Metamodel for Privacy Policies within SOA

As Service-Oriented Architecture (SOA) continues to grow as a viable approach to systems development, so too does the number of services available. The strength of services in an SOA environment to provide interoperability comes at the cost of reduced privacy, as more interactions between autonomous services require more information to be exchanged In this paper we define a metamodel for privacy policy creation and comparison based on fair information practices introduced around the world to protect the privacy of individuals. We develop criteria for the comparison of the elements that compose the policies, creating hierarchical relationships between those elements that could not otherwise be directly compared. An example of two policies being compared is presented to demonstrate how this comparison can be done. We believe this definition of how to create and compare privacy policies forms a strong foundation from which a comprehensive solution to SOA privacy can be built.