Policy Specification and Enforcement for E-Commerce Web Sites

Abstract

User concerns about the privacy of personal information provided to organizations is one of the issues that IBM addresses through its work on the Enterprise Privacy Authorization Language (EPAL), a language designed for the representation of data handling policies and practices within and between privacy-enabled enterprise tools. The goal of this project is to build on EPAL and model privacy policies that are uniquely suited to e-commerce Web sites.

Background

One of the inhibitors for electronic commerce has been user concerns about the privacy of their personal information. Privacy concerns fall generally into two areas: the dissemination of personal data to unintended recipients; and the illegitimate use of personal data by legitimate recipients. An example of the first area occurs when data is intentionally given to one party but the data is without consent made available to some other entity. An example of the second area occurs when postal address information is given to a party so that purchased items may be delivered, but the address is subsequently used for the mailing of marketing material.

The Enterprise Privacy Authorization Language (EPAL) work by IBM is a formal language to specify fine-grained enterprise privacy policies. EPAL is a proposed, open standard, which will be discussed by the W3C and is likely to impact the privacy research as well as practice.

The language has been designed for the representation of data handling policies and practices within and between privacy-enabled enterprise tools and is conceptually similar to P3P (Platform for Privacy Preferences Project). As it is intended to define privacy practices that are implemented inside an enterprise it results in more detailed policies that can be enforced and audited automatically. As EPAL is supposed to address both areas of privacy concerns outlined above, it is beginning to attract attention within the privacy community

Project Description

The goal of this project is to build on the EPAL work in order to model privacy policies that are particularly suited to e-commerce Web sites. This has two components. The first component is to develop the common vocabulary or ontology with respect to expression of use of data for specific e-commerce transactions.

The second component is to develop the enterprise tools and technologies that can integrate a Web site EPAL policy into comprehensive privacy enforcement architecture. In particular, the integration of EPAL and an access control decision engine (both the Policy Decision Point and the Policy Enforcement Point) will ensure that EPAL privacy rules will be consulted and enforced by the e-commerce enterprise systems when any requests are made to access personal data.

Project Significance

The results of this project will be highly significant in at least three ways. First, it will be of value to deepen our understanding of the ways in which privacy needs and requirements in e-commerce environments are different from those in general enterprise environments. Second, there will be significant value in understanding any limitations or deficiencies in EPAL when applied to an e-commerce environment. Finally, understanding the integration of EPAL with other tools for defining and publishing privacy constraints (e.g. P3P) will be of tremendous practical significance to e-commerce Web site developers

Approach and Methodology

The project approach and methodology has been designed based on a modeling and an implementation component.

In the modeling component of the project we will begin with a detailed assessment of the privacy requirements for e-commerce to determine how these differ from the privacy requirements of other enterprise environments.

Following this assessment of privacy requirements, a detailed evaluation of the EPAL technology will then be performed, identifying its particular strengths and weaknesses for the e-commerce environment. Finally, specific recommendations and proposals for EPAL that can improve its applicability to e-commerce will be made available to the research community and other interested parties.

This work will help to answer questions such as the following: What is unusual or unique about e-commerce with respect to privacy? How are the threats for e-commerce different from other environments? When and where can technology help?

The implementation component of the project begins with implementation of the access control and related technologies necessary for privacy (i.e., the privacy-enabled enterprise tools). Following implementation of the tools, we will integrate these tools with the EPAL language itself, especially as modified by the recommendations suggested by the modeling component.

From this research we expect to gain an understanding of whether or not the language is rich enough and expressive enough to capture the privacy policies that must be developed for e-commerce Web sites. As well we will extend our knowledge with respect to the tools and technologies needed for privacy enforcement, and gain a deeper understanding of what is involved in integrating such tools with EPAL policies. Finally, we expect to be able to identify best practices in instrumenting Web sites, with automatic checks of compliance with privacy policies beyond the existing verbal statements of these policies.

Research Team

The Research team assembled for this project includes Dr. Stan Matwin, Dr. Carlisle Adams, and Dr. Milena Head, all of whom bring unique and complementary expertise to this project. The team also includes a number of graduate students including Katerine Barbieri, Dongyi Li, Justin Zhan, Tracy Pan and Naor El-Kadri.

• Dr. Stan Matwin is Professor of Information Technology and Engineering, School of Information Technology and Engineering (SITE) at the University of Ottawa. He brings expertise in the area of expert systems, intelligent agents and artificial intelligence, as well as specific expertise on modeling negotiations using logic-based representations and inference mechanisms and privacy-preserving data mining.

• Dr. Carlisle Adams is Associate Professor, School of Information Technology and Engineering (SITE) at the University of Ottawa. He brings expertise in the areas of computer and network security technologies, with specific expertise in the area of architectures for privacy and access control in distributed environments. He has been very active in the design and standardization of XML-based policies for fine-grained access control.

• Dr. Milena Head is Associate Professor of Information Systems, DeGroote School of Business, McMaster University, and Director of the McMaster eBusiness Research Centre (MeRC). She brings expertise in the area of Web-based agents, human-computer interaction, and e-business, with specific expertise in the area of trust and privacy for e-commerce.