Privacy Protection Framework with Defined Policies for Service-Oriented Architecture

Service-Oriented Architecture (SOA) is a computer systems design concept which aims to achieve reusability and inte- gration in a distributed environment through the use of autonomous, loosely coupled, interoperable abstractions known as services. In order to interoperate, communication between services is very important due to their autonomous nature. This communication provides services with their functional strengths, but also creates the opportunity for the loss of privacy. In this paper, a Privacy Protection Framework for Service-Oriented Architecture (PPFSOA) is described. In this framework, a Privacy Service (PS) is used in combination with privacy policies to create privacy contracts that out- line what can and cannot be done with a consumer's personally identifiable information (PII). The privacy policy con- sists of one-to-many privacy rules, with each rule created from a set of six privacy elements: collector, what, purpose, retention, recipient and trust. The PS acts as an intermediary between the service consumer and service provider, to es- tablish an unbiased contract before the two parties begin sending PII. It is shown how many Privacy Services work to- gether to form the privacy protection framework. An examination of what current approaches to protecting privacy in an SOA environment is also presented. Finally, the operations the PS must perform in order to fulfill its tasks are out- lined.