[13837] in cryptography@c2.net mail archive
[johnmacsgroup] IBM Develops New Language for Writing Privacy
daemon@ATHENA.MIT.EDU (R. A. Hettinga)
Mon Jul 14 20:06:06 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Mon, 14 Jul 2003 14:32:39 -0700
To: cryptography@metzdowd.com
From: "R. A. Hettinga" <rah@shipwright.com>
--- begin forwarded text
Status: U
To: "johnmac's living room" <johnmacsgroup@yahoogroups.com>
From: "John F. McMullen" <observer@westnet.com>
Mailing-List: list johnmacsgroup@yahoogroups.com; contact johnmacsgroup-owner@yahoogroups.com
Date: Mon, 14 Jul 2003 17:04:10 -0400 (EDT)
Subject: [johnmacsgroup] IBM Develops New Language for Writing Privacy Policies
Reply-To: johnmacsgroup@yahoogroups.com
>From eSecurity Planet --
http://www.esecurityplanet.com/prodser/article.php/2234981
IBM Develops New Language for Writing Privacy Policies
By John Desmond
IBM has developed a programming language designed to automate the writing
of privacy policies, with contributions from a research lab in Zurich and
customers of the IBM Tivoli Privacy Manager in the U.S.
The Enterprise Privacy Authorization Language (EPAL) builds on the
Platform for Privacy Preferences (P3P) specification delivered by the
World Wide Web Consortium in April 2002, by providing an XML language that
can be used to enforce privacy policies among applications and databases.
"Some of the feedback we have received form customers has been that
Privacy Manager is great but it has limitations in the policies that can
be expressed," says Phil Fritz, product manager with IBM Tivoli. The work
in Zurich that began about 18 months ago is now being coordinated with the
customer feedback to make the end result more responsive to the market.
EPAL is able to express conditions, such as, the user is not allowed to
see a piece of data unless the user is a police officer with a valid
search warrant. Or, a primary care physician cannot see the patient's
medical data without permission from the patient. Or, no one can see the
data unless the following conditions are present, then list them.
In addition to government regulations around privacy driving compliance,
the consolidation of applications and databases ongoing in many companies
is having the unintended consequence of making it more difficult for
permitted users to get to data they are authorized to see.
"Companies need a way to virtualize the enforcement of views on data,
while lowering their administrative costs," Fritz says.
IBM is not yet marketing EPAL as a commercial product, but plans to submit
the language for standardization in coming months. Tivoli Privacy Manager
will be adding support for EPAL as well.
Students at North Caroline State University, who collaborated with IBM
researchers on EPAL, used it to developer a tool called the Privacy
Authoring Editor, which helps companies author and edit privacy policies
using EPAL. The tool is currently available on SourceForge.net, the Web
site for open source code and applications, at
http://sourceforege.net/projects/epaleditor.
Copyright 2003 Jupitermedia Corporation
*** FAIR USE NOTICE. This message contains copyrighted material whose use
has not been specifically authorized by the copyright owner. The
'johnmacsgroup' Internet discussion group is making it available without
profit to group members who have expressed a prior interest in receiving
the included information in their efforts to advance the understanding of
literary, educational, political, and economic issues, for non-profit
research and educational purposes only. I believe that this constitutes a
'fair use' of the copyrighted material as provided for in section 107 of
the U.S. Copyright Law. If you wish to use this copyrighted material for
purposes of your own that go beyond 'fair use,' you must obtain permission
from the copyright owner.
For more information go to:
http://www.law.cornell.edu/uscode/17/107.shtml
"When you come to the fork in the road, take it" - L.P. Berra
"Always make new mistakes" -- Esther Dyson
"Be precise in the use of words and expect precision from others" -
Pierre Abelard
"Any sufficiently advanced technology is indistinguishable from magic"
-- Arthur C. Clarke
"Bobby Layne never lost a game. Time just ran out." -- Doak Walker
John F. McMullen
johnmac@acm.org johnmac@cyberspace.org
ICQ: 4368412 AIM & Yahoo Messenger: johnmac13
http://www.westnet.com/~observer
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Buy Ink Cartridges & Refill Kits for Your HP at Myinks.com
Free shipping on orders $50 or more to the US and Canada.
http://www.c1tracking.com/l.asp?cid=5706&lp=home/hp.asp
http://us.click.yahoo.com/arYXfA/.xWGAA/ySSFAA/XgSolB/TM
---------------------------------------------------------------------~->
To unsubscribe from this group, send an email to:
johnmacsgroup-unsubscribe@yahoogroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah@ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
