Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
Wirtschaftsuniversität Wien Magisterarbeit - SemanticLab
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
• user-category: This element represent categories of users (such as a single<br />
employee, particular roles, departments etc.). User-categories are defined and then<br />
used in a rule to describe who is going to access the data.<br />
• data-category: This element classifies data in different categories - medical<br />
records for example would be in another category than an e-mail address of a<br />
customer. Similar to user-category, this element is referenced in rules.<br />
• purpose: This elements defines the purpose for what the data is used. However,<br />
this purpose may be high-level (e.g. marketing), therefore it is needed to build<br />
hierarchies to represent different kinds of purpose (e.g. telemarketing vs. thirdparty<br />
e-mail marketing).<br />
• action: The ultimate goal for collecting data is to process it somehow. This<br />
element describes the actions that are going to be applied to the collected data. A<br />
privacy policy will then define which actions are allowed or denied under specific<br />
circumstances.<br />
• container: This element contains context data in a structured form (e.g. attribute<br />
age) so that these attributes can be evaluated by conditions (e.g. if age is<br />
over 13 then...).<br />
• obligation: Obligations are actions which have to be taken after performing an<br />
action on data, for example that some data must be deleted within 30 days.<br />
The detailed (XML-) structure of EPAL and its policies and rules is not very different<br />
from the concepts already introduced and will not be covered here. Interested readers<br />
should consult the EPAL specification available at [IBM03] for more in-depth information.<br />
3.3. The eXtensible Access Control Markup Language<br />
(XACML)<br />
The eXtensible Access Control Markup Language (XACML) is a standard published<br />
by OASIS, the Organization for the Advancement of Structured Information Standards<br />
and defines an access control language based on XML [OAS05]. “The motivation behind<br />
XACML is to express the well-established ideas in the field of access-control policies (e.g.,<br />
rules, policies, policy sets, subjects, decision requests, authorization decisions) using an<br />
extension language of XML” [Cov08a]. The XACML specification states that it was developed<br />
because “there is a pressing need for a common language for expressing security<br />
policy [sic]. If implemented throughout an enterprise, a common policy language allows<br />
the enterprise to manage the enforcement of all the elements of its security policy in all<br />
the components of its information systems” [OAS05].<br />
If not stated otherwise, the following introduction is based on the XACML 2.0 specification<br />
available at [OAS05].<br />
35