Jafari, MohammadDenzinger, JoergSafavi-Naini, ReihanehBarker, Ken2013-09-252013-09-252013-09-25http://hdl.handle.net/1880/49843Purpose is a key concept in privacy policies. Based on the purpose framework developed in our earlier work [11] we present an access control model for a work ow-based information system in which a work ows reference monitor ( WfRM ) enforces purpose-based policies. We use a generic access control policy language and show how it can be connected to the purpose modal logic language ( PML ) to link purpose constraints to access control rules and how such policies can be enforced. We also present a simple implementation of such a reference monitor based on extending eXtensible Access Control Markup Language( XACML ), a commonly used access control open standard.engPurposePrivacyPurpose-Based PoliciesWorkflow Reference Monitor, XACMLtechnical report2013-1046-1310.11575/PRISM/30574