Platform for enterprise privacy practices: privacy-enabled management of customer data
作者: Günter Karjoth , Matthias Schunter , Michael Waidner
关键词: Computer security 、 Information privacy law 、 Privacy by Design 、 Separation of duties 、 Access control 、 Internet privacy 、 Information privacy 、 Privacy policy 、 Computer science 、 Privacy software 、 Software deployment
摘要: Enterprises collect a large amount of personal data about their customers. Even though enterprises promise privacy to customers using statements or P3P, there is no methodology enforce these promises throughout and across multiple enterprises. This article describes the Platform for Enterprise Privacy Practices (E-P3P), which defines technology privacy-enabled management exchange customer data. Its comprehensive privacy-specific access control language expresses restrictions on data, possibly shared between E-P3P separates enterprise-specific deployment policy from that covers complete life cycle collected introduces viable separation duty three "administrators" system: The officer designs deploys policies, security can give consent while selecting opt-in opt-out choices.
springer.com
tu-darmstadt.de
semper.org 参考文章(10)
Satoshi Hada, Michiharu Kudo, XML Access Control Language : Provisional Authorization for XML Documents ,(2000)
Sabrina De Capitani di Vimercati, Piero Andrea Bonatti, Pierangela Samarati, Ernesto Damiani, An access control system for data archives ,(2001)
Massimo Marchiori, Lorrie Cranor, Marc Langheinrich, Martin Presler-Marshall, Joseph Reagle, The platform for privacy preferences 1.0 (p3p1.0) specification W3C Recommendation. ,(2002)
P. Bonatti, E. Damiani, S. De Capitani di Vimercati, P. Samarati, An access control model for data archives information security. pp. 261- 276 ,(2001) , 10.1007/0-306-46998-7_18
Michiharu Kudo, Satoshi Hada, XML document security based on provisional authorization computer and communications security. pp. 87- 96 ,(2000) , 10.1145/352600.352613
C.J. McCollum, J.R. Messing, L. Notargiacomo, Beyond the pale of MAC and DAC-defining new forms of access control ieee symposium on security and privacy. pp. 190- 200 ,(1990) , 10.1109/RISP.1990.63850
G. Karjoth, M. Schunter, A privacy policy model for enterprises ieee computer security foundations symposium. pp. 271- 281 ,(2002) , 10.1109/CSFW.2002.1021821
Konstantin Beznosov, INFORMATION ENTERPRISE ARCHITECTURES: PROBLEMS AND PERSPECTIVES ,(2000)
R.S. Sandhu, E.J. Coyne, H.L. Feinstein, C.E. Youman, Role-based access control models IEEE Computer. ,vol. 29, pp. 38- 47 ,(1996) , 10.1109/2.485845
Simone Fischer-Hübner, IT-security and privacy ,(2001)