An Ontology-Based Approach for Managing and Maintaining Privacy in Information Systems

  • Dhiah el Diehn I. Abou-Tair
  • Stefan Berlik
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4275)


The use of ontologies in the fields of information retrieval and semantic web is well-known. Since long time researcher are trying to find ontological representations of the diverse laws to have a mechanism to retrieve fine granular legal information about diverse legal cases. However, one of the common problems software systems are faced with in constitutional states is the adapting of the diverse privacy directives. This is a very complex task due to lacks in current software solutions – especially from the architectural point of view. In fact, we miss software solutions that manage privacy directives in a central instance in a structured manner. Even more, such a solution should provide a fine granular access control mechanism on the data entities to ensure that every aspect of the privacy directives can be reflected. Moreover, the whole system should be transparent, comprehensible, and modifiable at runtime. This paper provides a novel solution for this by means of ontologies. The usage of ontologies in our approach differs from the conventional form in focusing on generating access control policies which are adapted from our software framework to provide fine granular access on the diverse data sources.


Access Control Access Control Policy Business Logic Digital Right Management Privacy Regulation 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    European Parliament and Council. Official journal l 281, 31–51 (November 23, 1995)Google Scholar
  2. 2.
    Wettern, M., Von Knop, J.: Datenschutz im hochschulbereich. In: Jahrbuch der Heinrich-Heine-Universität Düsseldorf 2004, pp. 575–589 (2005)Google Scholar
  3. 3.
    Fischer-Hübner, S.: IT-Security and Privacy - Design and Use of Privacy-Enhancing Security Mechanisms. Ser. LNCS. Springer, Heidelberg (1958)Google Scholar
  4. 4.
    META Group, Privacy enhancing technologies, Danish Ministry of Science, Technology and Innovation, Tech. Rep. (2005)Google Scholar
  5. 5.
    Decentralized Information Group, Transparent accountable datamining initiative (2006) [Online] Available:
  6. 6.
    Platform for privacy preferences (p3p) project [Online] Available:
  7. 7.
    The Object Management Group (OMG), Resource access decision [Online] Available:
  8. 8.
    Eberling, W.: Resource access decision - ein framework zur realisierung eines datenbasierten zugriffsschutzes. MATHEMA Software GmbH, Tech. Rep. (2003)Google Scholar
  9. 9.
    Korba, L., Kenny, S.: Towards meeting the privacy challenge: Adapting drm. In: Digital Rights Management Workshop, pp. 118–136 (2002)Google Scholar
  10. 10.
    XrML, Xrml - the digital rights language for trusted content and services [Online] Available:
  11. 11.
    ODRL, ODRL - Open Digital Rights Language [Online] Available:
  12. 12.
    Kolovski, V., Parsia, B., Katz, Y., Hendler, J.: Representing web service policies in OWL-DL. In: Gil, Y., Motta, E., Benjamins, V.R., Musen, M.A. (eds.) ISWC 2005. LNCS, vol. 3729, pp. 461–475. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Breuker, J., Hoekstra, R.: Epistemology and ontology in core ontologies: FOLaw and LRI-Core, two core ontologies for law. In: Proceedings of EKAW Workshop on Core ontologies. CEUR (2004) [Online] Available:
  14. 14.
    Lehmann, J., Breuker, J., Brouwer, B.: CAUSATIONT: Modeling causation in aI&Law. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. LNCS, vol. 3369, pp. 77–96. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  15. 15.
    Breuker, J., Valente, A., Winkels, R.: Use and reuse of legal ontologies in knowledge engineering and information management. In: Benjamins, V.R., Casanovas, P., Breuker, J., Gangemi, A. (eds.) Law and the Semantic Web. LNCS, vol. 3369, pp. 36–64. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  16. 16.
    OASIS, eXtensible Access Control Markup Language (XACML) (February 2005), [Online] Available:
  17. 17.
    S. Microsystems, “Sun’s XACML Implementation,” 2006. [Online]. Available:
  18. 18.
    Verma, M.: XML Security: Control information access with XACML (2004) [Online] Available:
  19. 19.
    Seitz, L., Rissanen, E., Sandholm, T., Firozabadi, B.S., Mulmo, O.: Policy administration control and delegation using xacml and delegent. In: 6th IEEE/ACM International Workshop on Grid Computing, Seattle, USA. IEEE Press, Los Alamitos (2005)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Dhiah el Diehn I. Abou-Tair
    • 1
  • Stefan Berlik
    • 1
  1. 1.Databases and Software Engineering GroupUniversity of Siegen

Personalised recommendations