Section 13.3. WS-Privacy

Previous page
Table of content
Next page


13.3. WS-Privacy

Web Services Privacy Framework (WS-Privacy) describes syntax and semantics for binding privacy policies to Web services and instances of data in messages. The main emphases of WS-Privacy are on enabling policies to be processed by Web service providers and requesters (in contrast to interfacing with human users), and on ensuring good usability in chains of Web service invocations within or across enterprises. WS-Privacy builds on WS-Policy and related standards. It does not define a new privacy policy language, but it offers the means to bind such existing languages to a Web service.

Web services often handle sensitive personal data, including a person's attributes, typical B2C customer data such as shipping address and credit card number, and detailed customer records in B2C and B2B scenarios. Web services might act on behalf of a requester, such as an appointment calendar service, so that essentially the data remains personal.

Personal data usually falls under a privacy policy, which restricts its usage to specific purposes and recipients. This privacy policy can be partially prescribed by law, be stated voluntarily by a service owner, or be set by the person concerned. A goal of Web services is widespread interoperability, and it is thus expected that services with different purposes and different owners will frequently interact. Hence, it is essential that Web services be able to adapt their interaction patterns in accordance with promised or required privacy restrictions, and that such restrictions can be communicated between different Web services.

Furthermore, many Web services can handle data from multiple sources, which might be governed by different and varying policies. An example would be a Web service requiring access to your passport number and driver's license number. Each piece of data can be gathered from a different source, and thus can have a different privacy policy. For such services, it is important to be flexible in adapting to these policies at different levels of granularity. This applies both to services that respond directly to the requesters and to those that offer processing facilities within an enterprise, such as storage or statistics services.

Because privacy polices are written in native policy languages, there must be a way of incorporating native privacy policies into wsp:Policy assertions. This is done with a new type of assertion, called a privacy assertion. A WS-Policy policy can incorporate this privacy assertion to indicate the privacy promises and requirements of services and data elements.

A privacy assertion is a promise that the policy's subject makes about how the privacy-sensitive data it receives will be used in the future. It can also represent a privacy requirement that the policy's subject expects the receiver of privacy-sensitive data to honor.


    Previous page
    Table of content
    Next page
    Web Services Platform Architecture(c) SOAP, WSDL, WS-Policy, WS-Addressing, WS-BP[. .. ] More
    Web Services Platform Architecture(c) SOAP, WSDL, WS-Policy, WS-Addressing, WS-BP[. .. ] More
    ISBN: N/A
    EAN: N/A
    Year: 2005
    Pages: 176
    BUY ON AMAZON
    Absolute Beginner[ap]s Guide to Project Management
    The .NET Developers Guide to Directory Services Programming
    Adobe After Effects 7.0 Studio Techniques
    Secure Programming Cookbook for C and C++: Recipes for Cryptography, Authentication, Input Validation & More
    Information Dashboard Design: The Effective Visual Communication of Data
    Cisco ASA: All-in-One Firewall, IPS, and VPN Adaptive Security Appliance
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy