用户向 Web 服务组合提供隐私数据时,不同用户有自身的隐私信息暴露需求,服务组合应支持用户隐私需求的可满足性验证。首先提出一种面向服务组合的用户隐私需求规约方法,用户能够定义隐私数据及不同使用情境的敏感度,采用敏感度-信誉度函数明确可以使用隐私数据的成员服务,简化隐私需求的同时,提高了隐私需求的通用性。为了验证服务组合是否满足用户隐私需求,首先通过隐私数据项依赖图(privacy data item dependency graph,简称PDIDG)描述组合中隐私数据项的依赖关系,然后采用隐私开放工作流网(privacy open workflow net,简称POWFN)构建隐私敏感的服务组合模型,通过需求验证算法验证服务组合是否满足用户隐私需求,从而能够有效防止用户隐私信息的非法直接暴露和间接暴露。最后,通过实例分析说明了该方法的有效性,并对算法性能进行了实验分析。%Users have different privacy information disclosure requirements when they submit private data to service composition, and the composition should support the verification of users’ privacy requirements. This paper puts forward a flexible method for users to produce privacy requirement specifications. Users can define the sensitivity of private data and its usage in different situations, and restrict the member services that can use private data with sensitivity-reputation function. The simplification and universality of the privacy requirements can be improved by using this method. The process first establishes privacy data item relations by using the privacy data item dependency graph (PDIDG), then models the service composition with privacy open workflow net (POWFN), and at last, makes sure whether service composition meets the user's privacy requirements by privacy requirements verification algorithm. An example is provided to illustrate the effectiveness of the method, and experiment analysis on the performance of the verification algorithm is carried out at the end of paper.
展开▼
