The Web 2.0 technologies allow dynamic content creation using syndications or mashups, extracted from diverse data sources, including government enterprise data. As a primary source of citizen data, the government has the obligation not only to make public data available for citizen access as stated in the Freedom of Information Act, but also to protect the privacy of individual citizen's records as stated in the Privacy Act. Unlike in the electronic commercial environment where the user can view the company privacy policy and indicate transaction data to be protected through opt-out mechanisms, opt-out in the mashup environment with government data is not so easy. In a mashup, a third party mashup Web application provider requests the individual's data from the government agencies through Web services. Since the data is public data not necessarily provided through an electronic interaction, individual citizens are not necessarily able to express fine-grained privacy policies on how data may be used. In addition, the government agency's privacy policy is very coarse grained, and the relative sensitivity of individual citizens is not considered. In this paper, we provide a Privacy Protection Model for Mashup Applications, using a mashup related multi-dimensional privacy protection space which includes parameters to specify mashup providers, mashup-specific operators, and mashup purposes. A personal privacy policy network is a distributed architecture where citizens can publish their individual privacy policies that can be applied to the use of their data and consulted by data providers including government agencies.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Map of offenders: Locate offenders in your area. http://familybeacon.com/, accessed in 2007.
	2	North american industry classification system (naics). http://www.census.gov/epcd/www/naics.html, accessed in 2008.
	3	North american product classification system. http://www.census.gov/eos/www/napcs/napcs.htm, accessed in 2008.
	4	An ontology for vcards. www.w3.org/2006/vcard/ns, accessed in 2008.
	5	United nations standard products and services code. http://www.unspsc.org/, accessed in 2008.
	6	Privacy policy profile of xacml. Technical report, OASIS, 2004.
	7	The Platform for Privacy Preferences 1.1 (P3P1.1) Specification: W3C Working Group Note 13, 2006. http://www.w3.org/TR/P3P11/, accessed in 2007.
	8	T. Ager, C. Johnson, and J. Kernan. Policy-based management and sharing of sensitive information among government agencies. Technical report, IBM Almaden Research Center, 2006.
	9	Rakesh Agrawal , Jerry Kiernan , Ramakrishnan Srikant , Yirong Xu, Hippocratic databases, Proceedings of the 28th international conference on Very Large Data Bases, p.143-154, August 20-23, 2002, Hong Kong, China
	10	Rakesh Agrawal , Jerry Kiernan , Ramakrishnan Srikant , Yirong Xu, An XPath-based preference language for P3P, Proceedings of the 12th international conference on World Wide Web, May 20-24, 2003, Budapest, Hungary  [doi>10.1145/775152.775241]
	11	P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter. Enterprise privacy architecture language (epal). Technical report, W3C, 2003.
	12	A. Berglund, S. Boag, D. Chamberlin, M. F. Fernandez, M. Kay, J. Robie, and editors J. Simeon. Xml path language (xpath) 2.0. Technical report, W3C Recommendation, January 2007.
	13	Carolyn Brodie , Clare-Marie Karat , John Karat , Jinjuan Feng, Usable security and privacy: a case study of developing privacy management tools, Proceedings of the 2005 symposium on Usable privacy and security, p.35-43, July 06-08, 2005, Pittsburgh, Pennsylvania  [doi>10.1145/1073001.1073005]
	14	Mary Ann Davidson , Elad Yoran, Enterprise Security for Web 2.0, Computer, v.40 n.11, p.117-119, November 2007  [doi>10.1109/MC.2007.383]
	15	Anas Abou el Kalam , Yves Deswarte, Privacy Requirements Implemented with a JavaCard, Proceedings of the 21st Annual Computer Security Applications Conference, p.527-536, December 05-09, 2005  [doi>10.1109/CSAC.2005.44]
	16	Stefania Galizia. Wsto: A classification-based ontology for managing trust in semantic web services. In ESWC, pages 697--711, 2006.
	17	Robert Gerber. Mixing it up on the web: Legal issues arising from internet "mashups". Intellectual Property and Technology Law Journal, 18(8), August 2006.
	18	Chris Hanson , Tim Berners-Lee , Lalana Kagal , Gerald Jay Sussman , Daniel Weitzner, Data-Purpose Algebra: Modeling Data Usage Policies, Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks, p.173-177, June 13-15, 2007  [doi>10.1109/POLICY.2007.14]
	19	Marek Hatala , Ty Mey (Timmy) Eap , Ashok Shah, Federated Security: Lightweight Security Infrastructure for Object Repositories and Web Services, Proceedings of the International Conference on Next Generation Web Services Practices, p.287, August 22-26, 2005  [doi>10.1109/NWESP.2005.41]
	20	L. Korba, Privacy in Distributed Electronic Commerce, Proceedings of the 35th Annual Hawaii International Conference on System Sciences (HICSS'02)-Volume 9, p.306, January 07-10, 2002
	21	Marc Langheinrich. A p3p preference exchange language 1.0 (appel1.0). Technical report, W3C Working Draft, April 2002.
	22	Lori DeLooze, Providing Web Service Security in a Federated Environment, IEEE Security and Privacy, v.5 n.1, p.73-75, January 2007  [doi>10.1109/MSP.2007.16]
	23	Wei Liu. Trustworthy service selection and composition --- reducing the entropy of service-oriented web. In 3rd International Conference on Industrial Informatics, 2005.
	24	Brahim Medjahed , Abdelmounaam Rezgui , Athman Bouguettaya , Mourad Ouzzani, Infrastructure for E-Government Web Services, IEEE Internet Computing, v.7 n.1, p.58-65, January 2003  [doi>10.1109/MIC.2003.1167340]
	25	Christin Moore, The growing trend of government involvement in IT security, Proceedings of the 1st annual conference on Information security curriculum development, October 08-08, 2004, Kennesaw, Georgia  [doi>10.1145/1059524.1059551]
	26	Tom Owad. Data mining 101: Finding subversives with amazon wishlists. http://www.applefritter.com/bannedbooks, accessed in 2008, January 2006.
	27	Liam Peyton , Max Nozin, Tracking privacy compliance in B2B networks, Proceedings of the 6th international conference on Electronic commerce, October 25-27, 2004, Delft, The Netherlands  [doi>10.1145/1052220.1052268]
	28	Yao Wang , Julita Vassileva, A Review on Trust and Reputation for Web Service Selection, Proceedings of the 27th International Conference on Distributed Computing Systems Workshops, p.25, June 22-29, 2007  [doi>10.1109/ICDCSW.2007.16]