Abstract
A policy provisioning framework is described that supports the management of the lifecycle of identity information distributed beyond security domains. A model for creating data handling policies reflecting the intentions of its system administrator and the privacy preferences of the data owner is explained. Also, algorithms for systematically integrating data handling policies from system entities in different administrative domains are presented. This framework enables data handling policies to be properly deployed and enforced in a way that enhances security and privacy.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Byun, J.W., Bertino, E., Li, N.: Purpose Based Access Control of Complex Data for Privacy Protection. In: Proceedings of the 10th ACM Symposium on Access Control Models and Technologies (SACMAT 2005), pp. 102–110 (2005)
Ardagna, C.A., Cremonini, M., De Capitani di Vimercati, S., Samarati, P.: A Privacy-Aware Access Control System. Journal of Computer Security 16(4), 369–397 (2008)
Gomi, H.: A Persistent Data Tracking Mechanism for User-Centric Identity Governance. Identity in the Information Society (March 2010), doi:10.1007/s12394-010-0069-4
Schneck, P.: Persistent Access Control to Prevent Piracy of Digital Information. Proceedings of the IEEE 87(7), 1239–1250 (1999)
Sibert, O., Bernstein, D., Wie, D.: DigiBox: A Self-Protecting Container for Information Commerce. In: Proceedings of the 1st Conference on USENIX Workshop on Electronic Commerce (WOEC 1995), p. 15 (1995)
Karjoth, G., Schunter, M., Waidner, M.: Platform for Enterprise Privacy Practices: Privacy-Enabled Management of Customer Data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol. 2482, pp. 69–84. Springer, Heidelberg (2003)
Casassa Mont, M., Pearson, S., Bramhall, P.: Towards Accountable Management of Identity Privacy: Sticky Policies and Enforceable Tracing Services. In: MaÅ™Ãk, V., Å tÄ›pánková, O., Retschitzegger, W. (eds.) DEXA 2003. LNCS, vol. 2736, pp. 377–382. Springer, Heidelberg (2003)
Liberty Alliance Project: Liberty IGF Privacy Constraints Specification (2008), http://www.projectliberty.org/specs
W3C: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification (2002), http://www.w3.org/TR/P3P/
W3C: A P3P Preference Exchange Language 1.0 (APPEL1.0) (2002), http://www.w3.org/TR/P3P-preferences/
OASIS: eXtensible Access Control Markup Language, XACML (2005)
IBM: Enterprise Privacy Authorization Language (EPAL 1.2) (2003), http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/
Mazzoleni, P., Crispo, B., Sivasubramanian, S., Bertino, E.: XACML Policy Integration Algorithms. ACM Transactions on Information and System Securiry 11(1), 1–29 (2008)
Belokosztolszki, A., Moody, K.: Meta-Policies for Distributed Role-Based Access Control Systems. In: Proceedings of the Third International Workshop on Policies for Distributed Systems and Networks (POLICY 2002), pp. 3–18 (2002)
Bettini, C., Jajodia, S., Sean Wang, X., Wijesekera, D.: Provisions and Obligations in Policy Management and Security Applications. In: Proceedings of the 28th International Conference on Very Large Data Bases (VLDB 2002), pp. 502–513 (2002)
Krawczyk, H., Bellare, M., Canetti, R.: HMAC: Keyed-Hashing for Message Authentication, RFC 2104 (1997)
OECD: OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data (2004), http://www.oecd.org/document/18/0,2340,en_2649_201185_1815186_1_1_1_1,00.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 IFIP International Federation for Information Processing
About this paper
Cite this paper
Gomi, H. (2010). Policy Provisioning for Distributed Identity Management Systems. In: de Leeuw, E., Fischer-Hübner, S., Fritsch, L. (eds) Policies and Research in Identity Management. IDMAN 2010. IFIP Advances in Information and Communication Technology, vol 343. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-17303-5_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-17303-5_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-17302-8
Online ISBN: 978-3-642-17303-5
eBook Packages: Computer ScienceComputer Science (R0)