Data Governance and Transparency for Collaborative Systems
As social networks, shared editing platforms and other collaborative systems are becoming increasingly popular, the demands for proper protection of the data created and used within these systems grows. Yet, existing access control mechanisms are not suited for the challenges imposed by collaborative systems. Two main challenges should be addressed: collaborative specification of permissions, while ensuring an appropriate levels of control to the different parties involved, and enabling transparency in decision making in cases where the access requirements of these different parties are in conflict. In this paper we propose a data governance model for collaborative systems, which allows the integration of access requirements specified by different users based on their relation with a data object. We also study the practical feasibility of enabling transparency by comparing different deployment options for transparency in XACML.
KeywordsAccess Request Global Policy Policy Decision Point Collaborative System Access Control Mechanism
This work has been partially funded by the ITEA2 projects FedSS (No. 11009) and M2MGrid (No. 13011), the EDA project IN4STARS2.0, and the Dutch national program COMMIT under the THeCS project.
- 2.Damen, S., den Hartog, J., Zannone, N.: CollAC: Collaborative access control. In: Proceedings of CTS, pp. 142–149. IEEE (2014)Google Scholar
- 5.Ghai, S.K., Nigam, P., Kumaraguru, P.: Cue: A framework for generating meaningful feedback in XACML. In: Proceedings of SafeConfig, pp. 9–16. ACM (2010)Google Scholar
- 7.Hu, H., Ahn, G.J., Jorgensen, J.: Multiparty access control for online social networks: model and mechanisms. TKDE 25(7), 1614–1627 (2013)Google Scholar
- 10.Kaluvuri, S.P., Egner, A.I., den Hartog, J., Zannone, N.: SAFAX – Anextensible authorization service for cloud environments. Front. ICT 2(9) (2015)Google Scholar
- 11.Li, N., Wang, Q., Qardaji, W., Bertino, E., Rao, P., Lobo, J., Lin, D.: Access control policy combining: theory meets practice. In: Proceedings of SACMAT, pp. 135–144. ACM (2009)Google Scholar
- 14.OASIS XACML Technical Committee: eXtensible Access Control Markup Language (XACML) Version 2.0 (2005)Google Scholar
- 15.Reeder, R.W., Bauer, L., Cranor, L.F., Reiter, M.K., Vaniea, K.: Effects of access-control policy conflict-resolution methods on policy-authoring usability. CyLab, p. 12 (2009)Google Scholar
- 17.Shen, H., Dewan, P.: Access control for collaborative environments. In: Proceedings of Conference on Computer-supported Cooperative Work, pp. 51–58. ACM (1992)Google Scholar
- 18.Squicciarini, A.C., Shehab, M., Paci, F.: Collective privacy management in social networks. In: Proceedings of WWW, pp. 521–530. ACM (2009)Google Scholar
- 19.Thomas, R.K.: Team-based access control (TMAC): a primitive for applying role-based access controls in collaborative environments. In: Proceedings of RBAC, pp. 13–19. ACM (1997)Google Scholar
- 20.Thomas, R.K., Sandhu, R.S.: Task-based authorization controls (TBAC): A family of models for active and enterprise-oriented authorization management. In: DBSec, pp. 166–181. Springer, Heidelberg (1997)Google Scholar