Rule Language Requirements for Privacy-Enabled Identity Management

The overall use case that motivates this position paper is a privacy-enabled identity management system using semantic web technologies. By this, we mean a system that uses a set of RDF-based languages to * exchange instance data - often personal information - between clients and services * express client-side preferences * express contextual and assurance requirements * express service-side policies * express the agreements reached between clients and services * express the obligations that arise from these agreements. In discussing rule use cases and requirements, this position paper focuses on those requirements that are characteristic to the privacy-enabled identity management problem. Both preferences and policies can be cast in rule-like semantics, as both deal with conditions about what is acceptable, and what is not. In general two categories of rules are of relevance: inference rules and reactive rules. Specifically, we want to make a case for reactive rules in the context of privacy management. ECA reactive rules (Event-Condition-Action rules) are required to express access control policies, assurance policies and obligation policies. As a significant example we consider privacy obligations. Privacy obligations fit the reactive rule pattern: they define data lifecycle management practices including supported handling policies and under what conditions certain actions have to be taken.

HOGBEN Giles; 

2006-11-10

W3C

JRC32157

https://publications.jrc.ec.europa.eu/repository/handle/JRC32157,