Web services promise to revolutionise e-commerce by using open standards in a way that allows different applications employed by different companies to communicate with one another. A user enters information into one application which then shares the information over the Internet with other applications in the network in order to carry out the service.
However, Christine O'Keefe, an associate professor at the Commonwealth Scientific and Industrial Research Organisation (CSIRO), is concerned that the system requires the user to automatically agree to the privacy policies attached to applications, policies that they often haven't seen.
Even if users could access all the applications and read the privacy policies attached, rejecting one policy would cause you to reject the entire service the individual is attempting to use. "In my view that's extremely restrictive, and you'll end up rejecting most Web services," said O'Keefe.
"Our privacy model means that a user accessing a Web Service can decide who can access which bits of their personal information," said O'Keefe. "The user can attach their [privacy] conditions to their personal information -- name, address, credit card number -- and attached will be the usage conditions and access conditions for each piece of data."
For instance, the conditions could stipulate that the Web services should only give certain details to government agencies. The instructions are entered into the first Web service encountered by the user, and automatically passed onto any other application used by the service.
The CSIRO is currently in negotiations with the World Wide Web Consortium (W3C) to have the privacy model included in Web services standards.
