A Temporal Access Control Mechanism for Database Systems
IEEE Transactions on Knowledge and Data Engineering
Establishing Business Rules for Inter-Enterprise Electronic Commerce
DISC '00 Proceedings of the 14th International Conference on Distributed Computing
An integrated approach to engineer and enforce context constraints in RBAC environments
ACM Transactions on Information and System Security (TISSEC)
GEO-RBAC: A spatially aware RBAC
ACM Transactions on Information and System Security (TISSEC)
The concept of decentralized and secure electronic marketplace
Electronic Commerce Research
Context-Aware Computing Applications
WMCSA '94 Proceedings of the 1994 First Workshop on Mobile Computing Systems and Applications
Law-aware access control for international financial environments
Proceedings of the Eighth ACM International Workshop on Data Engineering for Wireless and Mobile Access
| Hi-index | 0.00 |
Cross-border access to a variety of data defines the daily business of many global companies, including financial institutions. These companies are obliged by law and need to fulfill security objectives specified by legislation. Therefore, they control access to prevent unauthorized users from using data. Security objectives, for example confidentiality or secrecy, are often defined in the widespread eXtensible Access Control Markup Language that promotes interoperability between different systems. In this paper, we show the necessity of incorporating the requirements of sets of legislation into access control. To this end, we describe our legislation model, various types of contextual information, and their interrelationship. We introduce a new policy-combining algorithm that respects the different precedence of laws of different controlling authorities. Finally, we demonstrate how laws may be transformed into policies using the eXtensible Access Control Markup Language.