Abstract

Privacy may be interpreted in different ways in different contexts, and may be achieved by means of different mechanisms. It is also frequently intertwined with security concerns. However, other requirements such as functionality, usability and reliability, must also be addressed since they often compete among each other. While the understanding of technical mechanisms for addressing privacy has been growing, systematic approaches are needed to guide software engineers to elicit, model and reason about privacy requirements and to address them during design. In a networked world, multi-agent systems have been emerging as a new approach. Each agent may have his own goals and beliefs and social relationships with each other. Each agent may have his own perspective concerning privacy. Perspectives from different agents may conflict with each other. Moreover, they may conflict with other requirements such as availability and performance. In this paper we present a framework to model the way agents interact with each other to achieve their goals. The framework uses a catalogue to guide the software engineer through alternatives for achieving privacy. Each alternative will be modeled showing how it contributes to privacy as well as to other requirements within this agent or in other agents. The approach is based on the i* framework. Privacy is modeled as a special type of goal. We show how one can model privacy concerns for each agent and the different alternatives for operationalizing it. An example in the health care domain is used to illustrate.