Enforcing context-awareness and privacy-by-design in the specification of information systems

Abstract

Networked physical devices, vehicles, home appliances, and other items embedded with electronics, software, sensors, actuators, and connectivity, allow for run-time acquisition of user data. This in turn can enable information systems which capture the “current” user state and act accordingly. The use of this data would result in context-aware applications that get fueled by user data (and environmental data) to adapt their behavior. Yet the use of data is often restricted by privacy regulations and norms; for example, the location of a person cannot be shared without given consent. In this paper we propose a design approach that allows for weaving context-awareness and privacy-by-design into the specification of information systems. This is to be done since the very early stages of the software development, while the enterprise needs are captured (and understood) and the software features are specified on that basis. In addition to taking into account context-awareness and privacy-sensitivity these two aspects will be balanced, especially if they are conflicting. The presented approach extends the “Software Derived from Business Components” (SDBC) approach. We partially demonstrate our proposed way of modeling, by means of a case example featuring land border security. Our proposed way of modeling would allow developers to smoothly reflect context and privacy features in the application design, supported by methodological guidelines that span over the enterprise modeling and software specification. Those features are captured as technology-independent societal demands and are in the end reflected in technology-specific (software) solutions. Traceability between the two is possible as well as re-use of modeling constructs.