Privacy
Negotiation using a Mobile Agent
Abstract: One major limitation of Platform for Privacy Preferences (P3P) is that
no support is given within the specification for negotiation of privacy
preferences between a user and a Web site.
In this study, we present a novel architecture to address this
limitation, focusing on the use of mobile agents with an XPath-based
preference language (XPref) for privacy negotiation.
So far in the literature there appears to be no working mobile agent mechanism
that does privacy policy negotiation, particularly in the context of P3P. We envision the use of this
architecture in a scenario where the user device has limited resources (i.e.,
processing power and bandwidth) and cannot negotiate directly with desired
websites, but less constrained user devices would also benefit from this work.
Despite the advantages of a mobile-agent-based architecture, there are several challenging issues which hinder the deployment of mobile agents in real life scenarios. Two major security concerns that need to be addressed are malicious agents and malicious hosts. In this study, we address the malicious host threat by extending a protocol proposed by Maggi and Sisto [10] to improve truncation resilience, which is argued as one of the major problems with most of the mechanisms that have been proposed in the literature.