A conceptual model for privacy policies with consent and revocation requirements

IFIP Advances in Information and Communication Technology

Volumn 352 AICT, Issue , 2011, Pages 258-270

  Casassa Mont, Marco ^a   Pearson, Siani ^a   Creese, Sadie ^b   Goldsmith, Michael ^b   Papanikolaou, Nick ^a  

^a HEWLETT PACKARD LABORATORIES   (United Kingdom)

^b UNIVERSITY OF WARWICK   (United Kingdom)

Author keywords

[No Author keywords available]

Indexed keywords

BUSINESS PRACTICES; COLLABORATIVE PROJECTS; CONCEPTUAL MODEL; ENFORCEMENT PRACTICES; FORMAL MODEL; HIGH-LEVEL APPROACH; IMPACT ASSESSMENTS; LEGAL COMPLIANCE; LOW LEVEL; PERSONAL DATA; PRIVACY MANAGEMENT; PRIVACY POLICIES; PRIVACY REQUIREMENTS; REAL ENVIRONMENTS; TECHNICAL BACKGROUND; TECHNICAL IMPLEMENTATION; TECHNICAL MANAGEMENT;

ACCESS CONTROL;

DATA PRIVACY;

EID: 79958003794     PISSN: 18684238     EISSN: None     Source Type: Book Series    
DOI: 10.1007/978-3-642-20769-3_21     Document Type: Conference Paper

References (29)

1. Mont, M.C.: On the Need to Explicitly Manage Privacy Obligation Policies as Part of Good Data Handling Practices. In: Proceedings of W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, Ispra, Italy, October 17-18 (2006)
2. Mont, M.C., Pearson, S., Kounga, G., Shen, Y., Bramhall, P.: On the Management of Consent and Revocation in Enterprises: Setting the Context. Technical Report HPL-2009-49, HP Labs, Bristol (2009)
3. Cranor, L., Dobbs, B., Egelman, S., Hogben, G., Humphrey, J., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.M., Schunter, M., Stampley, D.A., Wenning, R.: The Platform for Privacy Preferences 1.1 (P3P1.1) Specification. World Wide Web Consortium Note NOTEP3P11-20061113 (2006)
4. Mont, M.C., Thyne, R.: Privacy Policy Enforcement in Enterprises with Identity Management Solutions. In: PST 2006 (2006)
5. OASIS, eXtensible Access Control Markup Language (XACML), http://www.oasis-open.org/committees/tc-home.php?wg-abbrev=xacml
6. Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy-aware role based access control. In: Proceedings of the 12th ACM Symposium on Access Control Models and Technologies, Sophia Antipolis, France, June 20-22, pp. 41-50. ACM, New York (2007)
7. Ferrini, R., Bertino, E.: A Comprehensive Approach for Solving Policy Heterogeneity. In: ICEIS 2009 -Proceedings of the 11th International Conference on Enterprise Information Systems, Milan, Italy, May 6-10, pp. 63-68 (2009)
8. Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: Reaching for Informed Revocation: Shutting Off the Tap on Personal Data. In: Proceedings of Fifth International Summer School on Privacy and Identity Management for Life, Nice, France, September 7-11 (2009)
9. IBM, The Enterprise Privacy Authorization Language (EPAL), EPAL specification, v1.2 (2004), http://www.zurich.ibm.com/security/enterprise- privacy/epal/
10. Vaniea, K., Karat, C., Gross, J.B., Karat, J., Brodie, C.: Evaluating assistance of natural language policy authoring. In: Proc. SOUPS 2008, vol. 337 (2008)
11. IBM, REALM project, http://www.zurich.ibm.com/security/publications/2006/ REALM-at-IRIS2006-20060217.pdf
12. OASIS, eContracts Specification v1.0 (2007), http://www.oasis-open.org/ apps/org/workgroup/legalxml-econtracts
13. Travis, D., Breaux, T., Antón, A.: Analyzing Regulatory Rules for Privacy and Security Requirements. IEEE Transactions on Software Engineering 34(1), 5-20 (2008)
14. W3C, The Platform for Privacy Preferences, v1.0 (2002), http://www.w3.org/TR/P3P/
15. Kenny, S., Borking, J.: The Value of Privacy Engineering. Journal of Information, Law and Technology (JILT) 1 (2002), http://elj.warwick.ac.uk/jilt/ 02-/kenny.html
16. Organization for Economic Co-operation and Development (OECD), Guidelines Governing the Protection of Privacy and Transborder Flow of Personal Data, OECD, Geneva (1980)
17. Borking, J.: Privacy Rules: A Steeple Chase for Systems Architects (2007), http://www.w3.org/2006/07/privacy-ws/papers/04-borking-rules/
18. Cranor, L.: Web Privacy with P3P. O'Reilly & Associates, Sebastopol (2002)
19. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001), http://www-dse.doc.ic.ac.uk/research/policies/ index.shtml
20. PRIME, Privacy and Identity Management for Europe (2008), http://www.prime-project.org.eu
21. IBM: Sparcle project, http://domino.research.ibm.com/comm/research- projects.nsf/pages/sparcle.index.html
22. The GRC-GRID, The Governance, Risk Management and Compliance Global Rules Information Database, http://www.grcroundtable.org/grc-grid.htm
23. Archer: Compliance Management solution, http://www.archer-tech.com
24. Pearson, S., Sander, T., Sharma, R.: A Privacy Management Tool for Global Outsourcing. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., Roudier, Y. (eds.) DPM 2009. LNCS, vol. 5939. Springer, Heidelberg (2010)
25. Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A Privacy-Aware Access Control System. Journal of Computer Security, JCS (2008)
26. Westin, A.: Privacy and Freedom. Athenaeum, New York (1967)
27. Agrafiotis, I., Creese, S., Goldsmith, M., Papanikolaou, N.: The Logic of Consent and Revocation (2010) (submitted)
28. Samarati, P., De Capitani di Vimercati, S.: Access Control: Policies, Models, and Mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)
29. Bonatti, P., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: An Access Control Model for Data Archives. In: Proc. of the 16th International Conference on Information Security, Paris, France (June 2001)