Privacy-aware role based access control
Abstract
Privacy has been acknowledged to be a critical requirement for many business (and non-business) environments. Therefore, the definition of an expressive and easy-to-use privacy related access control model, based on which privacy policies can be specified, is crucial. In this work we introduce a family of models (P-RBAC) that extend the well known RBAC model in order to provide full support for expressing highly complex privacy-related policies, taking into account features like purposes and obligations. We also compare our work with access control and privacy policy frameworks such as P3P, EPAL, and XACML.
Keywords
access controls, model, security and protection, standardization
Date of this Version
2007
COinS
Comments
Proceedings of the 12th ACM symposium on Access control models and technologies