Enforcing purpose of use via workflows
Proceedings of the 8th ACM Workshop on Privacy in the Electronic Society, 2009•dl.acm.org
One of the main privacy concerns of users when submitting their data to an organization is
that their data will be used only for the specified purposes. Although privacy policies can
specify the purpose, enforcing such policies remains a challenge. In this paper we propose
an approach to enforcing purpose in access control systems that uses workflows. The
intuition behind this approach is that purpose of access can be inferred, and hence
associated with, the workflow in which the access takes place. We thus propose to encode …
that their data will be used only for the specified purposes. Although privacy policies can
specify the purpose, enforcing such policies remains a challenge. In this paper we propose
an approach to enforcing purpose in access control systems that uses workflows. The
intuition behind this approach is that purpose of access can be inferred, and hence
associated with, the workflow in which the access takes place. We thus propose to encode …
One of the main privacy concerns of users when submitting their data to an organization is that their data will be used only for the specified purposes. Although privacy policies can specify the purpose, enforcing such policies remains a challenge. In this paper we propose an approach to enforcing purpose in access control systems that uses workflows. The intuition behind this approach is that purpose of access can be inferred, and hence associated with, the workflow in which the access takes place. We thus propose to encode purposes as properties of workflows used by organizations and show how this can be implemented. The approach is more general than other known approaches to purpose-based enforcement, and can be used to implement them. We argue the advantages of the new approach in terms of accuracy and expressiveness.
ACM Digital Library以上显示的是最相近的搜索结果。 查看全部搜索结果