Privacy and XML, Part 2
XML-Based Techniques Relevant to Privacy
There are a number of efforts currently underway in standards bodies and other organizations to address various aspects of privacy with XML-based technologies. This section gives an overview of this work, noting which of the privacy concepts discussed in the first part of this article are addressed by different XML initiatives.
Relevant Privacy Concepts
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1"> <POLICY discuri="http://www.website.example.com/p3p.html"> <ENTITY> <DATA-GROUP> <DATA ref="#business.name">WebSite.com</DATA> <DATA ref="#business.contact-info.postal.street">200 Main Street</DATA> </DATA-GROUP> </ENTITY> <ACCESS><nonident/></ACCESS> <STATEMENT> <PURPOSE><admin/><develop/></PURPOSE> <RETENTION><stated-purpose/></RETENTION> <DATA-GROUP> <DATA ref="#dynamic.http"/> </DATA-GROUP> </STATEMENT> </POLICY> </POLICIES>
This P3P policy expresses that the company "WebSite.com" does not acquire any Personally Identifiable Information and tracks dynamic HTTP data for administrative and development purposes only.
Microsoft has included client support for P3P in Internet Explorer 6, providing an interface by which users can indicate their own privacy preferences, as shown in the following screen capture.
As this figure demonstrates, Microsoft's early support for client-side P3P entails giving the user control over cookie behaviour.
XACML - XML Access Control Markup Language
Relevant Privacy Concepts
The following is a sample of an XACML policy which says that patients are allowed to read their own medical records (which, it is assumed, are stored in XML). The policy illustrates the connection between XACML and the Security Assertions Markup Language (SAML), another OASIS initiative. SAML defines an XML syntax by which authentication and authorization assertions and queries can be expressed for delivery over the network. In the example, the assumption is that a SAML AuthorizationDecisionQuery has been received which questions what entitlements should be granted to a particular medical patient requesting access to their medical records.
<?xml version="1.0"/> <rule> <target> <subject> samlp:AuthorizationDecisionQuery/Subject/NameIdentifier/Name </subject> <resource> <patternMatch> <attributeRef> samlp:AuthorizationDecisionQuery/Resource </attributeRef> <attibuteValue>medico.com/record.*</attibuteValue> </patternMatch> </resource> <actions> <saml:Actions> <saml:Action>read<saml:Action> </saml:Actions> </actions> </target> <condition> <equal> <attributeRef> samlp:AuthorizationDecisionQuery/Subject/NameIdentifier/Name </attributeRef> <attributeRef> //medico.com/records/patient/patientName </attributeRef> </equal> </condition> <effect>Permit</effect> </rule>
The resources for which read access are being requested are highlighted in blue, the conditions under which the access should be granted are highlighted in red.
XML Encryption, currently a W3C Candidate Recommendation, is a proposal for an XML vocabulary for capturing the results of an encryption operation performed on arbitrary (but most likely XML) data. A critical feature of the XML Encryption proposal is that it supports the concept of encrypting only specific portions of an XML document, not only minimizing the encryption processing but, more importantly, leaving non-sensitive information in plain text form such that general (i.e., non-security-related) processing of the XML can proceed. The following figure displays a employee record with the salary element encrypted with the XML encryption tags in a separate 'xenc' name space. This example omits many of the details; the XML Encryption proposal is available if you'd like to see more.
<?xml version="1.0"?> <employee id="b3456"> <name>John Smith</name> <title>Senior Analyst</title> <salary> <xenc:EncryptedData> <xenc:CipherData> <xenc:CipherValue>AbC234ndZ...</xenc:CipherValue> </xenc:CipherData> </xenc:EncryptedData> </salary> </employee>
Only the intended recipient, presumably the employee in question or an appropriately authorized Human Resources representative, would be able to decrypt the contents of the <CipherValue> element to view the employee's actual salary.
Relevant Privacy Concepts
XML Signature is another W3C proposal, current a Proposed Recommendation. XML Signature defines an XML Schema for capturing the result of a digital signature operation applied to arbitrary (but often XML) data. Unlike previous non-XML Digital Signature standards, XML Signature has been designed to both account for and take advantage of the Internet and XML. Please refer to our previous article for a detailed depth discussion of XML Signature.
XML Signature is especially relevant to privacy because, in the first place, in the context of information sharing programs like .NET My Services and Liberty, it will likely be through an XML Signature calculated on a SOAP request that a requesting application authenticates itself; and, in the second, because the user's opt-in confirmations could be captured as XML Signatures to guard against the user later repudiating their choice. This scenario is represented in the following diagram.
If the user were to click on the "Sign Confirmation" button, an XML Signature (using the user's private key) would be calculated over the relevant portion of the displayed HTML page and then archived, thereby preventing the user from subsequent repudiation.
Of course, current browsers do not provide the ability to perform digital signatures on displayed HTML, much less XML Signatures. Technologies do exist for extending the browser to provide these signing capabilities, and it's likely that XML Signature will eventually be supported.
Pages: 1, 2