Sharing or Surveillance? ---On Volition, Control, and Accountability

Sharing or Surveillance? ---On Volition, Control, and Accountability
Marten Lohstroh, Edward A. Lee

Citation
Marten Lohstroh, Edward A. Lee. "Sharing or Surveillance? ---On Volition, Control, and Accountability". Talk or presentation, 16, September, 2014.

Abstract
We discuss the of the state-of-the-art in service-oriented architectures and Web platforms, the security and privacy implications of the autonomy of Web services, and possible architectural modifications that give users a better handle on controlled access to sensitive data. We propose eliminating the storage of personal data from the Web service altogether. Instead, personal data becomes a strictly user-controlled entity and third-party access is provided through a universal meta-language that facilitates sophisticated access patterns through declarative statements. Formalizing access as such may help reason about third-party knowledge regarding sensitive information, and provide a means to make access control decisions based on formally defined privacy specifications designed to satisfy a set of privacy properties.

Electronic downloads

Rochester.pdf · application/pdf · 3497 kbytes

Citation formats

HTML

Marten Lohstroh, Edward A. Lee. <a
href="http://www.terraswarm.org/pubs/477.html"
><i>Sharing or Surveillance? ---On Volition,
Control, and Accountability</i></a>, Talk or
presentation,  16, September, 2014.

Plain text

Marten Lohstroh, Edward A. Lee. "Sharing or
Surveillance? ---On Volition, Control, and
Accountability". Talk or presentation,  16, September,
2014.

BibTeX

@presentation{LohstrohLee14_SharingOrSurveillanceOnVolitionControlAccountability,
    author = {Marten Lohstroh and Edward A. Lee},
    title = {Sharing or Surveillance? ---On Volition, Control,
              and Accountability},
    day = {16},
    month = {September},
    year = {2014},
    abstract = {We discuss the of the state-of-the-art in
              service-oriented architectures and Web platforms,
              the security and privacy implications of the
              autonomy of Web services, and possible
              architectural modifications that give users a
              better handle on controlled access to sensitive
              data. We propose eliminating the storage of
              personal data from the Web service altogether.
              Instead, personal data becomes a strictly
              user-controlled entity and third-party access is
              provided through a universal meta-language that
              facilitates sophisticated access patterns through
              declarative statements. Formalizing access as such
              may help reason about third-party knowledge
              regarding sensitive information, and provide a
              means to make access control decisions based on
              formally defined privacy specifications designed
              to satisfy a set of privacy properties.},
    URL = {http://terraswarm.org/pubs/477.html}
}

Posted by Marten Lohstroh on 14 Jan 2015.
Groups: services

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.