Policy extension for data access control (original) (raw)

In this paper, we propose a security framework, looking at different policies for data access control in the mobile environments. We have started with extending the Platform for Privacy Preferences (P3P) policy for controlling the data access. The aim is to modify the P3P policy and to use it in the security capsule of a mobile handset. The service provider can publish the P3P policy in the WebServices and request the mobile client for the user preferences. With the introduction of P3P policy into the mobile device the access to the data is controlled including user preferences and identity mapping. Service provider data will always be encrypted and successful decryption will be a big challenge.