Re: PROV-AQ security (privacy) considerations

Yolanda,

Back online, I've now reviewed the use cases you identified, and realize my 
earlier response really missed your point.  I propose to add a new paragraph to 
the security considerations section:

[[
Provenance information may be used as a basis for auditing use of information to 
help establish accountability for information use [1] and due process in 
performing information processing tasks.  Thus, provenance management systems 
can provide mechanisms to support enforcement and auditing of privacy and other 
information handling policies. In such use, provenance information itself may be 
a valuable target for attack by malicious agents, and care must be taken to 
ensure that provenance records are stored securely and in a fashion that resists 
attempts to tamper with it.

[1] Information Accountability, Weitzner, Abelson, Berners-Lee, Feigenbaum, 
Hendler, Sussman, 
Communications of the ACM, Jun. 2008, 82-87, 
http://doi.acm.org/10.1145/1349026.1349043 (alt: 
http://dig.csail.mit.edu/2008/06/info-accountability-cacm-weitzner.pdf)
]]

(I think this is a very appropriate place to flag the Weitzner reference - 
thanks for indirectly directing me to it.)

#g
--


On 07/11/2012 01:12, Yolanda Gil wrote:
> Hi Graham,
>
> Privacy is indeed an important issue, I am very happy that you tracked this.  We
> collected several use cases from the community during the Provenance Incubator
> that brought up provenance issues, in particular:
>
> http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_Report#Anonymous_Information
> http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_Report#Provenance_and_Private_Data_Use
>
> http://www.w3.org/2005/Incubator/prov/wiki/Use_Case_Report#Fulfilling_Contractual_Obligations
>
>
> We reflected privacy concerns in one of the three driving scenarios that we
> synthesized out of the use cases:
>
> http://www.w3.org/2005/Incubator/prov/wiki/Analysis_of_Business_Contract_Scenario
>
> Based on the discussions we had on the above, the text that you propose makes
> sense to me.  If anything, I'd add a sentence at the end:
>
> "Provenance management systems can provide mechanisms for enforcement and
> auditing of privacy policies."
>
> Thanks,
>
> Yolanda
>
>
> Yolanda Gil, USC/ISI
> +1-310-448-8794

Received on Saturday, 10 November 2012 10:43:15 UTC