A Privacy Policy Model for Enterprises
CSFW '02 Proceedings of the 15th IEEE workshop on Computer Security Foundations
Inside JetBlue's Privacy Policy Violations
IEEE Security and Privacy
Enterprise privacy promises and enforcement
WITS '05 Proceedings of the 2005 workshop on Issues in the theory of security
Timed constraint programming: a declarative approach to usage control
PPDP '05 Proceedings of the 7th ACM SIGPLAN international conference on Principles and practice of declarative programming
Privacy intrusion detection using dynamic Bayesian networks
ICEC '06 Proceedings of the 8th international conference on Electronic commerce: The new e-commerce: innovations for conquering current barriers, obstacles and limitations to conducting successful business on the internet
A comparison of two privacy policy languages: EPAL and XACML
Proceedings of the 3rd ACM workshop on Secure web services
A Bayesian Network Approach to Detecting Privacy Intrusion
WI-IATW '06 Proceedings of the 2006 IEEE/WIC/ACM international conference on Web Intelligence and Intelligent Agent Technology
Privacy-aware role based access control
Proceedings of the 12th ACM symposium on Access control models and technologies
XACML Policy Integration Algorithms
ACM Transactions on Information and System Security (TISSEC)
Communications of the ACM - Organic user interfaces
Towards the development of privacy-aware systems
Information and Software Technology
Practical declarative network management
Proceedings of the 1st ACM workshop on Research on enterprise networking
A comparison of two privacy policy languages: EPAL and XACML
A comparison of two privacy policy languages: EPAL and XACML
An attribute-based authorization policy framework with dynamic conflict resolution
Proceedings of the 9th Symposium on Identity and Trust on the Internet
Privacy-aware role-based access control
ACM Transactions on Information and System Security (TISSEC)
Minimal privacy authorization in web services collaboration
Computer Standards & Interfaces
Towards high performance security policy evaluation
The Journal of Supercomputing
User controllable security and privacy for mobile mashups
Proceedings of the 12th Workshop on Mobile Computing Systems and Applications
Conditional privacy-aware role based access control
ESORICS'07 Proceedings of the 12th European conference on Research in Computer Security
| Hi-index | 0.00 |
Many modern enterprises require methods for guaranteeing compliance with privacy legislation and announced privacy policies. IBM has proposed a formal language, the Enterprise Privacy Authorization Language (EPAL), for describing privacy policies rigorously. In this paper, we identify four desirable properties of a privacy policy language: guaranteed consistency, guaranteed safety, admitting local reasoning, and closure under combination. While EPAL achieves only one of these four goals, an extended language framework allows us to achieve three out of four, while retaining the basic EPAL framework of restricting access and imposing obligations on users of confidential information.