Page 206 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 206
Information Security and Privacy
Notes
Example: A user may have tighter privacy needs concerning medical records than
employment history.
The user’s awareness of privacy also is based on the information receiver (i.e., who receives the
information) and the information usage (i.e., the reasons for which the information is used) .
The set of privacy favorites appropriate to a user’s information is known as user privacy profile.
A user privacy profile is usually defined by the user but can also be consistently set for a group
of individuals. Privacy profiles are dynamic: users can create, view, update, or delete their
privacy profiles. To offer support for resolving lawful disputes over privacy violation, the
underlying Web service architecture must outline all of these operations. We also define a user’s
privacy credentials as a signature that is obviously appended to any request that the client
submits to the Web service. They find out the privacy scope for the equivalent user. A privacy
scope for a specified user defines the information that a Web service can reveal that to user.
Example: A case officer using a government Web service may have solitude credentials
conceding a privacy scope that involves information regarding citizens’ employment, housing,
etc. Privacy credentials may be allocated to users on an individual or group basis.
14.2.2 Service Privacy
A Web service usually has its own privacy policy that mentions a set of regulations applicable to
all users. Service privacy usually mentions three types of policy: usage policy, storage policy,
and disclosure policy. The usage policy specifies the reasons for which the information composed
can be used.
Example: Think of a government Web service Medicaid that offers healthcare coverage
for low-income citizens. Medicaid may affirm that the information composed from citizens will
not be used for reasons other than those directly associated to providing health services to
citizens.
The storage policy mentions whether and until when the information gathered can be amassed
by the service.
Example: Medicaid may specify that the information it gathers from citizens will remain
accumulated in the underlying databases one year after they go away the welfare program.
The disclosure policy mentions if and to whom the information gathered from a specified user
can be exposed. This information may associate to individual persons or to groups of individuals.
Example: The privacy policy of the Web service Medicaid may mention that external
users cannot use statistical information that disposes general traits of the recipients (e.g., average
income, racial background distribution, etc.).
Task Discuss various types of service policy.
14.2.3 Data Privacy
A data object may be used by several Web services.
200 LOVELY PROFESSIONAL UNIVERSITY
