Providing ontology-based privacy-aware data access through web services

Abstract

Web services enable software systems to exchange data over the Internet. Often Web services need to disclose sensible data to service consumers. For data providers, the disclosure of sensitive data is often restrictive only to particular users for some particular purposes. Therefore, preserving privacy is a fundamental requirement in Web services. Hippocratic database has been introduced for privacy protection in relational database systems where the access decisions, allowed or denied, are based on privacy policies and authorization tables. To provide more options of data access, purpose trees are proposed to capture purpose hierarchies so that information can be provided to users according to proposes. Ontology has been used for classification hierarchies, which can be efficiently accessed via ontology query languages. In this paper, we propose an ontology-based data access model so that different level of data access can be provided to Web service users with different roles for different purposes. To do this we will use ontology to capture purpose hierarchies and data generalization hierarchy.We demonstrate our access model with prototypes of finance services, and also provide performance evaluation results.