Skip to Main Content
Information privacy is usually concerned with the confidentiality of personally identifiable information (PII), such as electronic medical records. Nowadays, Web services are used to support different applications which may contain PII, such as healthcare applications. Thus, the information access control mechanism for Web services must be embedded into privacy-enhancing technologies. Further as application goes mobile and ubiquitous, location become an important determinant for enforcing privacy constraints. On the other hand, role-based access control (RBAC) model has been widely investigated and applied into various applications for a period of time. This paper presents a privacy access control policy enforcement model extended from RBAC with location intelligence for Web services-based applications. In addition, we illustrate the realization of this model with a middleware architecture. This paper also illustrates our proposed mechanism in the context of extensible access control markup language (XACML) and WS-policy constraints.
Date of Conference: 15-16 Oct. 2007