is in motion). The physical location of individuals is then rapidly becoming easily available as a class of personal information that can be processed for providing a new wave of online and mobile services, such as, Location-based Access Control service. As an effect, however, privacy concerns are increasing, calling for more sophisticated solutions for providing users with different and manageable levels of privacy. Threats to personal privacy in fact are ramping up, as witnessed by recent security incidents targeting privacy of individuals, revealed faulty data management practices, and unauthorized trading of users personal information (including ID thefts and unauthorized profiling). Location information is not immune from such threats and presents new dangers such as stalking or physical harassment. In such a scenario, the lack of location privacy protection could result in severe consequences that make users the target of fraudulent attacks: - unsolicited advertising, the location of the user could be exploited, without her consent, to provide advertisements of products and services available nearby the user position; - physical attacks or harassment, the location of the user could be used to carry physical assaults to individuals; - users profiling, the location of the user, which intrinsically carries personal information, could be used to infer other sensitive information such as state of health, personal habits, professional duties, and the like; - denial of service, the location of the user could be used to deny accesses to services under some circumstances. The problem of protecting location privacy of the users by providing a comprehensive solution aimed at preserving location privacy of individuals through artificial perturbations of location information collected by sensing technologies arises. An important requirement of solutions trying to protect location privacy is to strike a balance between the need of service providers, requiring a certain level of location accuracy for high-quality service provisioning, and the need of users, asking to minimize the disclosure of personal location information. Three different classes of location privacy solutions have been introduced in the past: anonymity-based, obfuscation-based, and policy-based. Anonymity-based solutions have been primarily defined to protect identity privacy and then the link between location information and users identity. Obfuscation-based solution are well suited for position protection. Policy-based techniques are in general suitable for protecting both identity and location information of the users. However, they are usually difficult to understand and manage for end users. How can we address the requirements introduced by a LBAC scenario and at the same time the need of solutions to protect the privacy of location information, still preserving a level of accuracy?
Received on Friday, 8 February 2008 16:19:46 UTC