Skip to main content
SpringerLink
Log in

The Architecture of a Privacy-Aware Access Control Decision Component

  • Conference paper
Construction and Analysis of Safe, Secure, and Interoperable Smart Devices (CASSIS 2005)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3956))

Abstract

Today many interactions are carried out online through Web sites and e-services and often private and/or sensitive information is required by service providers. A growing concern related to this widespread diffusion of on-line applications that collect personal information is that users’ privacy is often poorly managed and sometimes abused. For instance, it is well known how personal information is often disclosed to third parties without the consent of legitimate data owners or that there are professional services specialized on gathering and correlating data from heterogeneous repositories, which permit to build user profiles and possibly to disclose sensitive information not voluntarily released by their owners. For these reasons, it has gained great importance to design systems able to fully preserve information privacy by managing in a trustworthy and responsible way all identity and profile information.

In this paper, we investigate some problems concerning identity management for e-services and present the architecture of the Access Control Decision Function, a software component in charge of managing access request in a privacy-aware fashion. The content of this paper is a result of our ongoing activity in the framework of the PRIME project (Privacy and Identity Management for Europe) [18], funded by the European Commission, whose objective is the development of privacy-aware solutions for enforcing security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: A Web Service Architecture for Enforcing Access Control Policies. In: Proc. of the First International Workshop on Views On Designing Complex Architectures (VODCA 2004), Bertinoro, Italy, September 11-12 (2004)

    Google Scholar 

  2. Ardagna, C.A., Damiani, E., De Capitani di Vimercati, S., Samarati, P.: Towards Privacy-Enhanced Authorization Policies and Languages. In: Proc. of the 19th Annual IFIPWG 11.3 Working Conference on Data and Applications Security (IFIP), Nathan Hale Inn, University of Connecticut, Storrs, USA, August 7-10 (2005)

    Google Scholar 

  3. Ardagna, C.A., De Capitani di Vimercati, S.: A comparison of modeling strategies in defining XML-based access control languages. Computer Systems Science & Engineering Journal (2004)

    Google Scholar 

  4. Ashley, P., Hada, S., Powers, C., Schunter, M.: Enterprise Privacy Authorization Language(EPAL). IBM Research (2003)

    Google Scholar 

  5. Ashley, P., Hada, S., Karjoth, G., Schunter, M.: E-P3P privacy policies and privacy authorization. In: Proc. of the ACM workshop on Privacy in the Electronic Society (WPES 2002), Washington, DC, USA, November 21 (2002)

    Google Scholar 

  6. Bonatti, P.A., Olmedilla, D.: Driving and monitoring provisional trust negotiation with metapolicies. In: Proc. of the IEEE 6th International Workshop on Policies for Distributed Systems and Networks (POLICY 2005), Stockholm, Sweden, June 6-8 (2005)

    Google Scholar 

  7. Bonatti, P., Samarati, P.: A unified framework for regulating access and information release on the web. Journal of Computer Security 10(3), 241–272 (2002)

    Article  Google Scholar 

  8. Cranor, L., Langheinrich, M., Marchiori, M., Presler-Marshall, M., Reagle, J.: The Platform for Privacy Preferences 1.0 (P3P1.0) Specification, http://www.w3.org/TR/P3P/

  9. Damiani, E., Corallo, A., Elia, G.: A Knowledge Management System Enabling Regional Innovation. In: Proc. of the VI international conference on Knowledge-Based Intelligent Information & Engineering Systems (KES 2002), Crema, Italy, September 16-18 (2002)

    Google Scholar 

  10. De Capitani di Vimercati, S., Paraboschi, S., Samarati, P.: Access control: Principles and solutions. Software – Practice and Experience 33(5), 397–421 (2003)

    Article  Google Scholar 

  11. Farrell, S., Housley, R.: An Internet Attribute Certificate for Authorization. Request For Comments 3281, Internet Engineering Task Force (2002)

    Google Scholar 

  12. Gunter, C.A., May, M.J., Stubblebine, S.G.: A Formal Privacy System and its Application to Location Based Services. In: Martin, D., Serjantov, A. (eds.) PET 2004. LNCS, vol. 3424, pp. 256–282. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  13. International Security, Trust, and Privacy Alliance (ISTPA), http://www.istpa.org/

  14. ITU Telecommunication Standardization Sector (ITU-T). Information Technology Open Systems Interconnection - The Directory: Authentication Framework. Recommendation X.509 (03/00), International Telecommunication Union (2000)

    Google Scholar 

  15. Jajodia, S., Samarati, P., Sapino, M., Subrahmanian, V.: Flexible support for multiple access control policies. ACM Transactions on Database Systems 26(2), 18–28 (2001)

    Article  MATH  Google Scholar 

  16. Jena, http://jena.sourceforge.net

  17. Karjoth, G., Schunter, M., Waidner, M.: Privacy-enabled Services for Enterprises. In: Proc. of the 13th International Conference on Database and Expert Systems Applications (DEXA 2002), Aix-en-Provence, France, September 2-6 (2002)

    Google Scholar 

  18. PRIME (Privacy and Identity Management for Europe), http://www.prime-project.eu.org

  19. Reasoning on the Web (REWERSE), http://www.pms.ifi.lmu.de/rewerse-wga1/index.html

  20. Samarati, P., De Capitani di Vimercati, S.: Access control: Policies, models, and mechanisms. In: Focardi, R., Gorrieri, R. (eds.) FOSAD 2000. LNCS, vol. 2171, p. 137. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  21. Truste, http://www.truste.org/about/index.php

  22. XACML - (eXtensible Access Control Markup Language), http://www.oasisopen.org/committees/tc_home.php?wg_abbrev=xacml#XACML20

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Tecnologie dell’Informazione, Università degli Studi di Milano, Crema, 26013, Italy

    Claudio A. Ardagna, Marco Cremonini, Ernesto Damiani, Sabrina De Capitani di Vimercati & Pierangela Samarati

Authors
  1. Claudio A. Ardagna
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marco Cremonini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Ernesto Damiani
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sabrina De Capitani di Vimercati
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pierangela Samarati
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. IMDEA Software, Madrid, Spain

    Gilles Barthe

  2. INRIA Sophia Antipolis, Projet EVEREST, 2004 route des Lucioles, B.P. 93, 06902, Sophia Antipolis Cedex, France

    Benjamin Grégoire

  3. INRIA Sophia Antipolis, France

    Marieke Huisman

  4. Gemalto, France

    Jean-Louis Lanet

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Ardagna, C.A., Cremonini, M., Damiani, E., De Capitani di Vimercati, S., Samarati, P. (2006). The Architecture of a Privacy-Aware Access Control Decision Component. In: Barthe, G., Grégoire, B., Huisman, M., Lanet, JL. (eds) Construction and Analysis of Safe, Secure, and Interoperable Smart Devices. CASSIS 2005. Lecture Notes in Computer Science, vol 3956. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11741060_1

Download citation

  • DOI: https://doi.org/10.1007/11741060_1

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33689-1

  • Online ISBN: 978-3-540-33691-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation