What are the elements of web services in information security?

A classic Web services includes three elements such as users, services and databases. It can describe a privacy model with three dissimilar types of privacy including user privacy, service privacy, and data privacy which are as follows −

User Privacy − Users of a Web service comprise persons (e.g., citizens and case officers), applications, and multiple Web services. In some cases, users conversing with a Web service are required to provide a major amount of personal sensitive information. Users of Web services, though, can expect or need dissimilar levels of privacy as per their observation of the information sensitivity.

A user can have tighter privacy needs concerning medical information than employment history. The user’s awareness of privacy is based on the data receiver and the data usage.

The set of privacy favorites suitable to a user’s data is known as user privacy profile. A user privacy profile is generally represented by the user but can also be consistently set for a set of individuals. Privacy profiles are dynamic including users can create, view, update, or delete their

privacy profiles. It can support for resolving lawful disputes over privacy violation, the basic Web service architecture should outline some these operations.

Service Privacy − A Web service generally has its own privacy policy that defines a set of regulations applicable to all users. Service privacy generally define three types of policy such as usage policy, storage policy, and disclosure policy. The usage policy defines the reasons for which the information composed can be used.

The storage policy defines whether and until when the information gathered can be aggregated by the service. For example, medicaid can define that the information it gathers from citizens will remain accumulated in the basic databases one year after they go away the welfare program.

The disclosure policy defines if and to whom the information gathered from a definite user can be exposed. This information can associate to individual persons or to set of individuals.

The privacy policy of the Web service Medicaid can represent that external users cannot use statistical data that disposes general traits of the recipients such as average income, racial background distribution, etc.

Data Privacy − A data object can be used by multiple Web services. A record in this database can be used by an IRS officer to provide the efficiency of an employee’s tax form. It can also be used by an officer at a child carry agency to test whether a parent is acquiescent with its child hold obligations. This displays that multiple Web services can require dissimilar information from the similar data object.

Thus, data objects should be able to reveal dissimilar views to dissimilar Web services. For each data object, it can define a data privacy profile that specifies the access views that it reveals to the dissimilar Web services.

Updated on: 09-Mar-2022


Kickstart Your Career

Get certified by completing the course

Get Started