Sharing or Surveillance? ---On Volition, Control, and Accountability
Marten Lohstroh, Edward A. Lee

Citation
Marten Lohstroh, Edward A. Lee. "Sharing or Surveillance? ---On Volition, Control, and Accountability". Talk or presentation, 16, September, 2014.

Abstract
We discuss the of the state-of-the-art in service-oriented architectures and Web platforms, the security and privacy implications of the autonomy of Web services, and possible architectural modifications that give users a better handle on controlled access to sensitive data. We propose eliminating the storage of personal data from the Web service altogether. Instead, personal data becomes a strictly user-controlled entity and third-party access is provided through a universal meta-language that facilitates sophisticated access patterns through declarative statements. Formalizing access as such may help reason about third-party knowledge regarding sensitive information, and provide a means to make access control decisions based on formally defined privacy specifications designed to satisfy a set of privacy properties.

Electronic downloads

Citation formats  
  • HTML
    Marten Lohstroh, Edward A. Lee. <a
    href="http://www.terraswarm.org/pubs/477.html"
    ><i>Sharing or Surveillance? ---On Volition,
    Control, and Accountability</i></a>, Talk or
    presentation,  16, September, 2014.
  • Plain text
    Marten Lohstroh, Edward A. Lee. "Sharing or
    Surveillance? ---On Volition, Control, and
    Accountability". Talk or presentation,  16, September,
    2014.
  • BibTeX
    @presentation{LohstrohLee14_SharingOrSurveillanceOnVolitionControlAccountability,
        author = {Marten Lohstroh and Edward A. Lee},
        title = {Sharing or Surveillance? ---On Volition, Control,
                  and Accountability},
        day = {16},
        month = {September},
        year = {2014},
        abstract = {We discuss the of the state-of-the-art in
                  service-oriented architectures and Web platforms,
                  the security and privacy implications of the
                  autonomy of Web services, and possible
                  architectural modifications that give users a
                  better handle on controlled access to sensitive
                  data. We propose eliminating the storage of
                  personal data from the Web service altogether.
                  Instead, personal data becomes a strictly
                  user-controlled entity and third-party access is
                  provided through a universal meta-language that
                  facilitates sophisticated access patterns through
                  declarative statements. Formalizing access as such
                  may help reason about third-party knowledge
                  regarding sensitive information, and provide a
                  means to make access control decisions based on
                  formally defined privacy specifications designed
                  to satisfy a set of privacy properties.},
        URL = {http://terraswarm.org/pubs/477.html}
    }
    

Posted by Marten Lohstroh on 14 Jan 2015.
Groups: services

Notice: This material is presented to ensure timely dissemination of scholarly and technical work. Copyright and all rights therein are retained by authors or by other copyright holders. All persons copying this information are expected to adhere to the terms and constraints invoked by each author's copyright.