Obligation language and framework to enable privacy-aware SOA

Authors:
Muhammad Ali;Laurent Bussard;Ulrich Pinsdorf
Affiliations:
European Microsoft Innovation Center, Aachen, Germany;European Microsoft Innovation Center, Aachen, Germany;European Microsoft Innovation Center, Aachen, Germany
Venue:
DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security
Year:
2009

Citing 13
Cited 2

The Ponder Policy Specification Language

POLICY '01 Proceedings of the International Workshop on Policies for Distributed Systems and Networks
A Policy Language for a Pervasive Computing Environment

POLICY '03 Proceedings of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks
Deriving individual obligations from collective obligations

AAMAS '03 Proceedings of the second international joint conference on Autonomous agents and multiagent systems
Obligation Policies: An Enforcement Platform

POLICY '05 Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks
On the modeling and analysis of obligations

Proceedings of the 13th ACM conference on Computer and communications security
On Parametric Obligation Policies: Enabling Privacy-Aware Information Lifecycle Management in Enterprises

POLICY '07 Proceedings of the Eighth IEEE International Workshop on Policies for Distributed Systems and Networks
Privacy-aware role based access control

Proceedings of the 12th ACM symposium on Access control models and technologies
A general obligation model and continuity: enhanced policy enforcement engine for usage control

Proceedings of the 13th ACM symposium on Access control models and technologies
An obligation model bridging access control policies and privacy policies

Proceedings of the 13th ACM symposium on Access control models and technologies
A privacy-aware access control system

Journal of Computer Security - 20th Annual IFIP WG 11.3 Working Conference on Data and Applications Security (DBSec'06)
Formalization and Management of Group Obligations

POLICY '09 Proceedings of the 2009 IEEE International Symposium on Policies for Distributed Systems and Networks
On obligations

ESORICS'05 Proceedings of the 10th European conference on Research in Computer Security
A policy language for distributed usage control

ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security

On the management of user obligations

Proceedings of the 16th ACM symposium on Access control models and technologies
Ensuring authorization privileges for cascading user obligations

Proceedings of the 17th ACM symposium on Access Control Models and Technologies

Quantified Score

Hi-index	0.00

Visualization

Abstract

Privacy policies defines rights and obligations on data (e.g. personally identifiable information) collected by services. Tackling privacy policies in a service oriented architecture spanning multiple trust domains is difficult because it requires a common specification and distributed enforcement. This paper focuses on the specification and enforcement of obligations. We describe the requirements, the resulting language, and its implementation. Finally, we compare our results with obligation support in the state of the art. The key contribution of this work is to bridge the gap between specific mechanisms to enforce obligations and underspecified support for obligations in today's access control and data handling policy languages.