XPACML eXtensible Privacy Access Control Markup Language

Privacy in the digital world is a critical problem which is becoming even more imperious with the growth of the Internet, accompanied by the proliferation of e-services (e.g. ecommerce, e-health). One research track for efficient privacy management is to make use of user’s and service provider’s (SP) privacy policies, and to perform an automatic comparison in between to help any (skilled or unskilled) users preserving their privacy. In this paper, we focus on the privacy policy comparison issues. We adopt the eXtensible Access Control Markup Language (XACML) as a policy description language for user’s preferences and SP’s policies. We enrich XACML with P3P main elements to permit a privacy aware access control on the user’s personal data elements, thus resulting in the new XPACML (eXtensible Privacy Access Control Markup Language) language. The paper describes first the XPACML language. Then, it presents the functional architecture at the user’s side where the automatic privacy policy compliance can be performed. Finally it discusses our contributions compared to the main proposed solutions in the literature to better identify the interest of them.