Privacy-aware access control with trust management in web service

With the significant development of mobile commerce, privacy becomes a major concern for both customers and enterprises. Although data generalization can provide significant protection of an individual’s privacy, over-generalized data may render data of little value or useless. In this paper, we devise generalization boundary techniques to maximize data usability while, minimizing disclosure of privacy. Inspired by the fact that the permissible generalization level results in a much finer level access control, we propose a privacy-aware access control model in web service environments. We also analyze how to manage a valid access process through a trust-based decision and ongoing access control policies. The extensive experiments on both real-world and synthetic data sets show that the proposed privacy aware access control model is practical and effective.