In this paper we discuss implementation issues of a distributed privacy enforcement scheme to support Owner-Retained Access Control for digital data repositories. Our approach is based on the Java Security Framework. In order to achieve policy enforcement dependent on the accessed data object, we had to implement our own class loader that supports instance-level policy assignment. Access polici...

We present a formal (model-based) approach to describing and analysing access control policies. This approach allows us to evaluate access requests against policies, compare versions of policies with each other and check policies for internal consistency. Access control policies are described using VDM, a statebased formal modelling language. Policy descriptions are concise and may be easily ma...

In this paper we show that the static conflict resolution strategy of XACML is not always sufficient to satisfy the policy needs of an organisation where multiple parties provide their own individual policies. Different conflict resolution strategies are often required for different situations. Thus combining one or more sets of policies into a single XACML ‘super policy’ that is evaluated by a...

None of the current initiatives to provide interoperability between Digital Rights Management (DRM) systems, such as CORAL [3] or Marlin [13], provide a global solution to enable different devices to render content governed by different DRM systems. Interoperability applies to different aspects of DRM, such as languages for rights expression, digital objects declaration and protection informati...

To facilitate managing access control in a system, access control policies are increasingly written in specification languages such as XACML. A dedicated software component called a Policy Decision Point (PDP) interprets the specified policies, receives access requests, and returns responses to inform whether access should be permitted or denied. To increase confidence in the correctness of spe...

As distributed collaborative applications and architectures are adopting policy based management for tasks such as access control, network security and data privacy, the management and consolidation of a large number of policies is becoming a crucial component of such policy based systems. In large-scale distributed collaborative applications like web services, there is the need of analyzing po...