[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: IBM Develops New Language for Writing Privacy Policies
This was on The Cryptography Mailing List. EPAL uses XACML. -Anne >From eSecurity Planet -- http://www.esecurityplanet.com/prodser/article.php/2234981 IBM Develops New Language for Writing Privacy Policies By John Desmond IBM has developed a programming language designed to automate the writing of privacy policies, with contributions from a research lab in Zurich and customers of the IBM Tivoli Privacy Manager in the U.S. The Enterprise Privacy Authorization Language (EPAL) builds on the Platform for Privacy Preferences (P3P) specification delivered by the World Wide Web Consortium in April 2002, by providing an XML language that can be used to enforce privacy policies among applications and databases. "Some of the feedback we have received form customers has been that Privacy Manager is great but it has limitations in the policies that can be expressed," says Phil Fritz, product manager with IBM Tivoli. The work in Zurich that began about 18 months ago is now being coordinated with the customer feedback to make the end result more responsive to the market. EPAL is able to express conditions, such as, the user is not allowed to see a piece of data unless the user is a police officer with a valid search warrant. Or, a primary care physician cannot see the patient's medical data without permission from the patient. Or, no one can see the data unless the following conditions are present, then list them. In addition to government regulations around privacy driving compliance, the consolidation of applications and databases ongoing in many companies is having the unintended consequence of making it more difficult for permitted users to get to data they are authorized to see. "Companies need a way to virtualize the enforcement of views on data, while lowering their administrative costs," Fritz says. IBM is not yet marketing EPAL as a commercial product, but plans to submit the language for standardization in coming months. Tivoli Privacy Manager will be adding support for EPAL as well. Students at North Caroline State University, who collaborated with IBM researchers on EPAL, used it to developer a tool called the Privacy Authoring Editor, which helps companies author and edit privacy policies using EPAL. The tool is currently available on SourceForge.net, the Web site for open source code and applications, at http://sourceforege.net/projects/epaleditor. -- Anne H. Anderson Email: Anne.Anderson@Sun.COM Sun Microsystems Laboratories 1 Network Drive,UBUR02-311 Tel: 781/442-0928 Burlington, MA 01803-0902 USA Fax: 781/442-1692
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]