This paper presents S4P, a declarative language for specifying both users’ privacy preferences and services’ privacy policies. Preferences and policies are uniformly expressed as assertions and queries written in SecPAL extended with two modal verbs, may and will, and can express both permissions and obligations. Checking if a user’s preference is satisfied by a service’s policy is simple as it only involves evaluating the queries against the assertions.
Expressiveness and applicability are maximized by keeping the vocabulary and semantics of service behaviours abstract. The language’s model-theoretic semantics is given in terms of abstract service traces, and formalizes the notion of service compliance with respect to a policy or a preference.