This paper proposes a trust involved management framework for supporting privacy preserving access control policies and mechanisms. The mechanism enforces access policy to data containing personally identifiable information. The key component of the framework is an access control model that provides full support for expressing highly complex privacy related policies, taking into account features like purposes and obligations. A policy refers to an access right that a subject can have on an object, based on relationship, trust, purpose and obligations. The structure of purpose involved access control policy is studied. Finally a discussion of our work in comparison with other access control and frameworks such as EPAL is discussed.
展开▼
