Role-Based Access Control Models
Computer
XML document security based on provisional authorization
Proceedings of the 7th ACM conference on Computer and communications security
An Access Control Model for Data Archives
IFIP/Sec '01 Proceedings of the IFIP TC11 Sixteenth Annual Working Conference on Information Security: Trusted Information: The New Decade Challenge
A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
E-P3P privacy policies and privacy authorization
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Proceedings of the 2002 workshop on New security paradigms
Efficient comparison of enterprise privacy policies
Proceedings of the 2004 ACM symposium on Applied computing
Policy migration for sensitive credentials in trust negotiation
Proceedings of the 2003 ACM workshop on Privacy in the electronic society
Impacts of user privacy preferences on personalized systems: a comparative study
Designing personalized user experiences in eCommerce
Flocks: distributed proxies for browsing privacy
SAICSIT '04 Proceedings of the 2004 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries
Data protection and data sharing in telematics
Mobile Networks and Applications
A user-centric anonymous authorisation framework in e-commerce environment
ICEC '04 Proceedings of the 6th international conference on Electronic commerce
PeerAccess: a logic for distributed authorization
Proceedings of the 12th ACM conference on Computer and communications security
Maintaining privacy on derived objects
Proceedings of the 2005 ACM workshop on Privacy in the electronic society
SWS '04 Proceedings of the 2004 workshop on Secure web service
Distributed proxies for browsing privacy: a simulation of flocks
SAICSIT '05 Proceedings of the 2005 annual research conference of the South African institute of computer scientists and information technologists on IT research in developing countries
Hierarchical hippocratic databases with minimal disclosure for virtual organizations
The VLDB Journal — The International Journal on Very Large Data Bases
Super-sticky and declassifiable release policies for flexible information dissemination control
Proceedings of the 5th ACM workshop on Privacy in electronic society
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
A roadmap for comprehensive online privacy policy management
Communications of the ACM - Creating a science of games
VLDB '02 Proceedings of the 28th international conference on Very Large Data Bases
PRINDA: Architecture and design of non-disclosure agreements in privacy policy framework
Data & Knowledge Engineering
A middleware architecture for privacy protection
Computer Networks: The International Journal of Computer and Telecommunications Networking
An agent-based approach for privacy-preserving recommender systems
Proceedings of the 6th international joint conference on Autonomous agents and multiagent systems
Privacy policy enforcement in enterprises with identity management solutions
Journal of Computer Security - Privacy, Security and Trust (PST) Technologies: Evolution and Challenges
Purpose based access control for privacy protection in relational database systems
The VLDB Journal — The International Journal on Very Large Data Bases
P4A: A New Privacy Model for XML
Proceeedings of the 22nd annual IFIP WG 11.3 working conference on Data and Applications Security
Identity management throughout one's whole life
Information Security Tech. Report
Towards the development of privacy-aware systems
Information and Software Technology
PuRBAC: Purpose-Aware Role-Based Access Control
OTM '08 Proceedings of the OTM 2008 Confederated International Conferences, CoopIS, DOA, GADA, IS, and ODBASE 2008. Part II on On the Move to Meaningful Internet Systems
Privacy policy enforcement in enterprises with identity management solutions
Proceedings of the 2006 International Conference on Privacy, Security and Trust: Bridge the Gap Between PST Technologies and Business Services
Optimal Privacy-Aware Path in Hippocratic Databases
DASFAA '09 Proceedings of the 14th International Conference on Database Systems for Advanced Applications
Data Is Key: Introducing the Data-Based Access Control Paradigm
Proceedings of the 23rd Annual IFIP WG 11.3 Working Conference on Data and Applications Security XXIII
Privacy provision in e-learning standardized systems: status and improvements
Computer Standards & Interfaces
Fine-grained sticky provenance architecture for office documents
IWSEC'07 Proceedings of the Security 2nd international conference on Advances in information and computer security
Multi-layer audit of access rights
SDM'07 Proceedings of the 4th VLDB conference on Secure data management
A digital rights management model for healthcare
POLICY'09 Proceedings of the 10th IEEE international conference on Policies for distributed systems and networks
Extending XACML access control architecture for allowing preference-based authorisation
TrustBus'10 Proceedings of the 7th international conference on Trust, privacy and security in digital business
Data usage control in the future internet cloud
The future internet
Purpose control: did you process the data for the intended purpose?
SDM'11 Proceedings of the 8th VLDB international conference on Secure data management
An algebra for enterprise privacy policies closed under composition and conjunction
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Policy-based integration of user and provider-sided identity management
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Controlling access to documents: a formal access control model
ETRICS'06 Proceedings of the 2006 international conference on Emerging Trends in Information and Communication Security
Policy-based cryptography and applications
FC'05 Proceedings of the 9th international conference on Financial Cryptography and Data Security
Security and trust requirements engineering
Foundations of Security Analysis and Design III
Minimal disclosure in hierarchical hippocratic databases with delegation
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
Privacy injector — automated privacy enforcement through aspects
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
A systemic approach to automate privacy policy enforcement in enterprises
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
A comparative study of privacy mechanisms and a novel privacy mechanism [short paper]
ICICS'09 Proceedings of the 11th international conference on Information and Communications Security
Enforcing sticky policies with TPM and virtualization
INTRUST'11 Proceedings of the Third international conference on Trusted Systems
Privacy assurance: bridging the gap between preference and practice
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Usage control in service-oriented architectures
TrustBus'07 Proceedings of the 4th international conference on Trust, Privacy and Security in Digital Business
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
A Value Sensitive Design Investigation of Privacy Enhancing Tools in Web Browsers
Decision Support Systems
Understanding privacy policies
Empirical Software Engineering
Policy-driven role-based access management for ad-hoc collaboration
Journal of Computer Security
| Hi-index | 0.00 |
Enterprises collect a large amount of personal data about their customers. Even though enterprises promise privacy to their customers using privacy statements or P3P, there is no methodology to enforce these promises throughout and across multiple enterprises. This article describes the Platform for Enterprise Privacy Practices (E-P3P), which defines technology for privacy-enabled management and exchange of customer data. Its comprehensive privacy-specific access control language expresses restrictions on the access to personal data, possibly shared between multiple enterprises. E-P3P separates the enterprise-specific deployment policy from the privacy policy that covers the complete life cycle of collected data. E-P3P introduces a viable separation of duty between the three "administrators" of a privacy system: The privacy officer designs and deploys privacy policies, the security officer designs access control policies, and the customers can give consent while selecting opt-in and opt-out choices.