Book ChapterDOI
A Toolkit for Managing Enterprise Privacy Policies
Michael Backes,Birgit Pfitzmann,Matthias Schunter +2 more
- pp 162-180
Reads0
Chats0
TLDR
In this article, an enterprise privacy policy often reflects different legal regulations, promises made to customers, as well as more restrictive internal practices of the enterprise, and it may allow customer preferences Hence it may be authored, maintained, and audited in a distributed fashion.Abstract:
Enterprise privacy enforcement allows enterprises to internally enforce a privacy policy that the enterprise has decided to comply to An enterprise privacy policy often reflects different legal regulations, promises made to customers, as well as more restrictive internal practices of the enterprise Further, it may allow customer preferences Hence it may be authored, maintained, and audited in a distributed fashionread more
Citations
More filters
Proceedings ArticleDOI
Privacy and contextual integrity: framework and applications
TL;DR: This work formalizes some aspects of contextual integrity in a logical framework for expressing and reasoning about norms of transmission of personal information to capture naturally many notions of privacy found in legislation, including those found in HIPAA, COPPA, and GLBA.
Journal ArticleDOI
Distributed usage control
TL;DR: Using a server-side architecture to connect specialized enforcement mechanisms with usage control requirements and policies and to provide real-time information about usage control policies.
Book ChapterDOI
A policy language for distributed usage control
TL;DR: Translations between OSL and two rights expression languages (RELs) from the DRM area make it possible to use DRM mechanisms to enforce OSL policies and enhance the interoperability of DRM mechanisms.
Journal ArticleDOI
Towards the development of privacy-aware systems
Paolo Guarda,Nicola Zannone +1 more
TL;DR: The objective of this work is to provide a reference base for the development of methodologies tailored to design privacy-aware systems to be compliant with data protection regulations.
Proceedings ArticleDOI
Privacy APIs: access control techniques to analyze and verify legal privacy policies
TL;DR: This paper describes techniques to formalize regulatory privacy rules and how to exploit this formalization to analyze the rules automatically and validate the usefulness of the formalism by using the SPIN model checker to verify properties that distinguish the two versions of HIPAA.
References
More filters
Proceedings ArticleDOI
How to Declare Access Control Policies for XML Structured Information Objects using OASIS' eXtensible Access Control Markup Language (XACML)
TL;DR: This paper introduces a novel approach for declaring information object related access restrictions, based on a valid XML encoding, and shows, how the access restrictions can be declared using XACML and Xpath.
Journal ArticleDOI
Flexible support for multiple access control policies
TL;DR: A unified framework that can enforce multiple access control policies within a single system and be enforced by the same security server is presented, based on a language through which users can specify security policies to be enforced on specific accesses.
Journal ArticleDOI
An algebra for composing access control policies
TL;DR: An algebra of security policies together with its formal semantics is proposed and how to formulate complex policies in the algebra is illustrated, which provides the basis for the implementation of the algebra.
Journal ArticleDOI
Policy hierarchies for distributed systems management
TL;DR: The paper explores the refinement of general high-level policies into a number of more specific policies to form a policy hierarchy in which each policy in the hierarchy represents, to its maker, his plans to meet his objectives and, to the subject, the objectives which he must plan to meet.
Journal Article
Platform for enterprise privacy practices: Privacy-enabled management of customer data
TL;DR: The Platform for Enterprise Privacy Practices (E-P3P) as mentioned in this paper defines technology for privacy-enabled management and exchange of customer data, which separates the enterprise-specific deployment policy from the privacy policy that covers the complete life cycle of collected data.