José M. del Álamo

A user-centric approach to service creation and delivery over next generation networks

Next Generation Networks (NGN) provide Telecommunications operators with the possibility to share their resources and infrastructure, facilitate the interoperability with other networks, and simplify and unify the management, operation and maintenance of service offerings, thus enabling the fast and cost-effective creation of new personal, broadband ubiquitous services. Unfortunately, service creation over NGN is far from the success of service creation in the Web, especially when it comes to Web 2.0. This paper presents a novel approach to service creation and delivery, with a platform that opens to non-technically skilled users the possibility to create, manage and share their own convergent (NGN-based and Web-based) services. To this end, the business approach to user-generated services is analyzed and the technological bases supporting the proposal are explained.

PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology

Data protection authorities worldwide have agreed on the value of considering privacy-by-design principles when developing privacy-friendly systems and software. However, on the technical plane, a profusion of privacy-oriented guidelines and approaches coexists, which provides partial solutions to the overall problem and aids engineers during different stages of the system development lifecycle. As a result, engineers find difficult to understand what they should do to make their systems abide by privacy by design, thus hindering the adoption of privacy engineering practices. This paper reviews existing best practices in the analysis and design stages of the system development lifecycle, introduces a systematic methodology for privacy engineering that merges and integrates them, leveraging their best features whilst addressing their weak points, and describes its alignment with current standardization efforts.

A Privacy-Considerate Framework for Identity Management in Mobile Services

The subscribers’ personal information and services that mobile operators are able to provide to Web developers offer new and exciting possibilities in numerous domains. However, bringing mobile information services to the Web to enable a new generation of mobile Web services presents several research challenges on identity and privacy management. In this paper, we describe a framework for identity management in mobile services that empowers users to govern the use and release of their personal information. Our framework is based on a brokering approach that intermediates between the mobile operator’s information services and the Web service providers. By leveraging on Web services, identity management infrastructure and privacy enhancing technologies, our framework provides an effective, privacy-considerate delivery of services over the mobile Web environment. This paper describes the design principles and architecture of the framework as well as the feasibility, applicability and user-experience evaluation we have carried out.

PRIPARE: A New Vision on Engineering Privacy and Security by Design

The new EU Data Protection Directive (DPD), approved by the EU Parliament acknowledges the need of Data Protection by Design and by Default in order to protect the rights and freedoms of data subjects with regard to the processing of personal data. PRIPARE confronts the lack of a truly engineering approach for these concepts by providing a methodology that merges state-of-the-art approaches (e.g. Privacy Impact Assessment and Risk management) and complements them with new processes that cover the whole lifecycle of both, personal data and development of ICT systems.

Self-service Privacy: User-Centric Privacy for Network-Centric Identity

User privacy has become a hot topic within the identity management arena. However, the field still lacks comprehensive frameworks even though most identity management solutions include built-in privacy features. This study explores how best to set up a single control point for users to manage privacy policies for their personal information, which may be distributed (scattered) across a set of network-centric identity management systems. Our goal is a user-centric approach to privacy management. As the number of schemas and frameworks is very high, we chose to validate our findings with a prototype based on the Liberty Alliance architecture and protocols.

A User-Centric Mobile Service Creation Approach Converging Telco and IT Services

While new competitors are threatening the traditional business models of Telecommunications operators by providing their services directly to the customer, user-centric service creation paradigm brings new opportunities for operators to deliver diverse, attractive, and profitable services directly to the end-user. This paper discusses the service creation model, architecture and implementation in the European Union sponsored research project OPUCE (Open Platform for User-Centric Service Creation and Execution), which aims at enabling end-users to use their smart mobile devices for both creating and consuming personalized services.

Personalized Service Creation and Provision for the Mobile Web

The convergence of telecom networks and the Internet is fostering the emergence of environments where Web services are available to mobile users. The variability in computing resources, display terminal, and communication channel require intelligent support on personalized delivery of relevant data and services to mobile users. Personalized service provisioning presents several research challenges on context information management, service creation, and inherent limitations of mobile devices. In this chapter, we describe a novel framework that supports weaving context information and services for personalized service creation and execution. By leveraging technologies on Web services, agents, and publish/subscribe systems, our framework enables an effective, user-centric access of integrated services over the mobile Web environments. This chapter overviews the design, architecture, and implementation of the framework.

Organizing Design Patterns for Privacy: A Taxonomy of Types of Relationships

There has recently been an upsurge of legislative, technical and organizational frameworks in the field of privacy which recommend, and even mandate the need to consider privacy issues in the design of information systems. Privacy design patterns have been acknowledged as a useful tool to support engineers in this complex task, as they leverage best-practices which are already available in the engineering community. There are currently different privacy pattern catalogs coexisting, however, an ongoing effort is being made to unify these scattered contributions into one comprehensive system of patterns. To this end, the relationships between the privacy patterns must be expressed consistently. However, the catalogs available describe pattern relationships at different, incompatible levels of detail, or do not describe them at all. To solve this problem, this paper presents a taxonomy of types of relationships that can be used to describe the relationships between privacy patterns. This taxonomy has been validated against each individual catalog to ensure its applicability in the unified privacy pattern system.

Privacy and Data Protection in a User-Centric Business Model for Telecommunications Services

New business models have come up in different contexts such as the Internet and Telecommunications networks which have been grouped under the umbrella of the buzzword 2.0. They propose the opening up of service platforms in order to increase profits by means of innovative collaboration agreements with third parties. In this paper we go a step further and propose a business model for Telecommunications services where end-users actually become the collaborating third parties. This user-centric business model poses several privacy and data protection concerns that we analyze and for which we propose a solution.

A system of privacy patterns for user control

Privacy by Design is prescribed by the new European General Data Protection Regulation. Getting this privacy preserving design philosophy appropriately adopted is a challenge, however. One natural approach to this challenge would be to leverage design patterns in the privacy domain. However, privacy patterns are scattered, unrelated, inconsistent, and immature. This paper presents a pattern system for user control, which is built upon an existing privacy pattern catalog. By ensuring implementability and uniformity within descriptions, and establishing relationships using consistent terminology, we alleviate some of the aforementioned issues.