Law-Aware Access Control: About Modeling Context and Transforming Legislation
Cross-border access to a variety of data defines the daily business of many global companies, including financial institutions. These companies are obliged by law and need to fulfill security objectives specified by legislation. Therefore, they control access to prevent unauthorized users from using data. Security objectives, for example confidentiality or secrecy, are often defined in the widespread eXtensible Access Control Markup Language that promotes interoperability between different systems.
In this paper, we show the necessity of incorporating the requirements of sets of legislation into access control. To this end, we describe our legislation model, various types of contextual information, and their interrelationship. We introduce a new policy-combining algorithm that respects the different precedence of laws of different controlling authorities. Finally, we demonstrate how laws may be transformed into policies using the eXtensible Access Control Markup Language.
Unable to display preview. Download preview PDF.
- 3.Dey, A.K., Abowd, G.D.: Towards a Better Understanding of Context and Context-Awareness. In: Computer Human Intraction 2000 Workshop on the What, Who, Where (1999)Google Scholar
- 4.Katayama, T.: Legal Engineering - An Engineering Approach to Laws in e-Society Age. In: Proceedings of the 1st International Workshop on JURISIN (2007)Google Scholar
- 5.Moses, T.: eXtensible Access Control Markup Language TC v2.0 (XACML). In: Organization for the Advancement of Structured Information Standards (OASIS) (February 2005)Google Scholar
- 6.Organization for the Advancement of Structured Information Standards (OASIS). XACML 3.0 Export Compliance-US (EC-US) Profile Version 1.0 (September 2009)Google Scholar
- 7.Schilit, B., Adams, N., Want, R.: Context-Aware Computing Applications. In: IEEE Workshop on Mobile Computing Systems and Applications, Santa Cruz, CA, US (1994)Google Scholar
- 10.Stieghahn, M., Engel, T.: Using XACML for Law-aware Access Control. In: 3rd. International Workshop on Juris-informatics (JURISIN), pp. 118–129 (2009)Google Scholar
- 12.Tanaka, K., Kawazoe, I., Narita, H.: Standard structure of legal provisions - for the legal knowledge processing by natural language (in Japanese). IPSJ Research Report on Natural Language Processing, 79–86 (1993)Google Scholar