Yod Samuel Martín

A user-centric approach to service creation and delivery over next generation networks

Next Generation Networks (NGN) provide Telecommunications operators with the possibility to share their resources and infrastructure, facilitate the interoperability with other networks, and simplify and unify the management, operation and maintenance of service offerings, thus enabling the fast and cost-effective creation of new personal, broadband ubiquitous services. Unfortunately, service creation over NGN is far from the success of service creation in the Web, especially when it comes to Web 2.0. This paper presents a novel approach to service creation and delivery, with a platform that opens to non-technically skilled users the possibility to create, manage and share their own convergent (NGN-based and Web-based) services. To this end, the business approach to user-generated services is analyzed and the technological bases supporting the proposal are explained.

PRIPARE: Integrating Privacy Best Practices into a Privacy Engineering Methodology

Data protection authorities worldwide have agreed on the value of considering privacy-by-design principles when developing privacy-friendly systems and software. However, on the technical plane, a profusion of privacy-oriented guidelines and approaches coexists, which provides partial solutions to the overall problem and aids engineers during different stages of the system development lifecycle. As a result, engineers find difficult to understand what they should do to make their systems abide by privacy by design, thus hindering the adoption of privacy engineering practices. This paper reviews existing best practices in the analysis and design stages of the system development lifecycle, introduces a systematic methodology for privacy engineering that merges and integrates them, leveraging their best features whilst addressing their weak points, and describes its alignment with current standardization efforts.

PRIPARE: A New Vision on Engineering Privacy and Security by Design

The new EU Data Protection Directive (DPD), approved by the EU Parliament acknowledges the need of Data Protection by Design and by Default in order to protect the rights and freedoms of data subjects with regard to the processing of personal data. PRIPARE confronts the lack of a truly engineering approach for these concepts by providing a methodology that merges state-of-the-art approaches (e.g. Privacy Impact Assessment and Risk management) and complements them with new processes that cover the whole lifecycle of both, personal data and development of ICT systems.

Organizing Design Patterns for Privacy: A Taxonomy of Types of Relationships

There has recently been an upsurge of legislative, technical and organizational frameworks in the field of privacy which recommend, and even mandate the need to consider privacy issues in the design of information systems. Privacy design patterns have been acknowledged as a useful tool to support engineers in this complex task, as they leverage best-practices which are already available in the engineering community. There are currently different privacy pattern catalogs coexisting, however, an ongoing effort is being made to unify these scattered contributions into one comprehensive system of patterns. To this end, the relationships between the privacy patterns must be expressed consistently. However, the catalogs available describe pattern relationships at different, incompatible levels of detail, or do not describe them at all. To solve this problem, this paper presents a taxonomy of types of relationships that can be used to describe the relationships between privacy patterns. This taxonomy has been validated against each individual catalog to ensure its applicability in the unified privacy pattern system.

A Privacy Engineering Framework for the Internet of Things

This paper describes a privacy engineering framework for the Internet of Things (IoT). It shows how existing work and research on IoT privacy and on privacy engineering can be integrated into a set of foundational concepts that will help practice privacy engineering in the IoT. These concepts include privacy engineering objectives, privacy protection properties, privacy engineering principles, elicitation of requirements for privacy and design of associated features. The resulting framework makes the key difference between privacy engineering for IoT systems targeting data controllers, data processors and associated integrators, and privacy engineering for IoT subsystems, targeting suppliers.

Guidance for the Development of Accessibility Evaluation Tools Following the Unified Software Development Process

Abstract Automated and semi-automated accessibility evaluation tools are key to streamline the process of accessibility assessment, and ultimately ensure that software products, contents, and services meet accessibility requirements. Different evaluation tools may better fit different needs and concerns, accounting for a variety of corporate and external policies, content types, invocation methods, deployment contexts, exploitation models, intended audiences and goals; and the specific overall process where they are introduced. This has led to the proliferation of many evaluation tools tailored to specific contexts. However, tool creators, who may be not familiar with the realm of accessibility and may be part of a larger project, lack any systematic guidance when facing the implementation of accessibility evaluation functionalities. Herein we present a systematic approach to the development of accessibility evaluation tools, leveraging the different artifacts and activities of a standardized development process model (the Unified Software Development Process), and providing templates of these artifacts tailored to accessibility evaluation tools. The work presented specially considers the work in progress in this area by the W3C/WAI Evaluation and Report Working Group (ERT WG).

A system of privacy patterns for user control

Privacy by Design is prescribed by the new European General Data Protection Regulation. Getting this privacy preserving design philosophy appropriately adopted is a challenge, however. One natural approach to this challenge would be to leverage design patterns in the privacy domain. However, privacy patterns are scattered, unrelated, inconsistent, and immature. This paper presents a pattern system for user control, which is built upon an existing privacy pattern catalog. By ensuring implementability and uniformity within descriptions, and establishing relationships using consistent terminology, we alleviate some of the aforementioned issues.

Assessing Privacy Capabilities of Cloud Service Providers

Cloud computing provides well-known economic and technical advantages. However, the absence of knowledge on the privacy capabilities of service providers remains as one of the barriers for the adoption of cloud services. In this paper we describe a mechanism for the quantitative assessment of the privacy practices of different cloud service providers, so that their potential clients can compare among them and choose the one that better meets their requirements. We have validated our contributions in three different scenarios.

Towards Organizing the Growing Knowledge on Privacy Engineering

Regulation asks engineers to stick to privacy and data protection principles and apply them throughout the development process of their projects. However, in spite of the availability of technological solutions to identify and address different privacy threats these have not seen widespread adoption in the engineering practice, and developers still find difficulties in introducing privacy considerations in their new products and services. In this context, privacy engineering has emerged as an inter-disciplinary field that aims to bridge legal, computer science and engineering worlds, as well as concepts from other disciplines. The goal is to provide engineers with methods and tools that are closer to their mindset, and allow them to systematically address privacy concerns and introduce solutions within the workflow and environment they are accustomed to. This paper provides an introduction to Privacy Engineering, describing a conceptual metamodel useful to organize the increasing knowledge in this emergent field and make it more accessible to engineers. We exemplify some of this knowledge focusing on privacy design patterns, a set of privacy engineering elements that distill best-practices available.