The Architecture of a Privacy-Aware Access Control Decision Component

  • Claudio A. Ardagna
  • Marco Cremonini
  • Ernesto Damiani
  • Sabrina De Capitani di Vimercati
  • Pierangela Samarati
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3956)


Today many interactions are carried out online through Web sites and e-services and often private and/or sensitive information is required by service providers. A growing concern related to this widespread diffusion of on-line applications that collect personal information is that users’ privacy is often poorly managed and sometimes abused. For instance, it is well known how personal information is often disclosed to third parties without the consent of legitimate data owners or that there are professional services specialized on gathering and correlating data from heterogeneous repositories, which permit to build user profiles and possibly to disclose sensitive information not voluntarily released by their owners. For these reasons, it has gained great importance to design systems able to fully preserve information privacy by managing in a trustworthy and responsible way all identity and profile information.

In this paper, we investigate some problems concerning identity management for e-services and present the architecture of the Access Control Decision Function, a software component in charge of managing access request in a privacy-aware fashion. The content of this paper is a result of our ongoing activity in the framework of the PRIME project (Privacy and Identity Management for Europe) [18], funded by the European Commission, whose objective is the development of privacy-aware solutions for enforcing security.


Access Control Access Control Policy Access Control Model Access Request Privacy Preference 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: A Web Service Architecture for Enforcing Access Control Policies. In: Proc. of the First International Workshop on Views On Designing Complex Architectures (VODCA 2004), Bertinoro, Italy, September 11-12 (2004)Google Scholar
  2. 2.
    Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Towards Privacy-Enhanced Authorization Policies and Languages. In: Proc. of the 19th Annual IFIPWG 11.3 Working Conference on Data and Applications Security (IFIP), Nathan Hale Inn, University of Connecticut, Storrs, USA, August 7-10 (2005)Google Scholar
  3. 3.
    Ardagna, C.A., De Capitani di Vimercati, S.: A comparison of modeling strategies in defining XML-based access control languages. Computer Systems Science & Engineering Journal (2004)Google Scholar
  4. 4.
    Ashley, P., Hada, S., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language(EPAL). IBM Research (2003)Google Scholar
  5. 5.
    Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P privacy policies and privacy authorization. In: Proc. of the ACM workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA, November 21 (2002)Google Scholar
  6. 6.
    Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: Proc. of the IEEE 6th International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, June 6-8 (2005)Google Scholar
  7. 7.
    Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002)CrossRefGoogle Scholar
  8. 8.
    Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification,
  9. 9.
    Damiani, E., Corallo, A., Elia, G.: A Knowledge Management System Enabling Regional Innovation. In: Proc. of the VI international conference on Knowledge-Based Intelligent Information & Engineering Systems (KES 2002), Crema, Italy, September 16-18 (2002)Google Scholar
  10. 10.
    De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Access control: Principles and solutions. Software – Practice and Experience 33(5), 397–421 (2003)CrossRefGoogle Scholar
  11. 11.
    Farrell, S., Housley, R.: An Internet Attribute Certificate for Authorization. Request For Comments 3281, Internet Engineering Task Force (2002)Google Scholar
  12. 12.
    Gunter, C.A., May, M.J., Stubblebine, S.G.: A Formal Privacy System and its Application to Location Based Services. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 256–282. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    International Security, Trust, and Privacy Alliance (ISTPA),
  14. 14.
    ITU Telecommunication Standardization Sector (ITU-T). Information Technology Open Systems Interconnection - The Directory: Authentication Framework. Recommendation X.509 (03/00), International Telecommunication Union (2000)Google Scholar
  15. 15.
    Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 18–28 (2001)CrossRefMATHGoogle Scholar
  16. 16.
  17. 17.
    Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises. In: Proc. of the 13th International Conference on Database and Expert Systems Applications (DEXA 2002), Aix-en-Provence, France, September 2-6 (2002)Google Scholar
  18. 18.
    PRIME (Privacy and Identity Management for Europe),
  19. 19.
    Reasoning on the Web (REWERSE),
  20. 20.
    Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
  22. 22.
    XACML - (eXtensible Access Control Markup Language),

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Claudio A. Ardagna
    • 1
  • Marco Cremonini
    • 1
  • Ernesto Damiani
    • 1
  • Sabrina De Capitani di Vimercati
    • 1
  • Pierangela Samarati
    • 1
  1. 1.Dipartimento di Tecnologie dell’InformazioneUniversità degli Studi di MilanoCremaItaly

Personalised recommendations