Page 207 - DCAP309_INFORMATION_SECURITY_AND_PRIVACY
P. 207

Unit 14: Web Services and Privacy




                                                                                                Notes
                 Example: Think of the US National Database  for New Hires  (NDNH) that encloses
          information concerning over 200 millions hired employees.
          A record in this database can be used (by means of a government Web service) by an IRS officer
          to ensure the accuracy of an employee’s tax form. It may also be used (by means of another
          government Web service) by an officer at a child carry agency to check whether a parent is
          acquiescent with his child hold obligations. This displays   that different Web services may
          require dissimilar information from the same data object. Therefore, data objects must be able
          to expose dissimilar views to dissimilar Web services. For every data object, we define a data
          privacy profile that specifies the access views that it exposes to the dissimilar Web services.
          Moreover, data objects with comparable data privacy profiles form a privacy cluster. A major
          inspiration of data clustering is that legal rules and self-defined policies enforcing privacy are
          usually applicable to great segments of populations (e.g., residents of a state). A privacy cluster
          has one solitary international privacy profile. Overlapping privacy clusters may survive.

                 Example: The manager of a government database that encloses information regarding
          citizens may partition the database into two clusters C1 and C2. The information in C1 is usable
          to local, state, and federal Web services, and information in C2 is usable only to local and state
          Web services.





              Task  Make distinction between service privacy and data privacy.
          Self Assessment


          Fill in the blanks:
          5.   The term ........................ points to the technologies that permit for making connections.
          6.   The set of privacy favorites appropriate to a user’s information is known as ...................... .
          7.   The ........................ policy specifies the reasons for which the information composed can be
               used.
          8.   The ........................ policy mentions whether and until when the information gathered can
               be amassed by the service.
          9.   A major inspiration of ........................ is that legal rules and self-defined policies enforcing
               privacy are usually applicable to great segments of populations
          10.  Data objects with comparable ........................ privacy profiles form a  privacy cluster.

          14.3 Privacy Aspects of SOA

          Service-oriented  Architecture (SOA) is  a method of designing software  to offer services to
          applications, or to other services, via published and discoverable interfaces. Each service offers
          a  discrete chunk  of business  functionality by a loosely  coupled (frequently asynchronous),
          message-dependent communication model.

          Much of the software industry concentrates so far has been  on the underlying method  for
          executing Web services and their communications. Inadequate attention has been provided to
          the techniques and tools needed for architecting enterprise-scale software solutions by means of
          Web services. The design of a high-quality software solution, such as any other complex structure,



                                           LOVELY PROFESSIONAL UNIVERSITY                                   201
   202   203   204   205   206   207   208   209   210   211   212