Simple Policy Negotiation for Location Disclosure
نویسندگان
چکیده
Relying on non-enforceable normative language to persuade Web sites to make their privacy practices clear has proven unsuccessful, and where privacy policies are present, they are notoriously unclear and unread. Various machine-readable techniques have been proposed to address this problem, but many have suffered from practical difficulties. We propose a simple standard for transmitting policy information just-intime and enabling simple negotiation between the site and the user agent. In particular, we detail how this could improve privacy of the W3C Geolocation API, but also suggest the possibility of extension to other application areas in need of privacy and policy negotiations.
منابع مشابه
A Unified Scheme for Resource Protection in Automated Trust Negotiation
Automated trust negotiation is an approach to establishing trust between strangers through iterative disclosure of digital credentials. In automated trust negotiation, access control policies play a key role in protecting resources from unauthorized access. Unlike in traditional trust management systems, the access control policy for a resource is usually unknown to the party requesting access ...
متن کاملAnonymity Preserving Techniques in Trust Negotiations
Trust negotiation between two subjects require each one proving its properties to the other. Each subject specifies disclosure policies stating the types of credentials and attributes the counterpart has to provide to obtain a given resource. The counterpart, in response, provides a disclosure set containing the necessary credentials and attributes. If the counterpart wants to remain anonymous,...
متن کاملSecurity-by-Contract for Web Services or How to Trade Credentials for Services∗
The classical approach to access control of Web Services is to present a number of credentials for the access to a service and possibly negotiate their disclosure using a suitable negotiation protocol and a policy to protect them. In practice a “Web Service” is not really a single service but rather a set of services that can be accessed only through a suitable conversation. Further, in real-li...
متن کاملTradeoff Negotiation: The Importance of Getting in the Game; Comment on “Swiss-CHAT: Citizens Discuss Priorities for Swiss Health Insurance Coverage”
Swiss-CHAT’s playful approach to public rationing can be considered in terms of deliberative process design as well as in terms of health policy. The process’ forced negotiation of trade-offs exposed unexamined driving questions, and challenged prevalent presumptions about health care demand and about conditions of public reasoning that enable transparent rationing. While the experiment provide...
متن کاملAn Interactive Trust Management and Negotiation Scheme
Interactive access control allows a server to compute on the fly missing credentials needed to grant access and to adapt its responses on the basis of client’s presented and declined credentials. Yet, it may disclose too much information on what credentials a client needs. Automated trust negotiation allows for a controlled disclosure on what credentials a client has during a mutual disclosure ...
متن کامل