A Workflow Reference Monitor for Enforcing Purpose-Based Policies
Date
2013-09-25
Journal Title
Journal ISSN
Volume Title
Publisher
Abstract
Purpose is a key concept in privacy policies. Based on the purpose framework developed in our earlier
work [11] we present an access control model for a work ow-based information system in which a work ows
reference monitor ( WfRM ) enforces purpose-based policies. We use a generic access control policy language
and show how it can be connected to the purpose modal logic language ( PML ) to link purpose constraints
to access control rules and how such policies can be enforced. We also present a simple implementation
of such a reference monitor based on extending eXtensible Access Control Markup Language( XACML ), a
commonly used access control open standard.
Description
Keywords
Purpose, Privacy, Purpose-Based Policies