WO2003001402A2 - System for implementing privacy policies written using a markup language - Google Patents
System for implementing privacy policies written using a markup language Download PDFInfo
- Publication number
- WO2003001402A2 WO2003001402A2 PCT/CA2002/000983 CA0200983W WO03001402A2 WO 2003001402 A2 WO2003001402 A2 WO 2003001402A2 CA 0200983 W CA0200983 W CA 0200983W WO 03001402 A2 WO03001402 A2 WO 03001402A2
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- prml
- privacy
- policy
- xml
- Prior art date
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
- G06F40/123—Storage facilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/10—Text processing
- G06F40/12—Use of codes for handling textual entities
- G06F40/14—Tree-structured documents
- G06F40/143—Markup, e.g. Standard Generalized Markup Language [SGML] or Document Type Definition [DTD]
Definitions
- the present invention relates to a system and method for managing privacy policies, and more particularly to a system and method for creating, distributing, and using a structured privacy policy in an enterprise.
- privacy policies must be digital. Since plain text cannot be read and understood by enterprise data applications, privacy policies should be expressed in a machine-readable form. Once digital and machine-readable, policies can be easily catalogued, updated, modified, and referenced for audit and assessment purposes. XML (extensible markup language) has quickly emerged as the universal format for data interchange and is therefore the most suitable.
- FIG. 1 is a schematic diagram of the components of an enterprise privacy management (EPM) system according to the present invention.
- Figures 2-6 shows UML static diagrams for the PRML.
- the EPM system 100 comprises a console 110 which provides a platform for managing enterprise wide personal information (PI) resources; an EPM server; customer-facing systems such as audit, preference, specialized apps; "back-end” systems such as transaction processing, billing, ERP, manufacturing; "front office” applications such as a customer relationship manager (CRM) and a web office such as web services or partner web sites and one or more clients.
- PI enterprise wide personal information
- CRM customer relationship manager
- the EPM system 100 includes a language for defining the data exchange called "privacy rights markup language" PRML which provides a standardized mechanism for the components to communicate with each other.
- the console consists of an inference engine a consistency engine, collaboration tools, a user interface, and a set of tools for dealing with structured information, on which all of the other portions rely. It also includes a variety of other components, such as an installer and help file.
- the console is written in a mixture of C using Microsoft libraries and HTML.
- the EPM server provides support for integrity, collaboration, discovery and distribution.
- the EPM system responds to information queries called "requests".
- the EPM server consists of a web server, a request service, request forms, a request repository, and discovery agents.
- the web server provides basic HTTP protocol support to the request service. All communication between clients and the request service is via HTTP using SOAP(Simple Object Access Protocol).
- SOAP Simple Object Access Protocol
- the web server hosts web forms, servlets and scripts to provide a UI for fulfillment of the request.
- the client sends a request for specific information, such as details about what data is contained in a particular database, to a request service in the EPM server.
- the request service processes the requests sent by the client and directs the request to the intended- recipient.
- the request is stored in the server-side repository.
- the recipient completes the request, the results are also stored in the repository.
- the result is forwarded to the client where it is integrated with the client's data set.
- the request service may also direct the request to another user if so desired.
- the request may be directed to a discovery service.
- the discovery service runs the process on some target system such as a database, web server or directory server. Once again the completed request result is stored in the repository.
- the discovery service can also expose its interface to request recipients
- the request service is the core of the console on the server-side. This component listens for the client calls via HTTP and responds accordingly.
- the main communications between a client and the server include (a) the client sending a new request to the service; (b) the Client enumerates all requests that match certain criteria (ex: give me all uncompleted requests).
- Discovery services are J2EE-based applications. Each service includes its own web-based UI, the discovery and persistence logic.
- PRML provides a standardized mechanism for the components to communicate with each other.
- the console and the EPM server may use a variety of protocols to communicate, including SOAP and a version control protocol, such as CVS (concurrent versioning system).
- SOAP is a lightweight protocol for exchange of information in a decentralized, distributed environment. It is an XML based protocol that consists of three parts: an envelope that defines a framework for describing what is in a message and how to process it, a set of encoding rules for expressing instances of application-defined datatypes, and a convention for representing remote procedure calls and responses.
- CVS provides support for document version management activity. Those activities include putting files into a repository, getting files, making changes to them, and committing those changes to one or more branches.
- the EPM server distributes information about how to implement a privacy policy to a variety of systems (back-end, front-office, web-office) through a variety of mechanisms (directory, web server), both push and pull based, using the PRML markup language.
- the preferred pull mechanism is using SOAP; the prefferred push mechanisms are via HTTP POST and push to a directory, such as LDAP.
- Software (libraries) on these other systems uses the information in these policies to make decisions of various sorts, especially of the form "allow or deny this action.” A closely related decision is "This
- rule would allow/deny this action.” This allows for the use of installation modes, audits, upgrades, etc.
- libraries are constructed variously of C, C++, Java, and Perl, depending on the calling code. These libraries take the information contained within the documents, and construct an interface suitable for the calling program to use. For example, if the calling code is C, a library might offer a function PrivacyCheck(*data, *actor, action, Recipient, purpose). If the code is object-oriented, it might construct an object which collects such data.
- the process of implementing a PRML-driven privacy policy consists of the creation of a policy, its distribution, and its use.
- I. Creation The creation of a privacy policy involves, at its essesnse, the decision of what can and can not be allowed within or between an enterprise, its partners and suppliers, for privacy reasons. This usually proceeds via a manual process of inventorying data, processes, activities, conditions, etc. These data are correlated and analyzed, and a policy is produced. ' New software aims to make this task easier. Such software can also output structured information, such as a PRML policy, for distribution of the policy information it has gathered. It is also possible to create such policy files with a standard text. SGML or XML editing program. The creation phase ends when a properly crafted XML file has been created. II. Distribution.
- a policy Once a policy has been created, it must be distributed to the software which an organization wishes to see it controlled. Any of the standard methods for distribution of XML may be used. There must be software installed on the receiving host to ensure that the XML can be processed. That software will take the XML, and provide it in a useful form to the data processing software, at points chosen during the systems integration phase. Those points will be functoin calls, or object invocation, or assertion-tests, or other appropriate methods for the caller. The caller will pass a pre-determined set of information for decision making, such as (actor, data, recipient, action, purpose). These data will be tested against the policies encoded in the XML, and a result, perhaps as simple as yes/no, perhaps more complex will be returned. More complex responses might include "This purpose would be acceptable" or "This subset of data is the cause of the refusal.
- the program gathers a list of names.
- the program is provided with a list of names.
- the programmer assembles a set of parameters with which to decide if the program should move ahead.
- the programmer calls a function PrivacyCheck with arguments (client (hospital), purpose (marketing), action (send- email), recipient (data-subject)).
- the Privacy library parses these arguments, and checks them against an internal model of the privacy policy. There are several ways to create such a model, including truth tables, nested-conditionals, etc, with various benefits to each.
- the privacy library take the arguments, and passing them through the nested conditionals, will then return either an ok or a not-ok message.
- the rules will (internally to the library) parse as "ok by statement 1" "not ok by statement 2", and then statement 3 will resolve the conflict as statement 1 has precedence. So, the library will return the result of statement 1, which is that this is ok with an opt-in. The programmer will then ensure that his program calls the privacycheck function again on a per user basis.
- the PRML authoring tool is a basic utility which facilitates the creation of PRML policies. It will allow a user to describe her organization's privacy and data handling practices and render them as a set of PRML documents which can be passed to the PRML compiler or to PRML aware software components which can then act on the policy.
- the PRML compiler provides complex analysis of a PRML policy. It can be used to compute all implied statements within the policy, fully describe a role, identify how specific data items can be manipulated and by whom, etc.
- the compiler is used to make a policy completely explicit so that a PRML aware component does not need to do extensive computation in order to apply that policy to its functions.
- PRML Privacy Rights Markup Language
- the standard offers a comprehensive set of constructs in order to represent privacy policies in full compliance with the Fair Information Practices.
- privacy declarations can be linked with procedures to be executed by runtime environment.
- the link with runtime environment allows the privacy policy to specify constrains or actions to be evaluated dynamically.
- the privacy declarations of PRML are not only means for validate access todata by a certain user.
- the declaration can also be used as a mean todeclare what happens when a declaration takes effect.
- the PRML declaration framework can be used in order to accelerate the creation of a new PRML policy. It can also be used as a set of guidelines to help to develop a new strong privacy policy. 1.1. Goals and Capabilities
- PRML enables an application create declaration that may be offered to the PII owner for the purpose of giving consent.
- the language shall also allow the specification of policies around altering privacy policies themselves. For example PRML document may specify that a notice must follow any change to the privacy policy. The notice must be sent to all individuals who have agreed with the previous privacy policy.
- PRML should allow expressing the necessary information about what operation was performed by whom and why.
- Objects such as operation, purpose and role are organized in hierarchies.
- Hierarchies are defined in Object Dictionary. A single declaration may be expanded into a set of declarations.
- PRML shall contain sufficient detail to allow expansion of high-level declarations into a set of low-level declarations.
- PRML document defines role hierarchy when the role 'doctor' has two children roles
- a PRML document may not contain the full set of declarations or objects.
- An example of personal record is a medical record containing patient's name, address and medical condition.
- An example of purpose of operation is “providing care” or “targeted marketing”
- An example of role is “practicing physician” or “data-mining company”
- a declaration is a way of saying "I allow my physician to view and update my medical record for the purpose of providing care. I also allow the hospital administrator to see my address for the purpose of billing.
- UML Unified Modeling Language
- DTD PRML Document Type Definition
- PRML makes extensive use of the concept of mixing classes. A mixin class in one having orthogonal functionality to any other class such that its attributes and properties can simply be added to a derived class in order to add a well defined facet of functionality to the derived class. For example, almost all PRML constructs represent instances of Identifiable object. Also, PRML allows operations, purposes, and roles to each form their own hierarchy of extension. The object model represents this by each of them inheriting from an ExtendsSingle or ExtendsMultiple base.
- Associations show how an object of one class references or contains other objects (of the some or of a different class). Associations have cardinality and navigation characteristics. Cardinality defines how many objects of one end of the association are associated with how many objects on the other end of the association. A cardinality or 1 would denote a mandatory association to 1 other object. A cardinality or n..m would denote that an object is associated with at least n objects and at most m objects.
- Associations also indicate navigation direction. Please note that this information reflects the expression syntax of the language but is not necessarily indicative of the navigability of such relationships in the run-time environment in which a parsed and processed PRML document might be used. For instance, one can express in the language that a policy declaration is associated with a particular role, but not that a role is associated with a particular declaration. This dichotomy of expression exists both for economy or expression and to avoid redundancy. For this particular example, a PRML compiler or processing engine, in building the run-time model of the policy, can construct a bi-directional relationship; it does not need to be expressed directly in the language as it can be automatically inferred by the tools. 2.2. UML to XML Mapping
- PRML is an XML application. In the future, it will be formally defined by an XML scheme. Currently, the XML representation is defined in XML DTD files. Some validation and data type knowledge that can be expressed in an XML Schema will be lost in the DTD representation. The XML representation is generated from the UML drawings according to a set of rules. These rules are based on those defined in the Customer Profile Exchange (CPExchange) specification and are described in the remainder of this section.
- CPExchange Customer Profile Exchange
- #PCDATA values should be constrained to match the XML Schema data types. Some of these are the built-in datatypes defined by the XML Scheme Datatypes standard. Others are PRML definitions of new XML Scheme generated data types. The intent of the constraints imposed by each data type is documented in this specification, or, in many cases, other standards are referenced.
- the XML 1.0 DTD cannot express the data type constraint; instead, the data type is merely represented with a parameter entity reference. For example:
- a class may represented two parameter ENTITY definitions in the
- One ENTITY expresses the content of the class (if any), while the other ENTITY expresses programmatic attributes of the class (if any).
- Subclass entities include the superclass entities. Data and relationships which are core to the language concepts are expressed as the content of the relevant class and are represented by element ENTITY definitions.
- XML attributes are used to express meta-data about the construct, or instructions to the tools, which must process the construct. Where a class has member values, they are defined following the ENTITY definitions for the contents of that class. For example:
- PRML Privacy Rights Modeling Language is a language describes the relationship between:
- Declarations are used to express privacy rights of owners and other actors involved in handling of PII. If any of the declaration if more than one declaration is applicable to a particular relationship, the operation will be allowed if at least one of the declaration allows it.
- a typical PRML document is composed of three parts:
- the object dictionary defines objects referenced declarations.
- the dictionary is separated in sets. Every set contains a collection of objects of the same type (ex: operations-set). Single object can be reference by multiple declarations.
- Data schema section defines the data dictionary as it describes the existing data environment (database structure). The elements of data schema are referenced to create data elements for declarations. See section 5.
- Declaration set includes the collection of declarations.
- Declarations refer to objects found in the dictionary in order to specify the relations between them.
- PRML is used to describe privacy policies for the informed release of information to authorized parties. This markup language will interact with a number of components within a privacy platform. Refer to conespondent design documents for details on architecture of components mentioned in this section.
- PRML Authoring Tools This is a standalone component which allows a CPO or other privacy rights administrator to easily define a PRML policy. This tool will generate a set of PRML documents, which can then be loaded into the PRML compiler and other tools. Ideally, this consists of a GUI, which manages the various PRML components, which can be created, the data schema, and the links between them. An authoring tool can also be as simple as an XML editor, which is working with the PRML DTD.
- the PRML Compiler takes a PRML policy and assorted files and expands it to a set of privacy rights meta data. This information will enumerate all possible rules, which can be applied to data given the various roles, purposes, and declarations. This meta data is then further converted to a set of information, which the legacy database can use to implement the privacy policy in the case where the PRM is actually implemented by the legacy database system. It can also be further converted to data used by a standalone PRM in the case where the PRM is a separate component, which is contacted by a legacy database system.
- the conversion tools allow a set of PRML components to be expressed in different representation formats.
- Two immediate tools which can be built around the PRML compiler are:
- PRML2P3P This tool expresses the PRML policy as a set of P3P files.
- PRML has a wider range of concepts that it can express.
- PRML2natlang When properly designed, PRML files can be processed to generate a natural language description of the policy. This tool takes a PRML file and creates this description. The above tools are based on XSLT templates. PRML's structure allows to create other XSLT templates to convert a PRML document in to a document in other format.
- This component uses the data generated by the PRML compiler to decide whether or not information is released to a query. This can be implemented a number of ways and is not addressed in this document.
- Relationship management requires that long term relationship between users, owners, and specific roles be identified and kept up to date. This can be a fairly complex problem and is dependent on an application/entity to be able to keep track of this information accurately.
- An example of this it the PERSONAL-PHYSICIAN role. Every doctor is a personal-physician and every patient has a personal-physician, however the relationship management system must be able to link a specific patient to a specific doctor for this role in order to properly apply the privacy rules, which refer to this role.
- Consent management requires a new data path, which allows information owners to consent to specific declarations stated in the PRML privacy policy.
- the authentication system database must be augmented with the roles, purposes, and operations, which can be assigned to specific users of the application.
- the purpose of object dictionary is to define all objects that make up declarations.
- the dictionary includes collections for:
- Every collection may refer to the external prml file. Roles, operations and purposes create conespondent ontology. An object within ontology extends another object higher in the ontology. For example operation 'send email' extends operation 'read email address'.
- Every object in object dictionary has object ID (oid).
- ODD is used in order to reference the object from the declaration. It is also used in order to specify the extended object to create ontology of objects.
- the ID should be unique within the system.
- a PRML document may import whole or parts of object dictionary from a different file. This allows for creation of multiple sets of declarations based on the same object dictionary.
- a UML static structure diagram of a document is shown in figure 4, a declaration in figure 5 and a dictionary in figure 6.
- PRML data definitions consist of the following types of elements:
- Data-set This is a set of data items to which a particular PRML declaration applies. Data-sets contain one or more data items. Each ⁇ data-set> element must have an oid. This can be referred to within a declaration using a ⁇ data- set-id> element.
- a data-def optionally links a data record name to a structure definition which describes the record. If there is no link, the data record type exists but its description is unavailable or unused by the PRML policy.
- data-struct A data-struct describes the columns which make up a data record.
- Each data struct can optionally point to other local or remote data- structs to further refine the description of the record.
- a PRML declaration will identify the record types to which it applies by specifying a ⁇ data-set-id> element, which refers to a ⁇ data-set>. This allows multiple declarations to refer to the same set of data-record.
- Each ⁇ data-set> contains one or more ⁇ data> elements.
- Each ⁇ data> element must contain a ⁇ name> element which refers to a ⁇ data-def> or ⁇ data-struct> within the ⁇ data-schema>.
- the ⁇ name> element as applied to the data definition has a special use beyond the normal one for PRML; it is used to link the data definitions and data structures together.
- Data definitions and structures are named according to a namespace convention which seperates parent objects by periods (".”). There are two reasons for this. It allows the names to map to a database system namespace and it allows an object to identify its children. This allows the data-schemas to refer to other data-schema documents. Examples:
- the ⁇ data-def> elements list all of the record types, which can exist under a particular schema. Each of these can optionally have their structure described through links to ⁇ data-struct> elements.
- the ⁇ data-struct> elements describe the structure of various types of data record. Note that different data record types (as identified by the various ⁇ data- def> elements) can actually have the same structure simply by pointing to the same
- Each ⁇ data-struct> can optionally point to a local or remote
- ⁇ data-struct> that further defines the structure.
- the ⁇ data-def> and ⁇ data-struct> elements do not contain real data. They only describe the structure of the data records to which the PRML policies apply. In most cases it will not be nescessary to completely describe a data record beyond the name, which is need to identify it in the database.
- This example shows how the various data reference and definition elements are put together to allow a PRML policy file to refer to data records.
- the following might be included inside a PRML declaration to identify the record types to which it applies.
- the records involved are "medical-history” and "insurance-coverage”. These will be described in the ⁇ data-schema> section of the file "data-def.xml”.
- the "data-def.xml" file contains a ⁇ data-schema> section as follows:
- the PRML data reference and definition mechanism is strongly influenced by the one used by P3P.
- the following guidelines are provided to indicate the relationship and to assist in conversion from one to the other.
- PRML data definitions provide a name and an optional description. There is no "short-description" attribute, which can be specified so these are never generated when converting to a P3P data schema.
- P3P defines an attribute "optional” for its DATA element while PRML does not. This attribute indicates whether or not a visitor to a site can withhold the specified piece of data. If not specified, it is set to "no". When converting from PRML to P3P, this value should be explicitly set to "no”. Since PRML deals with releasing data rather than collecting it, a visitor to the site should be obliged to provide it. This should be examined further however.
- PRML does not define data categories.
- P3P attaches categories to DATA, DATA-DEF and or DATA-STRUCT elements in order to provide a hint regarding the intended use of the data. This must be specified somewhere inside a P3P data schema. How to do this from PRML is still an open issue, but one approach may be to use P3P's extension mechanism and assign the following for each DATA- DEF:
- ⁇ data-set> can specify an "import” attribute. This also maps directly to "base”. It is assumed that the PRML data-schema will always be in a separate file. In this case, the link to that file will be identified through a "base” attribute specified for the ⁇ DATA-GROUP> element. If the PRML data-schema is exported to the P3P file itself, the "base” attribute value must be set to the empty string ("").
- the ⁇ data-def> element maps to P3P's ⁇ DATA-DEF>.
- the ⁇ name> element becomes the "name” attribute and is transferred as is. The same thing is done for the ⁇ struct-ref> element; it becomes the "structref parameter. There is no equivalent to the "short-description" attribute. Since this is optional in P3P, the conversion process does not specify it.
- the PRML ⁇ data-struct> elements map to P3P's ⁇ DATA- STRUCT> and are treated the same way as ⁇ data-def .
- the specification of a language without usage guidelines is difficult to use.
- the base declarations along with base objects create a framework for development of richer and customized declarations.
- the indented usage of the declarations in this section is to provide a starting point for privacy office and integrator to create specific corporate privacy policy.
- the PII owner shall be able to access its personal data.
- the PII owner shall be able to view the access log.
- This e-mail address may be used for coreespondence regarding transaction number 1234 only, and is to be purged when transaction number 1234 is complete. In no case may this infonnation be retained after date D.
- This e-mail address may be used for correspondence regarding transaction number 1234, or for product recalls or other reports of serious safety or security issues regarding product X as purchased in transaction number 1234.
- the address is to be purged when product X is declared obsolete.
- This postal address may be used by corporation X to advertise products falling under SIC code blah.
- This name, patient room number, diagnosis code, physician's notes, and attached medical imaging may be provided to licensed health care professionals at hospital X for the purposes of treating the named patient. Authorization is not granted for access to the patient's billing information.
- This diagnosis code, physician's diagnostic note, and list of provided treatments may be used by designated claims adjusters for companies in group foo, for evaluation of medical insurance claim number 69, provided that no PII is provided to the adjuster in a way that can be linked to this diagnosis code.
- This name, address,, and authorized claim amount may be provided to designated check issuers for companies in group foo, provided that no medical diagnostic information is disclosed to the check issuer,
- This biometric information (which is to be stored only in hashed form), may be used by authentication service X for the purpose of validating access to Web sites certified by privacy auditor Y.
- This survey response may be used for political advocacy when statistically aggregated with all other responses to this survey question.
- PRML uses the same approach towards designing XML language.
- the language is generated from data model defined by UML static diagram.
- UML to XML mapping methodology is used to generate the DTD.
- the following primitive and complex datatypes are used to constrain the #PCDATA content of elements and attributes.
- the primitive datatypes are defined in the W3C XML Schema:
Abstract
Description
Claims
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
AU2002312692A AU2002312692A1 (en) | 2001-06-26 | 2002-06-26 | System for implementing privacy policies written using a markup language |
CA002491090A CA2491090A1 (en) | 2001-06-26 | 2002-06-26 | System for implementing privacy policies written using a markup language |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CA2,351,696 | 2001-06-26 | ||
CA002351696A CA2351696A1 (en) | 2001-06-26 | 2001-06-26 | System for implementing privacy policies written using a markup language |
Publications (2)
Publication Number | Publication Date |
---|---|
WO2003001402A2 true WO2003001402A2 (en) | 2003-01-03 |
WO2003001402A3 WO2003001402A3 (en) | 2003-12-11 |
Family
ID=4169350
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CA2002/000983 WO2003001402A2 (en) | 2001-06-26 | 2002-06-26 | System for implementing privacy policies written using a markup language |
Country Status (3)
Country | Link |
---|---|
AU (1) | AU2002312692A1 (en) |
CA (1) | CA2351696A1 (en) |
WO (1) | WO2003001402A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9727751B2 (en) | 2010-10-29 | 2017-08-08 | Nokia Technologies Oy | Method and apparatus for applying privacy policies to structured data |
-
2001
- 2001-06-26 CA CA002351696A patent/CA2351696A1/en not_active Abandoned
-
2002
- 2002-06-26 WO PCT/CA2002/000983 patent/WO2003001402A2/en not_active Application Discontinuation
- 2002-06-26 AU AU2002312692A patent/AU2002312692A1/en not_active Abandoned
Non-Patent Citations (1)
Title |
---|
MARCHIORI M ET AL: "The Platform for Privacy Preferences 1.0 (P3P1.0) Specification" W3C, 15 December 2000 (2000-12-15), XP002246565 Retrieved from the Internet: <URL:http://www.w3.org/TR/2000/CR-P3P-2000 1215/> [retrieved on 2003-07-04] * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9727751B2 (en) | 2010-10-29 | 2017-08-08 | Nokia Technologies Oy | Method and apparatus for applying privacy policies to structured data |
Also Published As
Publication number | Publication date |
---|---|
CA2351696A1 (en) | 2002-12-26 |
AU2002312692A1 (en) | 2003-01-08 |
WO2003001402A3 (en) | 2003-12-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20030097383A1 (en) | Enterprise privacy system | |
Ashley et al. | Enterprise privacy authorization language (EPAL) | |
US7089583B2 (en) | Method and apparatus for a business applications server | |
US6850893B2 (en) | Method and apparatus for an improved security system mechanism in a business applications management system platform | |
US6721747B2 (en) | Method and apparatus for an information server | |
US6643652B2 (en) | Method and apparatus for managing data exchange among systems in a network | |
Anderson | A comparison of two privacy policy languages: EPAL and XACML | |
Barkley et al. | Supporting relationships in access control using role based access control | |
US7886041B2 (en) | Design time validation of systems | |
US7480920B2 (en) | Systems and methods for providing an enterprise services description language | |
TWI405091B (en) | Computer system and computer-implemented method for data services across disparate application frameworks | |
US20020049788A1 (en) | Method and apparatus for a web content platform | |
US20050091671A1 (en) | Programming interface for a computer platform | |
JP2011070707A (en) | Architecture for distributed computing system and automated design, development and management of distributed application | |
Trevor et al. | The use of adapters to support cooperative sharing | |
Feuerlicht | Design of service interfaces for e-business applications using data normalization techniques | |
Verbeek et al. | XRL/Woflan: verification of an XML/Petri-net-based language for inter-organizational workflows | |
Breu et al. | Model based development of access policies | |
EP1498813A2 (en) | Design time validation of systems | |
Pilioura et al. | E-services: Current technology and open issues | |
Hamadi et al. | Conceptual modeling of privacy-aware web service protocols | |
WO2003001402A2 (en) | System for implementing privacy policies written using a markup language | |
CA2491090A1 (en) | System for implementing privacy policies written using a markup language | |
Mythily et al. | An automation framework design for secure software development | |
Scaglioso et al. | Modern standard-based access control in network services: XACML in action |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AK | Designated states |
Kind code of ref document: A2 Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW |
|
AL | Designated countries for regional patents |
Kind code of ref document: A2 Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG |
|
121 | Ep: the epo has been informed by wipo that ep was designated in this application | ||
REG | Reference to national code |
Ref country code: DE Ref legal event code: 8642 |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: COMMUNICATION PURSUANT TO RULE 69(1) EPC |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2491090 Country of ref document: CA |
|
122 | Ep: pct application non-entry in european phase | ||
NENP | Non-entry into the national phase |
Ref country code: JP |
|
WWW | Wipo information: withdrawn in national office |
Country of ref document: JP |