Authorising contract based access to personal data in the cloud

Kaniz Fatema; Dave Lewis; Declan O'Sullivan; John  P. Morrison; Abdullah-Al Mazed

doi:10.1109/UCC.2015.99

Authorising contract based access to personal data in the cloud

Kaniz Fatema, Dave Lewis, Declan O'Sullivan, John P. Morrison, Abdullah-Al Mazed

Research output: Chapter in Book/Published conference output › Conference publication

Abstract

The emerging new EU data protection regulation requires that regardless of the location of the data centers a cloud service provider will have to comply with the EU data protection regulation if it provides services to EU citizens. Handling personal data in a legally compliant way is a very important factor for ensuring the trustworthiness of a cloud service provider. In this paper we present a software component called Contract Validation Service (ConVS) that validates digital contracts and helps to automate contract-based access to personal data. The paper then shows how an authorisation system can use the ConVS to automate legally compliant authorisation decisions from XACML format-ted EU Data Protection Derivative rules. Such automation in determining contract-based access decisions offers the potential to significantly reduce the effort of ensuring legal compliance of the cloud service providers.

Original language	English
Title of host publication	2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)
Publisher	IEEE
ISBN (Electronic)	978-0-7695-5697-0
DOIs	https://doi.org/10.1109/UCC.2015.99
Publication status	Published - 14 Mar 2016

Access to Document

10.1109/UCC.2015.99

Cite this

@inproceedings{2d684aa6dc1249218f06c70d05062ad8,

title = "Authorising contract based access to personal data in the cloud",

abstract = "The emerging new EU data protection regulation requires that regardless of the location of the data centers a cloud service provider will have to comply with the EU data protection regulation if it provides services to EU citizens. Handling personal data in a legally compliant way is a very important factor for ensuring the trustworthiness of a cloud service provider. In this paper we present a software component called Contract Validation Service (ConVS) that validates digital contracts and helps to automate contract-based access to personal data. The paper then shows how an authorisation system can use the ConVS to automate legally compliant authorisation decisions from XACML format-ted EU Data Protection Derivative rules. Such automation in determining contract-based access decisions offers the potential to significantly reduce the effort of ensuring legal compliance of the cloud service providers.",

author = "Kaniz Fatema and Dave Lewis and Declan O'Sullivan and {P. Morrison}, John and Abdullah-Al Mazed",

year = "2016",

month = mar,

day = "14",

doi = "10.1109/UCC.2015.99",

language = "English",

booktitle = "2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)",

publisher = "IEEE",

address = "United States",

}

TY - GEN

T1 - Authorising contract based access to personal data in the cloud

AU - Fatema, Kaniz

AU - Lewis, Dave

AU - O'Sullivan, Declan

AU - P. Morrison, John

AU - Mazed, Abdullah-Al

PY - 2016/3/14

Y1 - 2016/3/14

N2 - The emerging new EU data protection regulation requires that regardless of the location of the data centers a cloud service provider will have to comply with the EU data protection regulation if it provides services to EU citizens. Handling personal data in a legally compliant way is a very important factor for ensuring the trustworthiness of a cloud service provider. In this paper we present a software component called Contract Validation Service (ConVS) that validates digital contracts and helps to automate contract-based access to personal data. The paper then shows how an authorisation system can use the ConVS to automate legally compliant authorisation decisions from XACML format-ted EU Data Protection Derivative rules. Such automation in determining contract-based access decisions offers the potential to significantly reduce the effort of ensuring legal compliance of the cloud service providers.

AB - The emerging new EU data protection regulation requires that regardless of the location of the data centers a cloud service provider will have to comply with the EU data protection regulation if it provides services to EU citizens. Handling personal data in a legally compliant way is a very important factor for ensuring the trustworthiness of a cloud service provider. In this paper we present a software component called Contract Validation Service (ConVS) that validates digital contracts and helps to automate contract-based access to personal data. The paper then shows how an authorisation system can use the ConVS to automate legally compliant authorisation decisions from XACML format-ted EU Data Protection Derivative rules. Such automation in determining contract-based access decisions offers the potential to significantly reduce the effort of ensuring legal compliance of the cloud service providers.

UR - https://ieeexplore.ieee.org/document/7431474?section=abstract

U2 - 10.1109/UCC.2015.99

DO - 10.1109/UCC.2015.99

M3 - Conference publication

BT - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)

PB - IEEE

ER -

Authorising contract based access to personal data in the cloud

Abstract

Access to Document

Other files and links

Fingerprint

Cite this