Enforcing Privacy by Means of an Ontology Driven XACML Framework

Nowadays enforcing privacy in enterprises is recognized as an issue of impact. Actually, it is a big challenge to adapt normative laws and regulations in a software system. It is a challenging task to include the formalized laws and rules in enterprises since e.g. more than one regulation may affect the terms of privacy concerning one situation. Traditional access control provides a general mechanism for assigning rights to individual users or roles. In the context of privacy this is insufficient; it offers no means to fulfil certain aspects such as limitations to the duration for which private data may be stored. To enforce privacy in enterprises we further need a fine granular access control mechanism on the data entities to ensure that every aspect of privacy can be reflected. This paper provides a novel solution for this by means of ontologies. The usage of ontologies in our approach differs from the conventional form in focusing on generating access control policies which are adapted from our software framework to provide fine granular access on the diverse data sources.