Conflict and Combination in Privacy Policy Languages

Full textClick to download.
CitationIn Proc. of the ACM Workshop on Privacy in the Electronic Society (WPES), Washington DC, pp. 45-46, 2004
AuthorsAdam Barth
John C. Mitchell
J. Rosenstein


Many modern enterprises require methods for guaranteeing compliance with privacy legislation and announced privacy policies. IBM has proposed a formal language, the Enterprise Privacy Authorization Language (EPAL), for describing privacy policies rigorously. In this paper, we identify four desirable properties of a privacy policy language: guaranteed consistency, guaranteed safety, admitting local reasoning, and closure under combination. While EPAL achieves only one of these four goals, an extended language framework allows us to achieve three out of four, while retaining the basic EPAL framework of restricting access and imposing obligations on users of confidential information.

Back to publications
Back to previous page