Sciweavers

TISSEC
2010

Privacy-aware role-based access control

13 years 10 months ago
Privacy-aware role-based access control
Privacy has been acknowledged to be a critical requirement for many business (and non-business) environments. Therefore, the definition of an expressive and easy-to-use privacyrelated access control model, based on which privacy policies can be specified, is crucial. In this work we introduce a family of models (P-RBAC) that extend the well known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We also compare our work with access control and privacy policy frameworks such as P3P, EPAL, and XACML. Categories and Subject Descriptors C.2.0 [Computer Communication Networks]: General— security and protection; D.4.6 [Operating Systems]: Security and Protection—Access Controls; K.6.5 [Management of Computing and Information Systems]: Security and Protection General Terms Management, Security, Standardization Keywords Privacy, Role Based Access Control, Model, Purpose
Qun Ni, Elisa Bertino, Jorge Lobo, Carolyn Brodie,
Added 31 Jan 2011
Updated 31 Jan 2011
Type Journal
Year 2010
Where TISSEC
Authors Qun Ni, Elisa Bertino, Jorge Lobo, Carolyn Brodie, Clare-Marie Karat, John Karat, Alberto Trombetta
Comments (0)