Page 747 - Shaping smarter and more sustainable cities - Striving for sustainable development goals
P. 747
by checking with the R‐XAR and P‐XAR requested from the ARS, according to the H‐XAR. In
this process, a user utilizes a GET method in conjunction with the R‐XAR option. If it returns
a compliance error, the user receives an appropriate error message. This message utilizes
the HTTP error message protocol. If no error occurs, DAP issues a GET message to obtain
the D‐XAS from the ODS, and issues a subsequent GET message to receive the published
XAS (P‐XAS) from the PDS. The PDS is described in the following paragraph (iv). The DAP
generates P‐XASs as anonymized data and the response from the R‐XAR of the user. The
user receives the anonymized data resulting from the GET method. Finally, the DAP stores
the generated P‐XAS issues by utilizing the PUSH method. This P‐XAS is utilized to prevent
further privacy leaks.
(iv) Published data storeroom organization (PDS)
This organization manages data previously published by the DAP as P‐XASs. It may store all
anonymized data generated by the DAP. However, to optimize data storage capacity, it is
sufficient for the PDS to store only one P‐XAS as anonymized data for each D‐XAS, according
to the one‐direction anonymization policy. When generating P‐XASs from D‐XASs according
to the requested R‐XAR, it is sufficient to generate P‐XASs according to the R‐XAR, and store
the P‐XAS to the PDS. However, when generating another P‐XAS from the same D‐XAS
according to another R‐XAR, the DAP should obtain all P‐XASs related to the D‐XAS from the
PDS. The DAP should consider all of these P‐XASs when generating new P‐XASs to observe
P‐XARs. Therefore, we propose one‐directional anonymization to avoid this process. The
process is as follows:
(a) The DAP generates P‐XASs according to P‐XARs, instead of R‐XARs, and stores it in the
PDS. Therefore, the PDS stores the anonymized data, and it is anonymized according to
the declared level in P‐XAR. This P‐XAS is not sent to the users if the requested level in
the R‐XAR is higher than the level in the P‐XAR; this indicates the value is larger than
that of the P‐XAR in ‐anonymity.
(b) DAP generates P‐XASs according to the R‐XARs. In this generation, the DAP only uses the
first P‐XAS generated from the P‐XAR. DAP generalizes new P‐XASs by adding "wild
cards" as masking from the initial P‐XAS. The DAP does not remove any of the "wild
cards" provided as masking in the first P‐XAS. Therefore, a one‐directional anonymizing
process should be considered.
(c) The DAP can generate any type of P‐XAS that satisfies both the R‐XAR and the P‐XAR by
following the process described in (i) and (ii). In a scenario where ‐anonymity
and ‐diversity are mixed, it is sufficient to generate a P‐XAS that has a lower
anonymization level than‐anonymity and ‐diversity. For example, assume that
3‐anonymity and 3‐diversity are permitted in P‐XARs, and 4‐diversity is requested by
R‐XAR. In this case, DAP generates the initial P‐XAR by utilizing 3‐anonymity. The DAP
can generate any type of P‐XAR by utilizing the initial P‐XAR, according to the one‐
directional anonymizing process.
In order to enable the data transfer between these organizations, data providers, and data
consumers will utilize SSL and PKI if they transfer the data over the Internet. In the following
discussions, four organizations are exhibited in order to clarify each role. It is possible to merge
some of them into a single organization. Figure 8.4.2 represents an organizational structure and
data connections between the organizations.
XML‐based Anonymization Sheets (XAS) is a format to define the rules and data descriptions. To
distinguish the rules from the data, XML‐based Anonymization Rules (XAR) are also shown as a
ITU‐T's Technical Reports and Specifications 737
