在今日愈來愈普及的電子商務方面，客戶資料的搜集來源更加廣泛，對於個人資料外洩的影響將非常嚴重，可能帶來個人財務上或者公司信譽上的重大損失。本研究期望可以建構一個在企業內部(backbone)架構的環境中，透過語意網(Semantic Web)中的本體論(Ontology)和規則(Rule)的加入，希望實現具有語意的個人隱私保護規範架構，實現在語意層級上的隱私權政策安全控管。找出並且驗證以Ontologies+Rules為規範的表達與管理的架構的優勢，以確保各企業伺服器平台在收集客戶個人資料時能夠遵守最初協商後的承諾。最後本研究可以透過第三方平台的架構來加以落實個人資料的流通、分享、與保護。

In today's increasingly popular e-commerce, ways to collect personal data of customers are is more extensive, and the impact of data disclosure will be very serious, maybe it will cost heavy losses on personal reputation or the credit of companies. We hope to build a in-house (backbone) structure of the environment through the semantic web in the ontology and rules, hoping for enabling the semantics of personal privacy protection normative framework to achieve the privacy policy on the security control. We will identify and verify Ontologies + Rules to regulate the expression of the advantages of the structure and management to ensure that the enterprise platform servers will obey the usage of personal data after their initial consultation commitment. Finally, we propose a third-party platform to enforce data sharing and protection of personal data.

[1]. Anderson, A. H. (2006). "A Comparison of Two Privacy Policy Languages: EPAL and XACML." In Proceedings of the 3rd ACM workshop on Secure web services , 53-60.

[2]. Annie I. Antón, Q. H., and David L. (2004). "Inside JetBlue's Privacy Policy Violations " IEEE SECURITY & PRIVACY (Vol. 2, No. 6) , 12-18.

[3]. Annie I. Anton, E. B., Ninghui Li, Ting Yu (2007). "A Roadmap For Comprehensive Online Privacy Policy Management." Communications of the ACM ,50(7) , 109-116.

[4]. Ardagna, C. A., E. Damiani, et al. (2004). "XML-based Access Control Languages." Information Security Technical Report Volume 9( Issue 3) , 35-46

[5]. Bonatti, P. A. and D. Olmedilla (2006). "Semantic Web Policies: Where are we and What is still Missing?" A tutorial at ESWC'06.

[6]. Bindiganavale, V. and J. Ouyang (2006). "Role Based Access Control in Enterprise Application – Security Administration and User Management." Information Reuse and Integration, 2006 IEEE International Conference , 111-116.

[7]. Connor, M. O. and A. Das (2009). "SQWRL: a Query Language for OWL." Proceedings of the 6th International Workshop on OWL: Experiences and Directions (OWLED 2009).

[8]. Stumme G. and Madche A.(2001),“FCA-Merge: Bottom-up merging of ontologies.” In 7th Intl.Conf.on Artificial Intelligence(IJCAI’01), 25-230, Seattle,WA

[9]. G¨unter Karjoth, M. S., and Michael Waidner (2002). "Platform for Enterprise Privacy Practices:Privacy-enabled Management of Customer Data."In 2ndWorkshop on Privacy Enhancing Technologies Lecture Notes in Computer Science.

[10]. G¨unter Karjoth, M. S., Els Van Herreweghen (2003). "Translating Privacy Practices into Privacy Promises—How to Promise What You Can Keep." In Policies for Distributed Systems and Networks , 135-146.
[11]. Guarino, N. (1998). "Formal ontology and information systems." Proc. Of the 1st International Conference, 3-15.

[12]. Gunter Karjoth, M. S. (2002). A Privacy Policy Model for EnterPrises. In 15th IEEE Computer Security Foundations Workshop.

[13]. HOCHHEISER, H. (2002). "The Platform for Privacy Preference as a Social Protocol: An Examination Within the U.S. Policy Context." ACM Transactions on Internet Technology, Vol. 2, No. 4 , 276-306.

[14]. Horrocks, I., P.F. Patel-Schneider, H. Boley, S. Tabet, B. Grosof, and M. Dean. (2004). "SWRL: A Semantic Web Rule Language Combining OWL and RuleML." W3C Member Submission.

[15]. Horrocks, I., P. F. Patel-Schneider, et al. (2004). "SWRL: A Semantic Web Rule Language Combining OWL and RuleML." W3C Member Submission.

[16]. Knublauch, H., M. A. Musen, and A. L. Rector. Editing description logics ontologies with the Protégé OWL plugin. , International Workshop on Description Logics.

[17]. Mitra P., Wiederhold G., and Kersten M. (2000). A Graph-Oriented Model for Articulation of Ontology Interdependencies. Extending Database Technology 2000(EDBT’2000). Konstanz,Germany.

[18]. Natalya F. Noy and Mark A. Musen (2001). “Anchor-PROMPT: Using non-local context for semantic matching.” In Proceedings of the workshop on Ontologies and Information Sharing at the International Joint Conference on Artificial Intelligence (IJCAI).

[19]. Natalya F. Noy and Mark A. Musen (2003). "The PROMPT suite: interactive tools for ontology merging and mapping." International Journal of Human-Computer Studies 59(6), 983-1024.

[20]. Parducci, B., H. Lockhart, et al. (2005). "eXtensible Access Control Markup Language (XACML), Version 2.0." from http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml.

[21]. Paul Ashley, Satoshi Hada, et al. (2003). "The Enterprise Privacy Authorization Language(EPAL)."from http://www.w3.org/2003/p3p-ws/pp/ibm3.html.

[22]. YANNIS KALFOGLOU and MARCO SCHORLEMMER (2003). "Ontology mapping: the state of the art." The Knowledge Engineering Review 18(1), 1-31.

[23]. Ting Yu , N. L., and Annie I. Antón (2004). "A Formal Semantics for P3P." In Proceedings of the 2004 workshop on Secure web service , 1-8.