A Lifecycle for Data Sharing Agreements: How it Works Out

  • Jose Fran. Ruiz
  • Marinella PetrocchiEmail author
  • Ilaria Matteucci
  • Gianpiero Costantino
  • Carmela Gambardella
  • Mirko Manea
  • Anil Ozdeniz
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9857)


An electronic Data Sharing Agreement (DSA) is a human-readable, yet machine-processable contract, regulating how organizations and/or individuals share data. In past work, we have shed light on DSA engineering, i.e., the process of studying how data sharing is ruled in traditional legal human-readable contracts and mapping their fields (and rules) into formats that are machine-processable, leading to the transposition of a traditional legal contract into the electronic DSA. However, the definition of an electronic DSA is only the starting point of a complex DSA lifecycle, driving the contract from its creation to (1) an analysis phase, where the DSA rules are checked against conflicts; and (2) a mapping phase, where the analysed rules are transposed into privacy policies expressed in enforceable languages. This paper presents our vision for the architectural definition of a DSA system, where a lifecycle manager orchestrates: an authoring tool for legal experts, policy experts, and end users; an analyser for checking consistency of the DSA rules; a mapper for encoding rules in a low level language amenable for enforcement.


Conflict Solver Linear Temporal Logic Legal Expert Conflict Detection Translation Function 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An Event-B approach to data sharing agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  2. 2.
    Feige, U., Arenas, A.E., Aziz, B., Massonet, P., Ponsard, C.: Towards modelling obligations in Event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  3. 3.
    Brodie, C., et al.: The coalition policy management portal for policy authoring, verification, and deployment. In: POLICY, pp. 247–249 (2008)Google Scholar
  4. 4.
    Casassa Mont, M., Matteucci, I., Petrocchi, M., Sbodio, M.L.: Enabling data sharing in the Cloud. HP Labs Technical report HPL-2012-22 (2012)Google Scholar
  5. 5.
    Craven, R., et al.: Expressive policy analysis with enhanced system dynamicity. In: ASIACCS (2009)Google Scholar
  6. 6.
    Hansen, R.R., Nielson, F., Nielson, H.R., Probst, C.W.: Static validation of licence conformance policies. In: ARES, pp. 1104–1111 (2008)Google Scholar
  7. 7.
    Kaljurand, K.: Attempto Controlled English as a Semantic Web Language. Ph.D. thesis, in Mathematics and Computer Science, Tartu Univ. (2007)Google Scholar
  8. 8.
    Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M.: A prototype for solving conflicts in XACML-based e-Health policies. In: Proceedings of the 26th IEEE International Symposium on Computer-Based Medical Systems, pp. 449–452 (2013)Google Scholar
  9. 9.
    Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)CrossRefGoogle Scholar
  10. 10.
    Martinelli, F., Matteucci, I.: Preserving security properties under refinement. In: The 7th International Workshop on Software Engineering for Secure Systems, SESS (2011)Google Scholar
  11. 11.
    Martinelli, F., Matteucci, I., Petrocchi, M., Wiegand, L.: A formal support for collaborative data sharing. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) CD-ARES 2012. LNCS, vol. 7465, pp. 547–561. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  12. 12.
    Matteucci, I., Mori, P., Petrocchi, M., Wiegand, L.: Controlled data sharing in E-health. In: Socio Technical Aspects in Security and Trust, pp. 17–23. IEEE (2011)Google Scholar
  13. 13.
    Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: Herranz, J., Damiani, E., State, R., Pietro, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013)Google Scholar
  14. 14.
    Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a controlled natural language for data sharing agreements. In: SAC Privacy on The Web (2010)Google Scholar
  15. 15.
    Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP 2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  16. 16.
    De Nicola, R., Ferrari, G.-L., Pugliese, R.: Programming access control: the KLAIM experience. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 48–65. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  17. 17.
    OASIS, eXtensible Access Control Markup Language (XACML) Ver. 3.0 (2013)Google Scholar
  18. 18.
    Rensink, A., Gorrieri, R.: Vertical implementation. Inf. Comput. 170(1), 95–133 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    Saaty, T.L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48(1), 9–26 (1990)CrossRefzbMATHGoogle Scholar
  20. 20.
    Scalavino, E., Gowadia, V., Lupu, E.C.: PAES: policy-based authority evaluation scheme. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security 2009. LNCS, vol. 5645, pp. 268–282. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  21. 21.
    Scalavino, E., Russello, G., Ball, R., Gowadia, V., Lupu, E.C.: An opportunistic authority evaluation scheme for data security in crisis management scenarios. In: ASIACCS10Google Scholar
  22. 22.
    Swarup, V., Seligman, L., Rosenthal, A.: A data sharing agreement framework. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 22–36. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  23. 23.
    Swarup, V., et al.: Specifying data sharing agreements. In: POLICY, pp. 157–162 (2006)Google Scholar
  24. 24.
    Coco Cloud Consortium, Deliverable 4.2 First DSA Management Infrastructure (2015). Accessed 07 June 2016

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Jose Fran. Ruiz
    • 1
  • Marinella Petrocchi
    • 2
    Email author
  • Ilaria Matteucci
    • 2
  • Gianpiero Costantino
    • 2
  • Carmela Gambardella
    • 3
  • Mirko Manea
    • 3
  • Anil Ozdeniz
    • 1
  1. 1.AtosMadridSpain
  2. 2.IIT CNRPisaItaly
  3. 3.Hewlett Packard EnterpriseMilanItaly

Personalised recommendations