Downstream Usage Control

Whereas access control describes the conditions that have to be fulfilled before data is released, usage control describes how the data has to be treated after it is released. Usage control can be applied to digital rights management, where the data are usually copyright-protected media, as well as in privacy, in which case the data are privacy-sensitive personal information. An important aspect of usage control for privacy, especially in light of the current trend towards composed web services (so-called mash-ups), is downstream usage, i.e., with whom and under which usage control restrictions data can be shared. In this work, we present a two-sided XML-based policy language: on the one hand, it allows users to express in their preferences in a fine-grained way the exact paths that their data is allowed to follow, and the usage restrictions that apply at each hop in the path. On the other hand, it allows data consumers to express in their policies how they intend to treat the data, with whom they intend to share it, and how the downstream consumers intend to treat the data.

[1]  Christian Huitema,et al.  DNS Extensions to Support IP Version 6 , 2003, RFC.

[2]  Bruno de Vuyst,et al.  Dispute Resolution for gTLD Conflicts , 2002, HICSS.

[3]  Jon Postel,et al.  Domain requirements , 1984, Request for Comments.

[4]  Moritz Y. Becker,et al.  A Framework for Privacy Preferences and Data-Handling Policies , 2009 .

[5]  Sharon Boeyen,et al.  Internet X.509 Public Key Infrastructure Repository Locator Service , 2006, RFC.

[6]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[7]  David Forbes Lindsay,et al.  International Domain Name Law: ICANN and the UDRP , 2007 .

[8]  Raouf Boutaba,et al.  Service naming in large-scale and multi-domain networks , 2005, IEEE Communications Surveys & Tutorials.

[9]  H. Black,et al.  Black's Law Dictionary , 1968 .

[10]  Christopher S. Lee The Development of Arbitration in the Resolution of Internet Domain Name Disputes , 2000 .

[11]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..

[12]  Scott Williamson,et al.  Transition of Nic Services , 1991, RFC.

[13]  Jon Postel,et al.  Domain Name System Structure and Delegation , 1994, RFC.

[14]  George C. Polyzos,et al.  Service discovery for mobile Ad Hoc networks: a survey of issues and techniques , 2008, IEEE Communications Surveys & Tutorials.

[15]  Randy Bush,et al.  Clarifications to the DNS Specification , 1997, RFC.

[16]  Leslie Daigle,et al.  WHOIS Protocol Specification , 2004, RFC.

[17]  Paraskevas Evripidou,et al.  A decade of dynamic web content: a structured survey on past and present practices and future trends , 2006, IEEE Communications Surveys & Tutorials.

[18]  David E. Sorkin Judicial Review of ICANN Domain Name Dispute Decisions , 2001 .

[19]  Wolfram Schulte,et al.  The Power of Rich Syntax for Model-based Development , 2008 .

[20]  Elizabeth J. Feinler,et al.  DoD Internet host table specification , 1985, RFC.

[21]  Ravi S. Sandhu,et al.  Role-Based Access Control Models , 1996, Computer.

[22]  Geoff Huston,et al.  Management Guidelines & Operational Requirements for the Address and Routing Parameter Area Domain ("arpa") , 2001, RFC.

[23]  Paul V. Mockapetris,et al.  Development of the domain name system , 1988, SIGCOMM '88.

[24]  Laurence R. Helfer,et al.  Designing Non-National Systems: The Case of the Uniform Domain Name Dispute Resolution Policy , 2001 .

[25]  David Barr,et al.  Common DNS Operational and Configuration Errors , 1996, RFC.

[26]  Tim Berners-Lee,et al.  Uniform Resource Locators (URL) , 1994, RFC.

[27]  Shouhuai Xu,et al.  An Access Control Language for a General Provenance Model , 2009, Secure Data Management.

[28]  Andrew D. Gordon,et al.  SecPAL: Design and semantics of a decentralized authorization language , 2010, J. Comput. Secur..

[29]  Raouf Boutaba,et al.  Resource and service discovery in large-scale multi-domain networks , 2007, IEEE Communications Surveys & Tutorials.

[30]  Franz Baader Description Logics , 2009, Reasoning Web.

[31]  Sabrina De Capitani di Vimercati,et al.  A privacy-aware access control system , 2008, J. Comput. Secur..

[32]  Christian Schaefer,et al.  Policy Evolution in Distributed Usage Control , 2009, STM@IFIPTM.

[33]  Paul R. Ashley,et al.  Enterprise Privacy Authorization Language , 2003 .

[34]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[35]  Mary K. Stahl Domain administrators guide , 1987, RFC.

[36]  Barry Leiba The Good and the Bad of Top-Level Domains , 2009, IEEE Internet Computing.

[37]  Robert T. Braden,et al.  Requirements for Internet Hosts - Application and Support , 1989, RFC.

[38]  Paul Vixie,et al.  A DNS RR for specifying the location of services (DNS SRV) , 1996, RFC.

[39]  Michael Geist,et al.  Fair.com?: An Examination of the Allegations of Systemic Unfairness in the ICANN UDRP , 2001 .

[40]  Donald E. Eastlake,et al.  Domain Name System (DNS) Case Insensitivity Clarification , 2006, RFC.

[41]  Internet Architecture Board,et al.  Review and Recommendations for Internationalized Domain Names (IDNs) , 2006, RFC.

[42]  Mark Motivans Intellectual Property Theft, 2002 , 2007 .

[43]  Vinton G. Cerf On the evolution of Internet technologies , 2004, Proceedings of the IEEE.

[44]  Christian Schaefer,et al.  A Policy Language for Distributed Usage Control , 2007, ESORICS.

[45]  Paul V. Mockapetris,et al.  Domain names: Concepts and facilities , 1983, RFC.

[46]  John C. Klensin Role of the Domain Name System (DNS) , 2003, RFC.

[47]  Paul V. Mockapetris,et al.  Domain names - implementation and specification , 1987, RFC.

[48]  Alexander Pretschner,et al.  On Obligations , 2005, ESORICS.

[49]  Jon Postel,et al.  The US Domain , 1993, RFC.

[50]  Morris Sloman,et al.  A survey of trust in internet applications , 2000, IEEE Communications Surveys & Tutorials.

[51]  Paul Vixie,et al.  Extension Mechanisms for DNS (EDNS0) , 1999, RFC.

[52]  Paul V. Mockapetris,et al.  New DNS RR Definitions , 1990, RFC.

[53]  Donald E. Eastlake,et al.  Reserved Top Level DNS Names , 1999, RFC.

[54]  Mary LaFrance Understanding Trademark Law , 2005 .

[55]  Jacqueline D. Lipton,et al.  Who Owns 'Hillary.Com'? Political Speech and the First Amendment in Cyberspace , 2007 .

[56]  Xin Wang MPEG-21 Rights Expression Language: Enabling Interoperable Digital Rights Management , 2004, IEEE Multim..