Automating privacy compliance with ExPDT

Proceedings - 10th IEEE Joint Conference on E-Commerce Technology and the 5th Enterprise Computing, E-Commerce and E-Services, CEC 2008 and EEE 2008

Volumn , Issue , 2008, Pages 87-94

  Kähmer, Martin ^a   Gilliot, Maike ^a   Müller, Günter ^a  

^a UNIVERSITY OF FREIBURG   (Germany)

Author keywords

[No Author keywords available]

Indexed keywords

ECONOMIC POTENTIALS; IN LINES; INCOMPLETE CONTROLS; PERSONALIZED SERVICES; PRIVACY COMPLIANCES; SERVICE PROVIDERS;

CUSTOMER SATISFACTION; DATA PRIVACY; ELECTRONIC COMMERCE; FORMAL LANGUAGES;

SALES;

EID: 78650760999     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/CECandEEE.2008.122     Document Type: Conference Paper

References (29)

1. R. Accorsi. Policies and Research in Identity Management, chapter Automated Privacy Audits to Complement the Notion of Control for Identity Management. IFIP, 2008 (to appear).
2. P. Ashley, S. Hada, G. Karjoth, C. Powers, and M. Schunter. Enterprise privacy authorization language. Technical report, IBM Research, 2003.
3. J. Bace and C. Rozwell. Understanding the Components of Compliance. Report G00137902, Gartner, 2006.
4. M. Backes, G. Karjoth, W. Bagga, and M. Schunter. Efficient comparison of enterprise privacy policies. In Proceedings of 2004 ACM Symposium on Applied Computing, pages 375-382, 2004.
5. C. Biblin, S. Müller, and B. Pfitzmann. From Regulatory Policies to Event Monitoring Rules: Towards Model-Driven Compliance Automation. Technical report, IBM Research Zurich, 2006.
6. T. Breaux, A. Anton, C. Karat, and J. Karat. Enforceability vs. Accountability in Electronic Policies. In Proc. of the 7th IEEE International Workshop on Policies for Distributed Systems and Networks (POLICY'06). IEEE, 2006.
7. Bundesverfassungsgericht. Volkszählungsurteil. Decision of Bundesverfassungsgericht, Vol.65. Judgment from 15.12.1983; Az.: 1 BvR 209/83; NJW 84, 419., 1983. (in German).
8. L. F. Cranor, M. Langheinrich, and M. Marchiori. A P3P Preference Exchange Language 1.0 (APPEL). Technical report, W3C, 2005.
9. N. Damianou, N. Dulay, E. Lupu, and M. Sloman. The ponder policy specification language. In M. Sloman, editor, Proceedings of Policy Workshop, LNCS, volume 1995, January 2001.
10. J. H. Gallier. Logic for Computer Science. John Wiley and Sons, 1988.
11. K. W. Halmen, G. Morrisett, and F. B. Schneider. Computability classes for enforcement mechanisms. ACM Transactions on Programming Languages and Systems, 2006.
12. M. Hilty, D. Basin, and A. Pretschner. On obligations. In Proc. of 10th European Symposium On Research In Computer Security (ESORICS), pages 98 - 117, 2005.
13. M. Hilty, A. Pretschner, D. Basin, C. Schaefer, and T. Walter. A Policy Language for Distributed Usage Control. In Proceedings of the 12th European Symposium on Research in Computer Security, 2007.
14. K. Irwin, T. Yu, and W. H. Winsborough. On the Modeling and Analysis of Obligations. In Proceedings of the ACM Conference on Computer and Communications Security (CCS), Alexandria, VA, 2006.
15. M. Kähmer and M. Gilliot. Extended Privacy Definition Tool. In Proceedings of the Multikonferenz Wirtschaftsinformatik (MKWI 2008). To Appear, 2008.
16. M. Kähmer and R. Accorsi. Kundenkarten in hochdynamischen Systemen. In Proceedings of KIVS, 2006. (in German).
17. W. Miedl. Compliance: Kostenfaktor oder Chance für die IT? http://www.zdnet.de/itmanager, February 2006. (in German).
18. T. Moses. extensible access control markup language (xacml), version 2.0, oasis standard. http://xml. coverpages.org/xacml.html, 2004.
19. N. F. Noy. Handbook on Ontologies, chapter Tools for Mapping and Merging Ontologies, pages 365 - 384. SpringerVerlag, 2003.
20. OECD (Organisation for Economic Co-operation and Development). Recommendation of the council concerning guidelines governing the protection of privacy and transborder flows of personal data. http://www.privacy. gov.au/publications/oecdgls.pdf, 1980.
21. A. Pretschner, M. Hilty, and D. Basin. Distributed Usage Control. Communications of the ACM, 49(9):39-44, 2006.
22. Privacy Rights Clearinghouse. A review of the fair information principles: The foundation of privacy public policy. http://www.privacyrights. org/ar/ fairinfo.htm, 2004.
23. D. Raub. Algebraische Spezifikation von Privacy Policies. Master's thesis, TH Karlsruhe, 2004. (in german).
24. D. Raub and R. Steinwandt. An algebra for enterprise privacy policies closed under composition and conjunction. In Proceedings of International Conference on Emerging Trends in Information and Communication Security (ETRICS), pages 132-146, 2006.
25. N. Russell, W. M. P. van der Aalst, and A. H. M. ter Hofstede. Exception Handling Patterns in Process-Aware Information Systems. Technical report, Business Process Management Center, 2006.
26. S. Sackmann and M. Kähmer. ExPDT: A Policy-based Approach for Automating Compliance. Wirtschaftsinformatik, 50(8), 2008. (to appear).
27. S. W. Sadiq, G. Governatori, and K. Namiri. Modeling Control Objectives for Business Process Compliance. In Business Process Management 2007 (BPM07), volume LNCS 4714, pages 149-164, 2007.
28. W3C. Platform for Privacy Preferences (P3P) Project. http://www.w3.org/ P3P/, 2006.
29. Web Services Policy 1.2 - Framework (WS-Policy). http: //www.w3.org/Submission/WS-Policy/, 2007.