Extending XACML Access Control Architecture for Allowing Preference-Based Authorisation
Kounga, Gina; Casassa Mont, Marco; Bramhall, Pete
Keyword(s): Privacy, Access controls
Abstract: European data protection regulation states that organisations must have data subjects. consent to use their personally identifiable information (PII) for a variety of purposes. Solutions have been proposed which generally handle consent in a coarse-grained way, by means of opt in/out choices. However, we believe that consent.s representation should be extended to allow data subjects to express a rich set of conditions under which their PII can be used. In this paper we introduce and discuss an approach enabling the representation of consent as fine-grained preferences. To enforce such consent, we leverage and extend the current standard XACML architecture and framework. As data collectors maintain links between PII and associated preferences, preferences should also be considered as part of this PII. Therefore our solution prevents access control components from directly accessing any PII.
Additional Publication Information: Published in the proceedings of the 7thInternational Conference, TrustBus 2010, Bilbao, Spain, August 30-31, 2010.
External Posting Date: November 21, 2009 [Fulltext]. Approved for External Publication
Internal Posting Date: November 21, 2009 [Fulltext]