Fatema, K. and Chadwick, D.W. and Van Alsenoy, B. (2012) Extracting Access Control and Conflict Resolution Policies from European Data Protection Law. In: Camenisch, Jan and Crispo, Bruno and Fischer-Hübner, Simone and Leenes, Ronald and Russello, Giovanni, eds. Privacy and Identity Management for Life. IFIP Advances in Information and Communication Technology, 375 . Springer Boston, pp. 59-72. ISBN 9783642316678.
This paper presents the extraction of a legal access control policy and a conflict resolution policy from the EU Data Protection Directive . These policies are installed in a multi-policy authorization infrastructure described in [2, 3]. A Legal Policy Decision Point (PDP) is constructed with a legal access control policy to provide automated decisions based on the relevant legal provisions. The legal conflict resolution policy is configured into a Master PDP to make sure that the legal access control policy gets priority over access control policies provided by other authorities i.e. the data subject, the data issuer and the data controller. We describe how clauses of the Directive are converted into access control rules based on attributes of the subject, action, resource and environment. There are currently some limitations in the conversion process, since the majority of provisions requires additional interpretation by humans. These provisions cannot be converted into deterministic rules for the PDP. Other provisions do allow for the extraction of PDP rules but need to be tailored to the application environment before they are configured into the Legal PDP.
|Item Type:||Book section|
|Uncontrolled keywords:||Legal PDP; Legal Access Control Policy; Conflict Resolution Policy; EU Data Protection Directive|
|Subjects:||Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,|
|Divisions:||Faculties > Science Technology and Medical Studies > School of Computing > Security Group|
|Depositing User:||David Chadwick|
|Date Deposited:||25 Oct 2012 16:14|
|Last Modified:||14 Mar 2013 14:41|
|Resource URI:||http://kar.kent.ac.uk/id/eprint/31974 (The current URI for this page, for reference purposes)|
- Depositors only (login required):