Access and Unknowable Obligations

A Framework to Enforce Access Control, Usage Control and Obligations

In this paper, we define a core language to express access control, usage control and obligation policies and we specify a policy controller in charge of evaluating such policies. This policy language can be used to specify security requirements of many applications such as DRM (Digital Right Management), P2P or Web Service applications. It is used to express both contextual permissions and obl...

An Extended Role-Based Access Control Model for Delegating Obligations

The main aim of access control models is to provide means to simplify the management of the security policy, which is a fastidious and error-prone task. Supporting delegation is considered as an important mean to decentralize the administration and therefore to allow security policy to be more flexible and easier to manipulate. Our main contribution is the proposition of a unified model to the ...

Unknowable Manipulators: Social Network Curator Algorithms

For a social networking service to acquire and retain users, it must find ways to keep them engaged. By accurately gauging their preferences, it is able to serve them with the subset of available content that maximises revenue for the site. Without the constraints of an appropriate regulatory framework, we argue that a sufficiently sophisticated curator algorithm tasked with performing this pro...

Co-national Obligations & Cosmopolitan Obligations towards Foreigners

On Obligations

Access control is concerned with granting access to sensitive data based on conditions that relate to the past or present, so-called provisions. Expressing requirements from the domain of data protection necessitates extending this notion with conditions that relate to the future. Obligations, in this sense, are concerned with commitments of the involved parties. At the moment of granting acces...