The Internet is now seen as a standard means for a person to perform personal transactions such as online banking, travel reservations and job searches. Online service providers often require a certain amount of information, for instance, name, address, or credit card details to provide these services. When giving this type of personal identifiable information (PII), the user may be concerned about how this data will be used by the service. For instance, the service provider may retain the information provided for a long period of time or pass it on to a third party. Also the user or data provider may wish to expressly state that certain data should not be revealed, for example, the person’s ethnic background.
In the context of European funded research project Primelife [http://www.primelife.eu] we propose an employment scenario in which users and job providers are able to interact via different web services. A user or job applicant would like to create an electronic CV (eCV) that contains up-to-date information on his personal details, work experience, academic qualifications and a reference. The personal information, such as the person’s gender, age or race, could be entered by the user or provided by an official authority service. The other types of information services, that certify what the user claims, could be a university, a recommendation and previous or existing employer. The latter verifies certain aspects of the user’s record at the company; this could be that the person was an employee for a certain length of time, worked in a role or many roles and participated in a training program. The university certifies on qualifications attained and a recommendation is usually provided by an academic and/or an employer.
Each contributory data provider could have a rule or sticky policy attached to the data that outlines how the data will have to be handled when used by the data producer, data consumer or third party. In order to preserve the policy preferences of these different services , the parts of the eCV that contain their information cannot be altered by the applicant. These constraints, imposed by such data-providers, may restrict the exposure of some information which is related to the company and should not be revealed. For example, a policy could only allow the disclosure of a salary only if a person is applying to an internal job position or it may be the case that the applicant will allow a certain country, like the United Kingdom, to see their race as it is a prerequisite to process the application but will not permit other countries to see the information if this is not a precondition.
The final electronic CV is composed of two parts, namely, the composition of data emanating from the different sources along with the corresponding policies. The policy composition may contain conflicts, for example, applicants may allow personal contact details to be viewed by all services whereas the company they are working for, may state, for security reasons, that it will not permit disclosure of where the employee works.
For further information please visit the website (http://www.primelife.eu/) and contact:
Stuart Short (firstname.lastname@example.org)
Dr Michele Bezzi (email@example.com)
Dr Slim Trabelsi (firstname.lastname@example.org)
Gilles Montagnon (email@example.com)