PeCAN :یک معماری برای زمینه های تجارت الکترونیک آگاهی حریم خصوصی کاربران در وب معنایی

Supporting e-Commerce on the Semantic Web implies more sophisticated integration of Web services, agent interaction, domain ontologies, and data markup languages than is being done on today's Web. We explore user e-commerce, trust, and privacy scenarios and provide a vision for future e-commerce interactions with a more informed and in-control user. We present the Personal Context Agent Networking (PeCAN) knowledge architecture consisting of client-side and web-side architectural data components and services which inform the user of online privacy and trust within e-commerce tasks. A novel organization scheme and the composition of user contexts in this environment are proposed. Client-side ontologies and data structures for representing user contexts are introduced. For proof of concept, we describe a data belief ontology and illustrate PeCAN's compliance to the P3P privacy data schema. We use OWL as an implementation basis for maintaining privacy-aware e-commerce contextual knowledge for effective agent action in the PeCAN environment.

Postmortems of failed e-privacy business models reveal three fundamental problems. Firstly, from the user perspective, it is difficult for some to trust the third party provider itself, or more specifically, the human employees in the “trusted” third party provider. The perception of loss of control of personal data is higher when a lot of your data is passed through a third party, and when that third party may persistently hold increasingly larger snapshots of your data. Secondly, those e-privacy businesses that used the advertising business model soon found that they could not compete with players such as Yahoo!, and other large portals, which could cut the cost of advertising on these sites to levels unsustainable for smaller competitors. Thirdly, in many countries such as the US, Canada, and the European Union, privacy is functionally maintained through secure technical channels usually provided by the user's organization or by the organization with which the user is transacting. Thus third parties have not offered sufficient value-added services to maintain “functional” privacy channels in the business-to-business (B2B) or business-to-customer (B2C) markets. Learning from these fundamental problems, knowing the economic value of user's personal information [1], [2], [3], [4], [5], [6], [7] and [8] and noting that industry analysts, e.g., Gartner Group, project that information privacy will be the number one problem for e-commerce by 2006, we predict that the future success of third party business models for privacy will be in the provision of contextual “information-based” privacy Web services. These Web services will target national and international businesses, global users, and society in general. The provision of successful privacy Web services will depend on advances in contextualized client-side and Web privacy architectures, platforms such as the WC3 Platform for Privacy Preferences (P3P), as well as multiple stakeholder cooperation. In this paper, we describe requirements, design, and implementation of technical components that together form future critical success components in the provision of contextual information privacy for e-commerce. Specifically, information-based privacy services are needed that can present users with simple privacy-related facts in a given user context. In the last 5 years, stakeholders from industry and academia have made progress towards such a vision. As an example, ATT's Bird (www.privacybird.com) is a useful, and currently free, information-based privacy service for users. Bird is a P3P agent that is designed for the automatic machine-reading of Web sites’ privacy policies and comparison with user privacy preferences specified at the client-side. Businesses’ intentions for maintaining user privacy are articulated through organizations’ privacy policies for implementing fair information principles, in accordance with privacy acts or laws. These policies are often long and complicated, and users do not like to read them [9]. Bird simplifies this privacy task by automatically reading a business’ privacy policy, and outputting a concise summary consisting of a set of statements about what privacy issues are relevant to the user, as per the users’ stated preferences. Bird is only a first step, albeit an important step, in the provision of informational privacy services. More sophisticated informational privacy services than are currently available are required. As a sector example, sites such as www.canlli.org, www.austlii.org, and www.law.cornell.edu, all share a similar mandate to make legal information available and freely accessible to ordinary citizens. However, a current search on privacy law on these sites is not useful, or easily decipherable, to most of us. Examples of potential privacy Web services include: easily seeking out useful knowledge about countries’ privacy laws, integrating privacy knowledge from various stakeholders, assessing a country's privacy culture, supporting the discovery of privacy Web services, automating the visualization of privacy information and knowledge according to a range of user profiles, and managing collaborative stakeholder updates to distributed web ontologies containing privacy domain knowledge. The aim of providing such services is to significantly complement the work started by the W3C on the P3P platform and put trust and privacy personalization squarely in the hands of users. In this paper, we propose the Personal Context Agent Networking architecture, PeCAN, which (1) provides the necessary architecture on the client-side to receive and use information from such future Web services, (2) motivates the requirement and uses of Web privacy ontologies to complement the client-side privacy-aware applications, (3) increases user perception of control of personal information, (4) supports user e-commerce contexts and automates meaningful and informed user decisions around privacy, and in future (5) may turn the traditional business profiling in customer relationship management (CRM) model on its head: client-maintained, rich, and accurate data in standardized OWL format can be uploaded to the business, if a future value-model allows, instead of the business categorizing users based on incomplete data and according to predefined canned profiles. PeCAN is compliant with the P3P schema, P3P agents, and provides client support for using more sophisticated Web privacy services, based on P3P, than those available today. Contribution of the work reported in this paper lays in our design and implementation of the PeCAN architecture where user agents infer about online privacy of personal information, and reflect the influence of multiple stakeholders in context. Over time, a user forms a set of beliefs whose composition and adoption are influenced by multiple stakeholders through various experiences in various situations. We capture and define privacy-aware electronic commerce context for the user and show how it can be supported through a number of belief ontologies which reflect relevant user beliefs about core e-commerce and privacy constructs in various domains, such as the data, organization, social, economic, and technical domains. Depending on the user activities, his/her current context is a union/merging of specific elements of these belief ontologies. A data model for efficient organization and formation of privacy-aware electronic commerce context for the user is presented. How users’ data beliefs, compliant to P3P, are represented is discussed with relevant examples. We organize the paper as follows. Section 2 presents an overview of the PeCAN agent architecture. Section 3 defines privacy-aware electronic commerce contexts for a user, and elaborates the requirements and design to support these contexts. The section introduces a client-side, ontological data structure for representing such user contexts. We define OWL classes and properties to implement the contexts. Full compliance to the P3P privacy data schema is shown. We also discuss the integration of OWL, logic reasoners, and belief revisioning techniques as methods for maintaining the integrity of contexts. Section 4 briefly elaborates one Web architectural component and describes one sophisticated privacy Web service that the PeCAN platform can support in the future. Related works are examined in Section 5, while section 6 offers a summary and conclusions.

We present an agent-based architecture, PeCAN which supports privacy-aware user contexts for electronic commerce on the Semantic Web. The architecture supports a novel definition of the user context as a collection of various social, organizational, technical, regulatory, data, stakeholder, and e-commerce transaction beliefs. We create a feasible design for organizing these privacy-aware user contexts. OWL ontologies are entries in various relevant beliefs repositories and are extracted and merged to form a user context. It is the knowledge derived from the merged graphs, i.e., the ontology-based context, that supports user rule formation and decision-making around privacy, and ultimately the management of private data, in electronic commerce situations. Complementary Web privacy ontologies form a web-side architectural component for privacy support and we outlined a sophisticated Web service to further illustrate the vision of the PeCAN system to empower the user with privacy-related information. Kobsa [49], in his recommendations for future directions in e-privacy, says “client side instead of server-side personalization would give users exclusive control of all purposely collected personal data as well as all processes that operate on these data.” Independently, our analyses of the privacy and data requirements for user e-commerce tasks have led to a client-side architecture consisting of a collection of collaborating agents, with distinct and separate tasks, that access a number of supporting repositories. The openness of the architecture also supports evolution of functionalities to support the various foreseen, and yet unforeseen, requirements stemming from new laws, regulations, and ethical standards and policies that are emerging. We are aware that there will be a potential efficiency penalty for organizing our client-side repositories in OWL format; we have traded this penalty off for gaining richness in semantic knowledge and the support of interoperability with allowed external entities. We have designed the PeCAN architecture and its privacy application with a future state of user awareness around privacy issues in mind. As such, it is difficult at this time to conduct proper usability studies that will fairly evaluate this system. As was the case for electronic commerce systems, new performance metrics need to be designed or borrowed from other disciplines and refined—not only based on response time, throughput, or web interactions per second but on more complex constructs such as effectiveness, ease of use, and perceived usefulness. The identification of these metrics is not a problem. The issue for a true evaluation is that governments and industry watchdogs still have much to do in raising citizen's awareness around privacy issues. We are concerned that any sample we pull today will be biased by lack of education about electronic privacy issues in the general user population. Thus, a careful design for evaluation study must be carried out for applications that are forward-looking—the subject of a future paper. In this paper, however, we make a qualitative case for why PeCAN agents are useful to the pragmatic majority of users. Privacy control should mean adding user control to data collection activities in terms of the user exercising choice to opt in/out, or provide data or not, having the rights to access and correct her personally identifiable information (PII) and to object to incorrect use, and place limits on who can access her PII, for what purposes, and know physical (where) and temporal (when) of storage of her PII. This is all well and good, but when users deal with many tens of businesses, government agencies, associations, communities over years—agents become useful and necessary to fill in forms for you while respecting current privacy preferences, dynamically change your contextual beliefs as your experiences grow, transparently renegotiate critical contracts around protection of personal data, provide you with summary reporting on dissemination of private information, or perform other management tasks for personal privacy. Other agent tasks, perhaps outside of electronic commerce contexts, that PeCAN can support in future include the automatic checking of the correctness of your personal data at potentially dozens of external sites. As it is now, we must arduously self-serve to look at data at each site. Stakeholders in privacy have declared themselves in many ways. Governments in conjunction with private sector around the world are working on initiatives to break the trust barriers to e-commerce adoption in their small and medium sized enterprises. A market for user-based privacy enhancing technologies and tools is emerging and in future we intend to support seamless integration of these tools in the PeCAN architecture. The target market for PeCAN is the growing group of users that want to have more hands-on, effective control over their online privacy while engaging in e-commerce.