Skip to main content
SpringerLink
Log in

Extending XACML Access Control Architecture for Allowing Preference-Based Authorisation

  • Conference paper
Trust, Privacy and Security in Digital Business (TrustBus 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6264))

Abstract

European data protection regulation states that organisations must have data subjects’ consent to use their personally identifiable information (PII) for a variety of purposes. Solutions have been proposed which generally handle consent in a coarse-grained way, by means of opt in/out choices. However, we believe that consent’s representation should be extended to allow data subjects to express a rich set of conditions under which their PII can be used. In this paper we introduce and discuss an approach enabling the representation of consent as fine-grained preferences. To enforce such consent, we leverage and extend the current standard XACML architecture and framework. As data collectors maintain links between PII and associated preferences, preferences should also be considered as part of this PII. Therefore our solution prevents access control components from directly accessing any PII.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. UK Parliament: Data Protection Act 1998 (1998), http://www.opsi.gov.uk/acts/acts1998/ukpga19980029en1 (accessed October 1, 2009)

  2. The European Parliament and the Council of 24 October 1995: Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (1995), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:31995L0046:EN:HTML (accessed October 1, 2009)

  3. W3C: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (2002), http://www.w3.org/TR/P3P/ (accessed October 2, 2009)

  4. Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  5. OASIS: eXtensible Access Control Markup Language (XACML) Version 2.0 (February 2005), http://docs.oasis-open.org/xacml/2.0/accesscontrol-xacml-2.0-core-spec-os.pdf (accessed September 29, 2009)

  6. Prime project: Prime project website, https://www.prime-project.eu/ (accessed March 26, 2010)

  7. EnCoRe Project: EnCoRe project website, http://www.encore-project.info/ (accessed October 26, 2009)

  8. Agrawal, R., Kiernan, J., Srikant, R., Xu, Y.: Hippocratic Databases. In: Proceedings of the 28th VLDB Conference, Hong Kong, China, pp. 143–154 (2002), http://www.almaden.ibm.com/cs/projects/iis/hdb/Publications/papers/vldb02hippocratic.pdf (accessed October 2, 2009)

  9. Byun, J.W., Li, N.: Purpose based access control for privacy protection in relational database systems. The VLDB Journal 17(4), 603–619 (2008)

    Article  Google Scholar 

  10. IBM: The Enterprise Privacy Authorization Language (EPAL), EPAL 1.2 specification, http://www.zurich.ibm.com/security/enterprise-privacy/epal/Specification/index.html (accessed October 2, 2009)

  11. Anderson, A.H.: A comparison of two privacy policy languages: EPAL and XACML. In: SWS ’06: Proceedings of the 3rd ACM Workshop on Secure Web Services, pp. 53–60. ACM, New York (2006)

    Chapter  Google Scholar 

  12. OASIS: Privacy policy profile of XACML v2.0 (February 2005), http://docs.oasis-open.org/xacml/2.0/accesscontrol-xacml-2.0-privacyprofile-spec-os.pdf (accessed September 29, 2009)

  13. Casassa Mont, M., Thyne, R., Bramhall, P.: Privacy Enforcement with HP Select Access for Regulatory Compliance (2005), http://www.hpl.hp.com/techreports/2005/HPL-2005-10.html (accessed October 2, 2009)

  14. Kolter, J., Schillinger, R., Pernul, G.: A privacy-enhanced attribute-based access control system. In: DBSec, pp. 129–143 (2007)

    Google Scholar 

  15. Liberty Alliance Project: Identity Governance web page, http://www.projectliberty.org/strategic_initiatives/identity_governance (accessed September 29, 2009)

  16. Hunt, P., Levinson, R.: AAPML: Attribute Authority Policy Markup Language (November 2006), http://www.oracle.com/technology/tech/standards/idm/igf/pdf/IGF-AAPML-spec-08.pdf (accessed September 30, 2009)

  17. Pohlman, M.B.: Oracle Identity Management Governance, Risk, and Compliance Architecture, 3rd edn. Auerbach Publications (2008)

    Google Scholar 

  18. Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control. RFC 2753 (Informational), Internet Engineering Task Force (January 2000), http://tools.ietf.org/pdf/rfc2753.pdf (accessed September 29, 2009)

  19. Zeilenga, K.: Lightweight Directory Access Protocol version 3 (LDAPv3): All Operational Attributes. RFC 3673, http://www.ietf.org/rfc/rfc3673.txt (accessed February 1, 2010)

  20. Chamberlin, D.D., Boyce, R.F.: A structured English query language. In: FIDET ’74: Proceedings of the 1974 ACM SIGFIDET (now SIGMOD) Workshop on Data Description, Access and Control, pp. 249–264. ACM, New York (1974)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Hewlett-Packard Laboratories, Long Down Avenue ,Stoke Gifford, Bristol, BS34 8QZ, United Kingdom

    Gina Kounga, Marco Casassa Mont & Pete Bramhall

Authors
  1. Gina Kounga
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco Casassa Mont
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pete Bramhall
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Digital Systems, University of Piraeus, 18534, Piraeus, Greece

    Sokratis Katsikas

  2. Computer Science Department, University of Malaga, 29071, Malaga, Spain

    Javier Lopez

  3. Department of Telematics Engineering, Technical University of Catalonia, 08034, Barcelona, Spain

    Miguel Soriano

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kounga, G., Mont, M.C., Bramhall, P. (2010). Extending XACML Access Control Architecture for Allowing Preference-Based Authorisation. In: Katsikas, S., Lopez, J., Soriano, M. (eds) Trust, Privacy and Security in Digital Business. TrustBus 2010. Lecture Notes in Computer Science, vol 6264. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-15152-1_14

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-15152-1_14

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-15151-4

  • Online ISBN: 978-3-642-15152-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation