首页    期刊浏览 2024年12月03日 星期二
登录注册

文章基本信息

  • 标题:Law-Aware Access Control and its Information Model
  • 本地全文:下载
  • 作者:Michael Stieghahn ; Thomas Engel
  • 期刊名称:Journal of Computing
  • 电子版ISSN:2151-9617
  • 出版年度:2010
  • 卷号:2
  • 期号:6
  • 出版社:Journal of Computing
  • 摘要:Cross-border access to a variety of data such as market information, strategic information, or customer-related information defines the daily business of many global companies, including financial institutions. These companies are obliged by law to keep a data processing legal for all offered services. They need to fulfill different security objectives specified by the legislation. Therefore, they control access to prevent unauthorized users from using data. Those security objectives, for example confidentiality or secrecy, are often defined in the eXtensible Access Control Markup Language that promotes interoperability between different systems.In this paper, we show the necessity of incorporating the requirements of legislation into access control. Based on the work flow in a banking scenario we describe a variety of available contextual information and their interrelations. Different from other access control systems our main focus is on law-compliant cross-border data access. By including legislation directly into access decisions, this lawfulness can be ensured. We also decribe our information model to demonstrate how these policies can be implemented into an existing network and how the components and contextual information interrelate. Finally, we outline an event flow for a request made from a remote user exemplifying how such a system decides about access
国家哲学社会科学文献中心版权所有