The Ponder Policy Specification Language
POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
A Policy Language for a Pervasive Computing Environment
POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Deriving individual obligations from collective obligations
AAMAS '03 Proceedings of the second international joint conference on Autonomous agents and multiagent systems
Obligation Policies: An Enforcement Platform
POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
On the modeling and analysis of obligations
Proceedings of the 13th ACM conference on Computer and communications security
POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
A general obligation model and continuity: enhanced policy enforcement engine for usage control
Proceedings of the 13th ACM symposium on Access control models and technologies
An obligation model bridging access control policies and privacy policies
Proceedings of the 13th ACM symposium on Access control models and technologies
A privacy-aware access control system
Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Formalization and Management of Group Obligations
POLICY '09 Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks
ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A policy language for distributed usage control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
On the management of user obligations
Proceedings of the 16th ACM symposium on Access control models and technologies
Ensuring authorization privileges for cascading user obligations
Proceedings of the 17th ACM symposium on Access Control Models and Technologies
Hi-index | 0.00 |
Privacy policies defines rights and obligations on data (e.g. personally identifiable information) collected by services. Tackling privacy policies in a service oriented architecture spanning multiple trust domains is difficult because it requires a common specification and distributed enforcement. This paper focuses on the specification and enforcement of obligations. We describe the requirements, the resulting language, and its implementation. Finally, we compare our results with obligation support in the state of the art. The key contribution of this work is to bridge the gap between specific mechanisms to enforce obligations and underspecified support for obligations in today's access control and data handling policy languages.