Trust Based Privacy Preserving Access Control in Web Services Paradigm

Abstract

The digital world is changing at a fast pace. These days, web services are becoming the basis of many e-business systems & web users are increasingly sharing their personal information with web service providers. These services are being considered as a promising new generation technology for the effective automated collaboration among heterogeneous autonomous service providers. The utmost requirement in web services paradigm is striking a balance between protecting personal data and maximising usability& timely access to the data whenever needed. A large community of web users daily use social networks like Facebook, Orkut, Twitter and Flickr. In such systems, automated software agents collaborate to carry out the tasks specified by the user and access is to be controlled in the ongoing manner dynamically. The access rights of the service users may have to be revoked in between the access process or granularity of access can be changed during the course of access depending upon the automated agent's behaviour. This paper is intended to address the problem of enforcing privacy policies along with traditional access control policies in an integrated way in order to prevent malicious users to violate the privacy rights of the data providers. Also the role of trustworthiness of the data requestor identity in controlling the access is incorporated in our model.