Abstract
Organisations are facing huge pressure to assure their users about the privacy protection of their personal data. Organisations may need to consult the privacy policies of their users when deciding who should access their personal data. The user’s privacy policy will need to be combined with the organisation’s own policy, as well as policies from different authorities such as the issuer of the data, and the law. The authorisation system will need to ensure the enforcement of all these policies. We have designed a system that will ensure the enforcement of multiple privacy policies within an organisation and throughout a distributed system. The current paper is an enhanced version of [1] and it takes the research one step further.
Chapter PDF
Similar content being viewed by others
References
Chadwick, D.W., Fatema, K.: An advanced policy based authorisation infrastructure. In: Proceedings of the 5th ACM Workshop on Digital Identity Management (DIM 2009). ACM, New York (2009)
BBC news on 18 June (2001), http://news.bbc.co.uk/1/hi/uk/1395109.stm
Msnbc report on 16 January (2008), http://www.msnbc.msn.com/id/22685515/
Voice of America news report on April 29 (2008), http://www1.voanews.com/english/news/science-technology/a-13-2008-04-29-voa44.html
BBC news on 22 July (2009), http://news.bbc.co.uk/1/hi/business/8162787.stm
BBC news on 24 August (2010), http://www.bbc.co.uk/news/business-11070217
Zhu, Y., Keoh, S., Sloman, M., Lupu, E., Dulay, N., Pryce, N.: A Policy System to Support Adaptability and Security on Body Sensors. In: 5th International Summer School and Symposium on Medical Devices and Biosensors, Hong Kong, pp. 97–100 (2008)
Wu, J., Leangsuksun, C.B., Rampure, V., Ong, H.: Policy-based Access Control Framework for Grid Computing. In: Proceedings of the sixth IEEE International Symposium on Cluster Computing and the Grid, CCGRID, pp. 391–394 (2006)
OASIS XACML 2.0. eXtensible Access Control Markup Language (XACML) Version 2.0 (October 2005), http://www.oasis-open.org/committees/tc_home.php?wg_abbrev=xacml#XACML20
OASIS XACML 3.0. eXtensible Access Control Markup Language (XACML) Version 3.0, April 16 (2009), http://docs.oasis-open.org/xacml/3.0/xacml-3.0-core-spec-en.html
Chadwick, D., Zhao, G., Otenko, S., Laborde, R., Su, L., Nguyen, T.A.: PERMIS: a modular authorization infrastructure. Concurrency And Computation: Practice And Experience 20(11), 1341–1357 (2008)
W3C: The Platform for Privacy Preferences 1.0 (P3P 1.0). Technical Report (2002)
Blaze, M., Feigenbaum, J., Ioannidis, J.: The KeyNote Trust-Management System Version 2. RFC 2704 (1999)
Chadwick, D.W., Lievens, S.F.: Enforcing “Sticky” Security Policies throughout a Distributed Application. In: MidSec 2008, Leuven, Belgium, December 1-5 (2008)
Chadwick, D.W., Su, L., Laborde, R.: Coordinating Access Control in Grid Services. J. Concurrency and Computation: Practice and Experience 20, 1071–1094 (2008)
Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled services for enterprises. In: 13th International Workshop on Database and Expert Systems Applications, pp. 483–487. IEEE Computer Society, Washington DC (2002)
Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-enabled Management of Customer Data. In: 2nd Workshop on Privacy Enhancing Technologies, San Francisco (2002)
Karjoth, G., Schunter, M.: A Privacy Policy Model for Enterprises. In: 15th IEEE Computer Foundations Workshop (2002)
Nelson, R., Schunter, M., McCullough, M.R., Bliss, J.S.: Trust on Demand — Enabling Privacy, Security, Transparency, and Accountability in Distributed Systems. In: 33rd Research Conference on Communication, Information and Internet Policy (TPRC), Arlington VA, USA (2005)
Schunter, M., Berghe, C.V.: Privacy Injector — Automated Privacy Enforcement Through Aspects. In: Danezis, G., Golle, P. (eds.) PET 2006. LNCS, vol. 4258, pp. 99–117. Springer, Heidelberg (2006)
Mont, M.C.: Dealing with Privacy Obligations: Important Aspects and Technical Approaches. In: International Conference on Trust and Privacy in Digital Business No1, Zaragoza (2004)
Mont, M.C., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity and Privacy: Sticky Policy and Privacy. Technical report, Trusted System Laboratory, HP Laboratories, Bristol, HPL-2003-49 (2003)
Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy aware role based access control. In: SACMAT 2007, Sophia Antipolis, France (2007)
Ni, Q., Bertino, E., Lobo, J.: An Obligation Model Bridging Access Control Policies and Privacy Policies. In: SACMAT 2008, Estes Park, Colorado, USA (2008)
Mont, M.C.: Dealing with Privacy Obligations: Important Aspects and Technical Approaches. In: International Conference on Trust and Privacy in Digital Business No1 (2004)
Mont, M.C., Beato, F.: On Parametric Obligation Policies:Enabling Privacy-aware Information Lifecycle Management in Enterprises. In: Eighth IEEE International Workshop on Policies for Distributed Systems and Networks (2007)
Ardagna, C.A., Bussard, L., Vimercati, S.D.C., Neven, G., Paraboschi, S., Pedrini, E., Preiss, F.-S., Raggett, D., Samarati, P., Trabelsi, S., Verdicchio, M.: PrimeLife Policy Language, Project’s position paper at W3C Workshop on Access Control Application Scenarios (November 2009)
Trabelsi, S., Njeh, A., Bussard, L., Neven, G.: PPL Engine: A Symmetric Architecture for Privacy Policy Handling. Position paper at W3C Workshop on Privacy and Data Usage Control (October 2010)
Bussard, L., Neven, G., Schallaböck, J.: Data Handling: Dependencies between Authorizations and Obligations. Position paper at W3C Workshop on Privacy and Data Usage Control (October 2010)
OASIS “SAML 2.0 profile of XACML, Version 2.0”. OASIS committee specification 01, August 10 (2010)
Ferreira, A., Chadwick, D., Farinha, P., Correia, R., Zhao, G., Chilro, R., Antunes, L.: How to securely break into RBAC: the BTG-RBAC model. In: Annual Computer Security Applications Conference, Honolulu, Hawaii, p. 23 (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 IFIP International Federation for Information Processing
About this paper
Cite this paper
Fatema, K., Chadwick, D.W., Lievens, S. (2011). A Multi-privacy Policy Enforcement System. In: Fischer-HĂĽbner, S., Duquenoy, P., Hansen, M., Leenes, R., Zhang, G. (eds) Privacy and Identity Management for Life. Privacy and Identity 2010. IFIP Advances in Information and Communication Technology, vol 352. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-20769-3_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-20769-3_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-20768-6
Online ISBN: 978-3-642-20769-3
eBook Packages: Computer ScienceComputer Science (R0)