Role-Based Access Control Models
Computer
Open letter to P3P developers & replies
Proceedings of the tenth conference on Computers, freedom and privacy: challenging the assumptions
The role-based access control system of a European bank: a case study and discussion
SACMAT '01 Proceedings of the sixth ACM symposium on Access control models and technologies
Use of a P3P user agent by early adopters
Proceedings of the 2002 ACM workshop on Privacy in the Electronic Society
Privacy-Enabled Services for Enterprises
DEXA '02 Proceedings of the 13th International Workshop on Database and Expert Systems Applications
Translating Privacy Practices into Privacy Promises—How to Promise What You Can Keep
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Specifying privacy policies with P3P and EPAL: lessons learned
Proceedings of the 2004 ACM workshop on Privacy in the electronic society
Enterprise privacy promises and enforcement
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
SWS '04 Proceedings of the 2004 workshop on Secure web service
Protecting privacy with the MPEG-21 IPMP framework
PET'06 Proceedings of the 6th international conference on Privacy Enhancing Technologies
On implementing mpeg-21 intellectual property management and protection
Proceedings of the 2007 ACM workshop on Digital Rights Management
Privacy policies compliance across digital identity management systems
SPRINGL '08 Proceedings of the SIGSPATIAL ACM GIS 2008 International Workshop on Security and Privacy in GIS and LBS
Enforcing purpose of use via workflows
Proceedings of the 8th ACM workshop on Privacy in the electronic society
A rights management approach to protection of privacy in a cloud of electronic health records
Proceedings of the 11th annual ACM workshop on Digital rights management
Understanding privacy policies
Empirical Software Engineering
Hi-index | 0.00 |
The protection of privacy has gained considerable attention recently. In response to this, new privacy protection systems are being introduced. SITDRMis one such system that protects private data through the enforcement of licenses provided by consumers. Prior to supplying data, data owners are expected to construct a detailed license for the potential data users. A license specifies whom, under what conditions, may have what type of access to the protected data. The specification of a license by a data owner binds the enterprise data handling to the consumer's privacy preferences. However, licenses are very detailed, may reveal the internal structure of the enterprise and need to be kept synchronous with the enterprise privacy policy. To deal with this, we employ the Platform for Privacy Preferences Language (P3P) to communicate enterprise privacy policies to consumers and enable them to easily construct data licenses. A P3P policy is more abstract than a license, allows data owners to specify the purposes for which data are being collected and directly reflects the privacy policy of an enterprise.