In a multi-agent world, privacy may have different meaning and significance for different agents. From a system design viewpoint, a practical approach to privacy should allow for a variety of perceptions and perspectives on privacy. furthermore, privacy must be considered together with all the other requirements -functionality, usability, performance, costs, security, and so on. While there is a growing body of knowledge about privacy issues and how to address them through technical and non-technical means, systematic frame-works are needed to assist system analysts and designers in identifying, analyzing, and addressing these issues. In a networked, multi-agent environment, privacy concerns arise in the context of complex relationships among many human and automated agents. Each agent could have different viewpoints on what notions of privacy apply, and what mechanisms are appropriate for providing adequate privacy, in light of other competing or synergistic requirements. In this paper, we show how the i~* framework can be used to model and reason about privacy requirements and solutions. Agents have privacy goals which are refined, then operationalized into implementable mechanisms, often through dependencies on other agents. to support early-stage design decisions, the impact of alternative solutions are assessed by propagating qualitative evaluations through a dependency network. a example in the health care domain is used to illustrate.
展开▼