Skip to main content

Extracting Access Control and Conflict Resolution Policies from European Data Protection Law

Fatema, Kaniz and Chadwick, David W. and van Alsenoy, Brendan (2012) Extracting Access Control and Conflict Resolution Policies from European Data Protection Law. In: Camenisch, Jan and Crispo, Bruno and Fischer-Hübner, Simone and Leenes, Ronald and Russello, Giovanni, eds. Privacy and Identity Management for Life. IFIP Advances in Information and Communication Technology, 375 . Springer Boston, pp. 59-72. ISBN 978-3-642-31667-8. (doi:10.1007/978-3-642-31668-5_5) (KAR id:31974)

Abstract

This paper presents the extraction of a legal access control policy and a conflict resolution policy from the EU Data Protection Directive [1]. These policies are installed in a multi-policy authorization infrastructure described in [2, 3]. A Legal Policy Decision Point (PDP) is constructed with a legal access control policy to provide automated decisions based on the relevant legal provisions. The legal conflict resolution policy is configured into a Master PDP to make sure that the legal access control policy gets priority over access control policies provided by other authorities i.e. the data subject, the data issuer and the data controller. We describe how clauses of the Directive are converted into access control rules based on attributes of the subject, action, resource and environment. There are currently some limitations in the conversion process, since the majority of provisions requires additional interpretation by humans. These provisions cannot be converted into deterministic rules for the PDP. Other provisions do allow for the extraction of PDP rules but need to be tailored to the application environment before they are configured into the Legal PDP.

Item Type: Book section
DOI/Identification number: 10.1007/978-3-642-31668-5_5
Uncontrolled keywords: Legal PDP; Legal Access Control Policy; Conflict Resolution Policy; EU Data Protection Directive
Subjects: Q Science > QA Mathematics (inc Computing science) > QA 76 Software, computer programming,
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: David Chadwick
Date Deposited: 25 Oct 2012 16:14 UTC
Last Modified: 16 Nov 2021 10:09 UTC
Resource URI: https://kar.kent.ac.uk/id/eprint/31974 (The current URI for this page, for reference purposes)

University of Kent Author Information

  • Depositors only (login required):

Total unique views for this document in KAR since July 2020. For more details click on the image.