Share on Facebook Tweet on Twitter Share on LinkedIn Share by email
A Framework for Privacy Preferences and Data-Handling Policies

Moritz Y. Becker, Alexander Malkis, and Laurent Bussard

Abstract

This paper presents SecPALP, a language for specifying both users' preferences on how their personally identifiable information (PII) should be treated by data-collecting services, and services' policies on treating collected PIIs. Preferences and policies are specified in terms of granted rights and required obligations, expressed as assertions and queries in an instance of SecPAL (a language originally developed for decentralized authorization). This paper further presents a formal definition of satisfaction between a policy and a preference, and a satisfaction checking algorithm. Based on the latter, a protocol is described for disclosing PIIs between users and services, as well as between third-party services.

Details

Publication typeTechReport
NumberMSR-TR-2009-128
PublisherMicrosoft Research
> Publications > A Framework for Privacy Preferences and Data-Handling Policies