Towards Privacy-Enhanced Authorization Policies and Languages

The protection of privacy in today's global infrastructure requires the combined application solution from technology (technical measures), legislation (law and public policy), and organizational and individual policies and practices. Emerging scenarios of user-service interactions in the digital world are also pushing toward the development of powerful and flexible privacy-enhanced models and languages. This paper aims at introducing concepts and features that should be investigated to fulfill this demand. In particular, the content of this paper is a result of our ongoing activity in the framework of the PRIME project (Privacy and Identity Management for Europe), funded by the European Commission, whose objective is the development of privacy-aware solutions for enforcing security.

[1]  Marc Langheinrich,et al.  The platform for privacy preferences 1.0 (p3p1.0) specification , 2002 .

[2]  Paul R. Ashley,et al.  Enterprise Privacy Authorization Language , 2003 .

[3]  Ernesto Damiani,et al.  Extending Policy Languages to the Semantic Web , 2004, ICWE.

[4]  Andreas Matheus,et al.  How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML) , 2005, Proceedings of the 38th Annual Hawaii International Conference on System Sciences.

[5]  Ernesto Damiani,et al.  A component-based architecture for secure data publication , 2001, Seventeenth Annual Computer Security Applications Conference.

[6]  Lorrie Faith Cranor,et al.  The platform for privacy preferences , 1999, CACM.

[7]  Pierangela Samarati,et al.  A Uniform Framework for Regulating Service Access and Information Release on the Web , 2002, J. Comput. Secur..

[8]  Jaehong Park,et al.  The UCONABC usage control model , 2004, TSEC.

[9]  Nicholas Bohm,et al.  Digital Signatures, Certificates and Electronic Commerce , 1999 .

[10]  Ernesto Damiani,et al.  A Web Service Architecture for Enforcing Access Control Policies , 2004, VODCA@FOSAD.

[11]  Gustavo Rossi,et al.  Web Engineering , 2001, Lecture Notes in Computer Science.

[12]  Ernesto Damiani,et al.  Offline Expansion of XACML Policies Based on P3P Metadata , 2005, ICWE.

[13]  Ernesto Damiani,et al.  XML-based access control languages , 2004, Inf. Secur. Tech. Rep..

[14]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[15]  Ernesto Damiani Semantics-aware Privacy and Access Control: Motivation and Preliminary Results , 2004 .

[16]  Sabrina De Capitani di Vimercati,et al.  Access Control: Policies, Models, and Mechanisms , 2000, FOSAD.