A Workflow Reference Monitor for Enforcing Purpose-Based Policies
Purpose is a key concept in privacy policies. Based on the purpose framework developed in our earlier work  we present an access control model for a work ow-based information system in which a work ows reference monitor ( WfRM ) enforces purpose-based policies. We use a generic access control policy language and show how it can be connected to the purpose modal logic language ( PML ) to link purpose constraints to access control rules and how such policies can be enforced. We also present a simple implementation of such a reference monitor based on extending eXtensible Access Control Markup Language( XACML ), a commonly used access control open standard.
Purpose, Privacy, Purpose-Based Policies