A new HP Labs Technical Report has been recently released: “Extending XACML Access Control Architecture for Allowing Preference-Based Authorisation” (Authors: Kounga, Gina; Casassa Mont, Marco; Bramhall, Pete):
“Data protection regulations, such as the UK Data Protection Act, require organisations to process personal data according to the conditions consented by the data subjects. Such conditions can be expressed with data items or preferences collected from data subjects and stored in data repositories. Then, enforcing consent requires the policy decision point (PDP) to return authorization decisions based on access control policies and preferences. However, as security good practice requires using different entities for making authorisation decisions and accessing data, the PDP cannot return privacy-aware authorisation decisions if no solution is defined which allows the PDP to identify whether access requests fulfil the consented conditions without accessing the preferences. Existing standards do not solve this issue and previously proposed solutions transfer the decision making to the policy enforcement point. In this paper, we propose a solution that extends the eXtensible Access Control Markup Language standard and improves privacy-aware access control.”
--- Posted by Marco Casassa Mont (here and here) ---
--- NOTE: my original HP blog can be found here ---
No comments:
Post a Comment