Abstract
Data usage is of great concern for a user owning the data. Users want assurance that their personal data will be fairly used for the purposes for which they have provided their consent. Moreover, they should be able to withdraw their consent once they want. Actually, consent is captured as a matter of legal record that can be used as legal evidence. It restricts the use and dissemination of information. The separation of consent capturing from the access control enforcement mechanism may help a user to autonomously define the consent evaluation functionality, necessary for the automation of consent decision. In this paper, we present a solution that addresses how to capture, store, evaluate and withdraw consent. The proposed solution preserves integrity of consent, essential to provide a digital evidence for legal proceedings. Furthermore, it accommodates emergency situations when users cannot provide their consent.
Chapter PDF
Similar content being viewed by others
Keywords
References
Anderson, R.J.: A security policy model for clinical information systems. In: Proceedings of 1996 IEEE Symposium on Security and Privacy, pp. 30–43 (May 1996)
Asghar, M.R., Ion, M., Russello, G., Crispo, B.: ESPOON: Enforcing encrypted security policies in outsourced environments. In: The Sixth International Conference on Availability, Reliability and Security, ARES 2011 (2011)
Becker, M.Y., Sewell, P.: Cassandra: distributed access control policies with tunable expressiveness. In: Proceedings of Fifth IEEE International Workshop on Policies for Distributed Systems and Networks, POLICY 2004, pp. 159–168 (2004)
Coiera, E., Clarke, R.: e-Consent: The design and implementation of consumer consent mechanisms in an electronic environment. Journal of the American Medical Informatics Association: JAMIA 11(2), 129–140 (2004)
European Communities. Directive 95/46/ec of the european parliament and of the council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (November 1995), http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:008:0001:0022:EN:PDF
Jin, J., Ahn, G.-J., Hu, H., Covington, M.J., Zhang, X.: Patient-centric authorization framework for sharing electronic health records. In: Proceedings of the 14th ACM Symposium on Access Control Models and Technologies, SACMAT 2009, pp. 125–134. ACM, New York (2009)
Kudo, M.: Pbac: Provision-based access control model. International Journal of Information Security 1, 116–130 (2002), doi:10.1007/s102070100010
OASIS. extensible access control markup language (xacml) version 2.0 (February 2005), http://docs.oasis-open.org/xacml/2.0/access_control-xacml-2.0-core-spec-os.pdf
O’Keefe, C.M., Greenfield, P., Goodchild, A.: A decentralised approach to electronic consent and health information access control. Journal of Research and Practice in Information Technology 37(2) (2005)
Ruan, C., Varadharajan, V.: An Authorization Model for E-consent Requirement in a Health Care Application. In: Zhou, J., Yung, M., Han, Y. (eds.) ACNS 2003. LNCS, vol. 2846, pp. 191–205. Springer, Heidelberg (2003)
Russello, G., Dong, C., Dulay, N.: Consent-based workflows for healthcare management. In: IEEE Workshop on Policies for Distributed Systems and Networks, POLICY 2008, pp. 153–161 (2008)
Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. Computer 29(2), 38–47 (1996)
Verhenneman, G.: Consent, an instrument for patient empowerment? In: Proceedings of the 49th FITCE Congress (2010)
Wuyts, K., Scandariato, R., Verhenneman, G., Joosen, W.: Integrating patient consent in e-health access control. IJSSE 2(2), 1–24 (2011)
Yavatkar, R., Pendarakis, D., Guerin, R.: A Framework for Policy-based Admission Control. RFC 2753 (Informational) (January 2000), http://www.ietf.org/rfc/rfc2753.txt
Zhang, X., Nakae, M., Covington, M.J., Sandhu, R.: A usage-based authorization framework for collaborative computing systems. In: Proceedings of the Eleventh ACM Symposium on Access Control Models and Technologies, SACMAT 2006, pp. 180–189. ACM, New York (2006)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Asghar, M.R., Russello, G. (2012). Flexible and Dynamic Consent-Capturing. In: Camenisch, J., Kesdogan, D. (eds) Open Problems in Network Security. iNetSec 2011. Lecture Notes in Computer Science, vol 7039. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-27585-2_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-27585-2_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-27584-5
Online ISBN: 978-3-642-27585-2
eBook Packages: Computer ScienceComputer Science (R0)