E-P3P privacy policies and privacy authorization

“…Paul Ashley et al [5], defines a fine grained privacy model called as Platform for the Enterprise Privacy Practices (E-P3P). The E-P3P privacy policy defines, on certain data categories the actions to be performed by the data users.…”

AD Sharing in Social Networks : Role of User Defined Policies

“…Paul Ashley et al [5], defines a fine grained privacy model called as Platform for the Enterprise Privacy Practices (E-P3P). The E-P3P privacy policy defines, on certain data categories the actions to be performed by the data users.…”

AD Sharing in Social Networks : Role of User Defined Policies

“…Successively, it has been recognized that access decisions cannot depend only on the identity and authorization of the entity requesting the access, but it is also necessary to consider the consequences of an access [42]. The concept of obligation was thus integrated in access control frameworks (e.g., [12,[42][43][44]) to define the actions that must be taken when permissions are granted. Obligations are also used to restrict the set of permissible actions (i.e., actions that do not comply with obligations are not permitted) [13] and to specify the intended usage of data [15].…”

“…Privacy Engineering has been tackled by several research communities, such as Privacy Requirements Engineering [51][52][53], Privacy Policy and User Preference Specification [9][10][11], Privacy-Aware Access Control [12][13][14], Identity Management [54][55][56], Digital Rights Management [57], etc. Even though these fields are all important in the development of privacy-aware systems, we choose to only focus on Privacy Requirements Engineering, Privacy Policy and User Preference Specification, and Privacy-Aware Access Control as we see these fields as key topics for this article's intentions.…”

“…In the last years, many research efforts have also been devoted to safeguard the right to privacy through the use of policies. Such efforts resulted in the definition of models, languages, and standards to specify enterprises' privacy promises (i.e., privacy policies) [9] and user preferences [10,11] as well as to enforce such promises (i.e., data protection policies) [12][13][14]. Such models, languages, and standards provide language constructs, but offer no methodological tools for supporting policy design.…”

Towards the development of privacy-aware systems

“…For instance, P3P [17] and E-P3P (and also EPAL) [3] are languages that allow one to specify policies for privacy protection; however, the user can only hope that the private data host follows them.…”

An Audit Logic for Accountability