Abstract
An electronic Data Sharing Agreement (DSA) is a human-readable, yet machine-processable contract, regulating how organizations and/or individuals share data. In past work, we have shed light on DSA engineering, i.e., the process of studying how data sharing is ruled in traditional legal human-readable contracts and mapping their fields (and rules) into formats that are machine-processable, leading to the transposition of a traditional legal contract into the electronic DSA. However, the definition of an electronic DSA is only the starting point of a complex DSA lifecycle, driving the contract from its creation to (1) an analysis phase, where the DSA rules are checked against conflicts; and (2) a mapping phase, where the analysed rules are transposed into privacy policies expressed in enforceable languages. This paper presents our vision for the architectural definition of a DSA system, where a lifecycle manager orchestrates: an authoring tool for legal experts, policy experts, and end users; an analyser for checking consistency of the DSA rules; a mapper for encoding rules in a low level language amenable for enforcement.
The research leading to these results has received funding from the European Union Seventh Framework Programme (FP7/2007–2013) under grant no 610853 (Coco Cloud).
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Arenas, A.E., Aziz, B., Bicarregui, J., Wilson, M.D.: An Event-B approach to data sharing agreements. In: Méry, D., Merz, S. (eds.) IFM 2010. LNCS, vol. 6396, pp. 28–42. Springer, Heidelberg (2010)
Feige, U., Arenas, A.E., Aziz, B., Massonet, P., Ponsard, C.: Towards modelling obligations in Event-B. In: Börger, E., Butler, M., Bowen, J.P., Boca, P. (eds.) ABZ 2008. LNCS, vol. 5238, pp. 181–194. Springer, Heidelberg (2008)
Brodie, C., et al.: The coalition policy management portal for policy authoring, verification, and deployment. In: POLICY, pp. 247–249 (2008)
Casassa Mont, M., Matteucci, I., Petrocchi, M., Sbodio, M.L.: Enabling data sharing in the Cloud. HP Labs Technical report HPL-2012-22 (2012)
Craven, R., et al.: Expressive policy analysis with enhanced system dynamicity. In: ASIACCS (2009)
Hansen, R.R., Nielson, F., Nielson, H.R., Probst, C.W.: Static validation of licence conformance policies. In: ARES, pp. 1104–1111 (2008)
Kaljurand, K.: Attempto Controlled English as a Semantic Web Language. Ph.D. thesis, in Mathematics and Computer Science, Tartu Univ. (2007)
Lunardelli, A., Matteucci, I., Mori, P., Petrocchi, M.: A prototype for solving conflicts in XACML-based e-Health policies. In: Proceedings of the 26th IEEE International Symposium on Computer-Based Medical Systems, pp. 449–452 (2013)
Lupu, E.C., Sloman, M.: Conflicts in policy-based distributed systems management. IEEE Trans. Softw. Eng. 25(6), 852–869 (1999)
Martinelli, F., Matteucci, I.: Preserving security properties under refinement. In: The 7th International Workshop on Software Engineering for Secure Systems, SESS (2011)
Martinelli, F., Matteucci, I., Petrocchi, M., Wiegand, L.: A formal support for collaborative data sharing. In: Quirchmayr, G., Basl, J., You, I., Xu, L., Weippl, E. (eds.) CD-ARES 2012. LNCS, vol. 7465, pp. 547–561. Springer, Heidelberg (2012)
Matteucci, I., Mori, P., Petrocchi, M., Wiegand, L.: Controlled data sharing in E-health. In: Socio Technical Aspects in Security and Trust, pp. 17–23. IEEE (2011)
Matteucci, I., Mori, P., Petrocchi, M.: Prioritized execution of privacy policies. In: Herranz, J., Damiani, E., State, R., Pietro, R. (eds.) DPM 2012 and SETOP 2012. LNCS, vol. 7731, pp. 133–145. Springer, Heidelberg (2013)
Matteucci, I., Petrocchi, M., Sbodio, M.L.: CNL4DSA: a controlled natural language for data sharing agreements. In: SAC Privacy on The Web (2010)
Matteucci, I., Petrocchi, M., Sbodio, M.L., Wiegand, L.: A design phase for data sharing agreements. In: Garcia-Alfaro, J., Navarro-Arribas, G., Cuppens-Boulahia, N., de Capitani di Vimercati, S. (eds.) DPM/SETOP 2011. LNCS, vol. 7122, pp. 25–41. Springer, Heidelberg (2012)
De Nicola, R., Ferrari, G.-L., Pugliese, R.: Programming access control: the KLAIM experience. In: Palamidessi, C. (ed.) CONCUR 2000. LNCS, vol. 1877, pp. 48–65. Springer, Heidelberg (2000)
OASIS, eXtensible Access Control Markup Language (XACML) Ver. 3.0 (2013)
Rensink, A., Gorrieri, R.: Vertical implementation. Inf. Comput. 170(1), 95–133 (2001)
Saaty, T.L.: How to make a decision: the analytic hierarchy process. Eur. J. Oper. Res. 48(1), 9–26 (1990)
Scalavino, E., Gowadia, V., Lupu, E.C.: PAES: policy-based authority evaluation scheme. In: Gudes, E., Vaidya, J. (eds.) Data and Applications Security 2009. LNCS, vol. 5645, pp. 268–282. Springer, Heidelberg (2009)
Scalavino, E., Russello, G., Ball, R., Gowadia, V., Lupu, E.C.: An opportunistic authority evaluation scheme for data security in crisis management scenarios. In: ASIACCS10
Swarup, V., Seligman, L., Rosenthal, A.: A data sharing agreement framework. In: Bagchi, A., Atluri, V. (eds.) ICISS 2006. LNCS, vol. 4332, pp. 22–36. Springer, Heidelberg (2006)
Swarup, V., et al.: Specifying data sharing agreements. In: POLICY, pp. 157–162 (2006)
Coco Cloud Consortium, Deliverable 4.2 First DSA Management Infrastructure (2015). http://www.coco-cloud.eu/deliverables. Accessed 07 June 2016
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing Switzerland
About this paper
Cite this paper
Ruiz, J.F. et al. (2016). A Lifecycle for Data Sharing Agreements: How it Works Out. In: Schiffner, S., Serna, J., Ikonomou, D., Rannenberg, K. (eds) Privacy Technologies and Policy. APF 2016. Lecture Notes in Computer Science(), vol 9857. Springer, Cham. https://doi.org/10.1007/978-3-319-44760-5_1
Download citation
DOI: https://doi.org/10.1007/978-3-319-44760-5_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-44759-9
Online ISBN: 978-3-319-44760-5
eBook Packages: Computer ScienceComputer Science (R0)