Web Services Privacy Preserving Based on Negotiation and Certificate Authorities

Full Text (PDF, 508KB), PP.49-55

Views: 0 Downloads: 0


A. Meligy 1,* Emad Elabd 2 Sahar Kotb 1

1. Math and Computer Science Department, Faculty of Science, Menoufia University, Egypt

2. Information System Department, Faculty of computers and Information, Menoufia University, Egypt

* Corresponding author.

DOI: https://doi.org/10.5815/ijmecs.2016.10.07

Received: 6 Jul. 2018 / Revised: 1 Aug. 2016 / Accepted: 2 Sep. 2016 / Published: 8 Oct. 2016

Index Terms

Web services (WS), Service oriented architecture (SOA), Privacy, Negotiation


Nowadays, Web services are the leading solution for solving the problem of information systems’ integration. Web services are based on the service oriented architecture (SOA). Preserving privacy of web services is one of the main challenges during their interaction. Therefore, minimizing the number of the disclosed credentials that are required for accessing the web services resources during the interaction is a desirable behavior. Credentials generalization and substitution and credentials encryption can be used for privacy preserving. To the best of our knowledge, in the current privacy preserving approaches for web services, there is no technique that uses the negotiation for credential generalization and substitution between the consumer and the provider in conjunction with the credentials encryption using certificate authority as a third party. In this paper, a proposed approach for web services privacy preserving is proposed. This approach is based on the negotiation, encryption, and certificate authorities as third parties. The proposed approach is implemented and tested. The results show that the number of disclosed sensitive credential is the minimum number of credentials that can be disclosed to guarantee the accessing of the service.

Cite This Paper

A. Meligy, Emad Elabd, Sahar Kotb, "Web Services Privacy Preserving Based on Negotiation and Certificate Authorities", International Journal of Modern Education and Computer Science(IJMECS), Vol.8, No.10, pp.49-55, 2016. DOI:10.5815/ijmecs.2016.10.07


[1]Alaa Hussein Al-Hamami, Handbook of Research on Threat Detection and Countermeasures in Network Security. Amman Arab University, J. a.-S. October, 2014.
[2]Stephen Potts, M. K. Web Services in 24 Hours. Sams Publishing. 2003.
[3]Guarda, P. a. Towards the Development of Privacy-aware Systems. Inf. Software. Technol., 51, 337—350, 2009.
[4]Yee, G. O. A privacy controller approach for privacy protection in web services. Proceedings of the 2007 ACM workshop on Secure web services, 44-51.
[5]Liu, L. a. Analysis of the minimal privacy disclosure for web services collaborations with role mechanisms. Expert Syst. Appl., 38, 4540—4549, 2011.
[6]Jiang, W. a. An enhanced security mechanism for web service based systems. Proceedings of the 2012 international conference on Pervasive Computing and the Networked World, 282--296.
[7]Kabir, M. E. A role-involved purpose-based access control model. Information Systems Frontiers, 14, 809—822, 2012.
[8]Squicciarini, A.; Carminati, B.; Karumanchi, S., "A Privacy-Preserving Approach for Web Service Selection and Provisioning," Web Services (ICWS), 2011 IEEE International Conference on, vol., no., pp.33,40, 4-9 July 2011.
[9]Mrissa, S.-E. T. Privacy-Enhanced Web Service Composition. IEEE Transactions on Services Computing, 99, 1, 2013.
[10]Li, Y. H.-Y. Formal consistency verification between BPEL process and privacy policy. Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services, 26:1--26:10.
[11]Xu, W. a. A Framework for Building Privacy-Conscious Composite Web Services. Proceedings of the IEEE International Conference on Web Services, 655—662, 2006.
[12]Emad Elabd, Hatem Abdulkader, and Ahmed Mubark. "L–Diversity-Based Semantic Anonymaztion for Data Publishing." I.J. Information Technology and Computer Science (IJITCS), 2015, 10, 1-7.
[13]Aldhafferi, N.; Watson, C. & Sajeev, A. S. M." Personal Information Privacy Settings of Online Social Networks and their Suitability for Mobile Internet Devices", International Journal of Security, Privacy and Trust Management ( IJSPTM) vol 2, No 2, April 2013.
[14]P. Gulwani, “Association rule hiding by positions swapping of support and confidence,” International Journal of Information Technology and Computer Science (IJITCS), vol. 4, no. 4, p. 54, 2012.
[15]Emad Elabd, Mohand-Said Hacid:” Concurrent Queries in Location Based Services”. International conference of availability, reliability, and security (ARES), University of Fribourg, Switzerland, September 8th - 12th, 2014, 134-139.