Abstract: The key problem of Web service privacy protection is to ensure the protection of the user's privacy information under the premise of meeting the user's functional requirements. Considering the traditional access control model cannot describe the purpose of using the data and the reputation of the requester, and the data user must be specified in a policy, this paper proposes a privacy preserving access control model based on intended purpose and reputation labeling. Firstly, this paper analyzes the purpose based access control model, and defines the privacy infor-mation set, the purpose and the hierarchical relationship. Secondly, this paper gives the principle and steps of the privacy information set labeling, extends the XACML (extensible access control markup language) standard component, and gives the analysis algorithm in the privacy policy execution system. Finally, the experimental results demonstrate the feasibility and effectiveness of the proposed model.

Key words: purpose based access control (PBAC), privacy protection, intended purpose, intended reputation

摘要： 确保Web服务在满足用户功能性需求的前提下保护用户的隐私信息，是Web服务隐私保护的关键问题。针对传统的访问控制模型无法描述数据使用目的、请求者信誉度，以及策略定义必须指定数据使用者的问题，提出了以期望目的、期望信誉度标注为中心的隐私保护访问控制模型。首先分析了基于目的访问控制模型，对隐私信息集、使用目的以及之间的层次关系进行了形式化定义。其次给出了隐私信息集标注原则以及步骤，同时对XACML（extensible access control markup language）标准组件进行了扩展。然后给出了隐私策略执行系统中的目的信誉度分析器分析算法。最后通过实验验证了该模型的可行性和有效性，并与相关技术进行了比较分析。

关键词: 基于目的访问控制（PBAC）, 隐私保护, 期望目的, 期望信誉度