Enforcing purpose of access for privacy-aware policies based on user roles, purpose dependencies, contextual data, and access history

Thavy Mony Annanda Rath, Jean-Noël Colin

Résultats de recherche: Papier de travail

19 Téléchargements (Pure)

Résumé

This paper addresses the issue of purpose enforcement for privacy-aware policy. We propose an approach to enforce purpose of access in access control system based on user roles, contextual data, purpose dependencies 1, and past access history of user. Enforcing purpose of access based only on role of user has been introduced. However, this method is not so reliable and it is criticized to be inefficient in capturing purpose of an action since roles and purposes are not always aligned and members of the same organizational role may practice different purposes in their actions. Thus, we propose our approach and we argue that by using the combination of user roles, contextual data related to purpose, relationship between purposes, and past access history of user for enforcing purpose of access, we can get a more re- liable purpose enforcement technique. Furthermore, in this paper, we also propose an access control system architecture supporting purpose enforcement and a prototype implementation in Java as the proof-of-concept for our proposed enforcement technique.
langue originaleAnglais
Etat de la publicationNon publié - 2014

Empreinte digitale

Examiner les sujets de recherche de « Enforcing purpose of access for privacy-aware policies based on user roles, purpose dependencies, contextual data, and access history ». Ensemble, ils forment une empreinte digitale unique.

Contient cette citation