Skip to main content
SpringerLink
Log in
Book cover

International Conference on Trust, Privacy and Security in Digital Business

TrustBus 2004: Trust and Privacy in Digital Business pp 120–131Cite as

Dealing with Privacy Obligations: Important Aspects and Technical Approaches

  • Conference paper

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3184))

Abstract

The management and enforcement of privacy obligations is a challenging task: it involves legal, organizational, behavioral and technical aspects. This area is relevant for enterprises and government agencies that deal with personal identity information. Privacy and data protection laws already regulate some of the related aspects. Technical work has been done for the management of obligations subordinated to authorization aspects and simple data retention obligations: however, dealing with ongoing and long-term aspects of obligations is still a green field and open to research. This paper explores and analyses the explicit management of privacy obligations for identity information. It focuses on technical aspects even if the problem cannot be solved only by deploying technological solutions. Mechanisms are required to represent, manage, monitor and enforce obligation policies in complex and heterogeneous environments. Our research is work in progress: we illustrate some of our technical work and investigations in this space.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Laurant, C.: Privacy International: Privacy and Human Rights 2003: an International Survey of Privacy Laws and Developments, Electronic Privacy Information Center (EPIC), Privacy International (2003), http://www.privacyinternational.org/survey/phr2003/

  2. OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (1980), http://www1.oecd.org/publications/e-book/9302011E.PDF

  3. Online Privacy Alliance: Guidelines for Online Privacy Policies. Online Privacy Alliance (2004), http://www.privacyalliance.org/

  4. Karjoth, G., Schunter, M.: A Privacy Policy Model for Enterprises. In: 15th IEEE Computer Foundations Workshop, IBM Research, Zurich (2002)

    Google Scholar 

  5. Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacyenabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Schunter, M., Ashley, P.: The Platform for Enterprise Privacy Practices. IBM Zurich Research Laboratory (2002)

    Google Scholar 

  7. Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises. IBM Zurich Research Laboratory, TrustBus 2002 (2002)

    Google Scholar 

  8. IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL 1.1 specification. IBM (2004), http://www.zurich.ibm.com/security/enterprise-privacy/epal/

  9. Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Privacy and Identity Information. In: Snekkenes, E., Gollmann, D. (eds.) ESORICS 2003. LNCS, vol. 2808, pp. 146–161. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. IBM: IBM Tivoli Storage Manager for Data Retention (2004)

    Google Scholar 

  11. Bettini, C., Jajodia, S., Sean Wang, X., Wijesekera, D.: Obligation Monitoring in Policy Management (2002)

    Google Scholar 

  12. Damianou, N., Dulay, N., Lupu, E., Sloman, M.: The Ponder Policy Specification Language (2001)

    Google Scholar 

  13. Housley, R., Ford, W., Polk, W., Solo, D.: RFC2459: Internet X.509 Public Key Infrastructure Certificate and CRL profile. IETF (1999)

    Google Scholar 

  14. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. IBM Almaden Research Center (2002)

    Google Scholar 

  15. Anderson, R.J.: The Eternity Service. In: Proc. PRAGO-CRYPT 1996, CTU Publishing House, Prague (1996)

    Google Scholar 

  16. Ellison, R.J., Fisher, D.A., Linger, R.C., Lipson, H.F., Longstaff, T.A., Mead, N.R.: Survivability: Protecting your Critical Systems. In: Proceeding of the International Conference of Requirements Engineering (1998)

    Google Scholar 

  17. Kubiatowicz, J., Bibdel, D., Chen, Y., Czerwinski, S., Eaton, P., Geels, D., Gummadi, R., Rhea, D., Weatherspoon, H., Weimer, W., Wells, C., Zao, B.: OceanStore: An Architecture for Global Scale Persistent Storage. In: ASPLOS 2000, University of California, Berkeley (2000)

    Google Scholar 

  18. Neumann, P.G.: Practical Architectures for Survivable Systems and Networks. SRI International, Army Research Lab (1999)

    Google Scholar 

  19. Wylie, J.J., Bigrigg, M.W., Strunk, J.D., Ganger, G.R., Kiliccote, H., Khosia, P.K.: Survivable Information Storage Systems. IEEE Computer (2000)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hewlett-Packard Laboratories, Filton Road, Stoke Gifford, BS34 8BF, Bristol, UK

    Marco Casassa Mont

Authors
  1. Marco Casassa Mont
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Dept. of Technology Education and Digital Systems, University of Piraeus, 150 Androutsou St., GR-18532, Pireaus, Greece

    Sokratis Katsikas

  2. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

  3. University of Regensburg, Universitätsstraße 31, Regensburg, Germany

    Günther Pernul

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Casassa Mont, M. (2004). Dealing with Privacy Obligations: Important Aspects and Technical Approaches. In: Katsikas, S., Lopez, J., Pernul, G. (eds) Trust and Privacy in Digital Business. TrustBus 2004. Lecture Notes in Computer Science, vol 3184. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30079-3_13

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30079-3_13

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-22919-3

  • Online ISBN: 978-3-540-30079-3

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation