Unification in Privacy Policy Evaluation - Translating EPAL into Prolog

Enterprise privacy enforcement allow enterprises to internally enforce a privacy policy that the enterprise has decided to comply to. Roughly, such enforcement mechanisms enable queries if a specific user is allowed to access specific data for a specific purpose. While tools for authoring, maintaining, and auditing privacy policies already exist, no tool exists yet to deal with unification within such policies, e.g., to enable queries if data might be modified by any user, or how many user entries satisfy a certain constraint. We show how this can can be achieved by embedding enterprise privacy policies into Prolog. We show this concretely for IBM’s Enterprise Privacy Authorization Language (EPAL), which has become an accepted W3C member submission. Based on the unification mechanisms and the rich decision procedures that Prolog provides, our work enables general queries for privacy policies as well as quantitative measurements.

Keywords: Duermuth, Durmuth

By: M. Backes, M. Dürmuth, and G. Karjoth

Published in: Proc. Fifth IEEE Int'l Workshop on Policies for Distributed Systems and Networks. Los Alamitos, CA , IEEE Computer Society. , p.185-188 in 2004

Please obtain a copy of this paper from your local library. IBM cannot distribute this paper externally.

Questions about this service can be mailed to reports@us.ibm.com .