• DocumentCode
    3184918
  • Title

    Extending XACML to express and enforce laws and regulations privacy policies

  • Author

    Alshugran, Tariq ; Dichter, Julius ; Rusu, Amalia

  • Author_Institution
    Dept. of Comput. Sci. & Eng., Univ. of Bridgeport, Bridgeport, CT, USA
  • fYear
    2015
  • fDate
    1-1 May 2015
  • Firstpage
    1
  • Lastpage
    5
  • Abstract
    Some software applications are developed to collect, store, and manage users´ personal, medical, or financial information. In the United States, such applications are required to preserve users´ privacy and to be compliant with the federal privacy laws and regulations. To formally guarantee compliance with federal regulations, it is necessary to express the privacy rules enforced by those regulations in a standard policy specification language. In this work we evaluate the eXtensible Access Control Model Language (XACML) as a formal specification language for privacy laws and regulations. Furthermore, we evaluate XACML features and attributes to extend it in order to enforce those privacy rules.
  • Keywords
    XML; authorisation; data privacy; formal specification; specification languages; United States; XACML attributes; XACML features; extensible access control model language; federal privacy laws; federal privacy regulations; formal specification language; policy specification language; software applications; user privacy policy; Access control; Context; Law; Privacy; Standards; Web services; XML; Access Control Models; Federal Regulations; Privacy Policies; Specification Languages; XACML;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Systems, Applications and Technology Conference (LISAT), 2015 IEEE Long Island
  • Conference_Location
    Farmingdale, NY
  • Type

    conf

  • DOI
    10.1109/LISAT.2015.7160190
  • Filename
    7160190