Endorse cluster meeting
-
Upload
fcleary -
Category
Technology
-
view
294 -
download
1
description
Transcript of Endorse cluster meeting
![Page 1: Endorse cluster meeting](https://reader036.fdocuments.us/reader036/viewer/2022080209/54c3007b4a79590c6a8b45a0/html5/thumbnails/1.jpg)
ENDORSE: Preliminary work on the
Privacy Rules Definition Language
Presented by Mark McLaughlin
![Page 2: Endorse cluster meeting](https://reader036.fdocuments.us/reader036/viewer/2022080209/54c3007b4a79590c6a8b45a0/html5/thumbnails/2.jpg)
Motivation for PRDL
• Provide a domain specific language to facilitate the creation of rules to address the main areas of concern in ENDORSE:
– Making privacy terms transparent to the user/customer and providing better guarantees on data protection.
– Providing a powerful tool to aid organizations holding personal data to comply with data protection & privacy law and regulations.
![Page 3: Endorse cluster meeting](https://reader036.fdocuments.us/reader036/viewer/2022080209/54c3007b4a79590c6a8b45a0/html5/thumbnails/3.jpg)
Challenges for PRDL
• “[identifying] .. relevant legal requirements from policies, laws and guidance documents and aligning these requirements with software specifications to maintain a defensible position in a court of law” - Travis D. Breaux
• Identifying the best method of evaluating privacy & data protection rules in the context of ENDORSE and the organisational system(s) in which ENDORSE deployments will reside.
8/2/2011 3
![Page 4: Endorse cluster meeting](https://reader036.fdocuments.us/reader036/viewer/2022080209/54c3007b4a79590c6a8b45a0/html5/thumbnails/4.jpg)
Rule Examples
• Rule 1: Legal Dept may delete data [Permission]
• Rule 2: Company must store data for 10 years after contract or claim closure date. [Obligation]
• Rule 3: Company may store data if consent for marketing exists. [Conditional permission]
8/2/2011 4
![Page 5: Endorse cluster meeting](https://reader036.fdocuments.us/reader036/viewer/2022080209/54c3007b4a79590c6a8b45a0/html5/thumbnails/5.jpg)
Rules choices
• What do the rules do? E.g. reasoning versus access control:– Forward/backward chaining rules engine v XACML
• Expert system v policy translation.• Gathering stakeholder requirements in terms of
“types of rules” to see what we need to be able to deal with.
• Look at the kind of systems our rules will ‘respond to’ or ‘control’.
8/2/2011 5
![Page 6: Endorse cluster meeting](https://reader036.fdocuments.us/reader036/viewer/2022080209/54c3007b4a79590c6a8b45a0/html5/thumbnails/6.jpg)
Current Meta Rule Model
8/2/2011 6
![Page 7: Endorse cluster meeting](https://reader036.fdocuments.us/reader036/viewer/2022080209/54c3007b4a79590c6a8b45a0/html5/thumbnails/7.jpg)
PRDL Progress
8/2/2011 7
![Page 8: Endorse cluster meeting](https://reader036.fdocuments.us/reader036/viewer/2022080209/54c3007b4a79590c6a8b45a0/html5/thumbnails/8.jpg)
Thank you.
Questions & Discussion.
8/2/2011 8