Unification in privacy policy evaluation - translating EPAL into Prolog

Author

Backes, Michael ; Dürmuth, Markus ; Karjot, G.

Author_Institution

IBM Res., Zurich, Switzerland

fYear

2004

fDate

7-9 June 2004

Firstpage

185

Lastpage

188

Abstract

Privacy policy evaluation engines enable queries whether a specific user is allowed to access specific data for a specific purpose. While tools for authoring, maintaining, and auditing privacy policies already exist, no tool exists yet to deal with unification within such policies, e.g., to enable queries if data might be modified by some user, or how many user entries satisfy a certain constraint. We show how this can be achieved by embedding enterprise privacy policies into Prolog. We show this concretely for IBM´s Enterprise Privacy Authorization Language (EPAL). Based on the unification mechanisms of Prolog, our work enables general queries for privacy policies as well as quantitative measurements.

Keywords

PROLOG; authoring languages; authorisation; data privacy; program interpreters; EPAL; Enterprise Privacy Authorization Language; Prolog; authoring tools; data access; enterprise privacy policies; privacy policy evaluation; Access control; Authorization; Conferences; Data privacy; Engines; Statistics; Vocabulary; XML;

fLanguage

English

Publisher

ieee

Conference_Titel

Policies for Distributed Systems and Networks, 2004. POLICY 2004. Proceedings. Fifth IEEE International Workshop on

Print_ISBN

0-7695-2141-X

Type

conf

DOI

10.1109/POLICY.2004.1309165

Filename

1309165