Abstract
Uncontrolled disclosure of sensitive information during electronic transactions may expose users to threats like loss of privacy and identity theft. The means envisioned for addressing protection of security and privacy in the context of the Semantic Web are policy languages for trust establishment and management. Although a number of policy languages have been proposed, it is unclear how well each language can address users’ privacy concerns. The contribution of this work is an independent, scenario-based comparison of six prominent policy languages, namely Protune, Rei, Ponder, Trust-X, KeyNote and P3P-APPEL, with respect to the needs that users have in protecting their personal, sensitive data. We present how each language addresses access control for objects, such as user credentials and sensitive policies. We evaluate how each language defines or imports hierarchies of resources, whether the language supports protection of user information after it has been released, whether the language supports the principle of least privilege and more. The evaluation is not only an analytical literature study but also rich in actual implementations in all six languages.

URL:
http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2007-039

BibTeX:

@inproceedings{REWERSE-RP-2007-039,
	author = {Claudiu Duma and Almut Herzog and Nahid Shahmehri},
	title = {Privacy in the Semantic Web: What Policy Languages Have to Offer},
	booktitle = {Proceedings of Eigth IEEE International Workshop on Policies for Distributed Systems and Networks, Bologna, Italy (13th--15th June 2007)},
	year = {2007},
	organization = {IEEE},
	pages = {109--118},
	url = {http://rewerse.net/publications/rewerse-publications.html#REWERSE-RP-2007-039}
}