{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,25]],"date-time":"2025-03-25T20:35:04Z","timestamp":1742934904825,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":29,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540748342"},{"type":"electronic","value":"9783540748359"}],"license":[{"start":{"date-parts":[[2007,1,1]],"date-time":"2007-01-01T00:00:00Z","timestamp":1167609600000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2007]]},"DOI":"10.1007\/978-3-540-74835-9_6","type":"book-chapter","created":{"date-parts":[[2007,9,7]],"date-time":"2007-09-07T10:03:08Z","timestamp":1189159388000},"page":"72-89","source":"Crossref","is-referenced-by-count":20,"title":["Conditional Privacy-Aware Role Based Access Control"],"prefix":"10.1007","author":[{"given":"Qun","family":"Ni","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Dan","family":"Lin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Elisa","family":"Bertino","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jorge","family":"Lobo","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"6_CR1","first-page":"223","volume-title":"POLICY 2005","author":"D. Agrawal","year":"2005","unstructured":"Agrawal, D., Giles, J., Lee, K.-W., Lobo, J.: Policy ratification. In: POLICY 2005. Proceedings of the Sixth IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm Sweden, pp. 223\u2013232. IEEE Computer Society, Los Alamitos (2005)"},{"key":"6_CR2","unstructured":"Amazon.com: Amazon privacy notice, available at \n \n http:\/\/www.amazon.com\/exec\/obidos\/tg\/browse\/-\/468496\/102-8997954-0573735"},{"key":"6_CR3","doi-asserted-by":"publisher","first-page":"53","DOI":"10.1145\/1180367.1180378","volume-title":"SWS 2006: Proceedings of the 3rd ACM workshop on Secure web services","author":"A.H. Anderson","year":"2006","unstructured":"Anderson, A.H.: A comparison of two privacy policy languages: Epal and xacml. In: SWS 2006: Proceedings of the 3rd ACM workshop on Secure web services, pp. 53\u201360. ACM Press, New York (2006)"},{"key":"6_CR4","unstructured":"Ashley, P., Hada, S., Karjoth, G., Powers, C., Schunter, M.: Enterprise privacy authorization language (epal 1.2). W3C Member Submission 10 (November 2003), available at \n \n http:\/\/www.w3.org\/Submission\/EPAL\/"},{"key":"6_CR5","doi-asserted-by":"publisher","first-page":"45","DOI":"10.1145\/1029179.1029195","volume-title":"WPES 2004: Proceedings of the 2004 ACM workshop on Privacy in the electronic society","author":"A. Barth","year":"2004","unstructured":"Barth, A., Mitchell, J.C., Rosenstein, J.: Conflict and combination in privacy policy languages. In: WPES 2004: Proceedings of the 2004 ACM workshop on Privacy in the electronic society, pp. 45\u201346. ACM Press, New York (2004)"},{"key":"6_CR6","first-page":"2","volume-title":"POLICY 2002","author":"C. Bettini","year":"2002","unstructured":"Bettini, C., Jajodia, S., Wang, X., Wijesekera, D.: Obligation monitoring in policy management. In: POLICY 2002. Proceedings of the 3rd International Workshop on Policies for Distributed Systems and Networks, Washington, DC, USA, p. 2. IEEE Computer Society, Los Alamitos (2002)"},{"issue":"3","key":"6_CR7","doi-asserted-by":"publisher","first-page":"224","DOI":"10.1145\/501978.501980","volume":"4","author":"D.F. Ferraiolo","year":"2001","unstructured":"Ferraiolo, D.F., Sandhu, R., Gavrila, S., Kuhn, D.R., Chandramouli, R.: Proposed nist standard for role-based access control. ACM Trans. Inf. Syst. Secur.\u00a04(3), 224\u2013274 (2001)","journal-title":"ACM Trans. Inf. Syst. Secur."},{"key":"6_CR8","doi-asserted-by":"crossref","DOI":"10.1007\/3-540-45150-1","volume-title":"IT-security and privacy: design and use of privacy-enhancing security mechanisms","author":"S. Fischer-Hubner","year":"2001","unstructured":"Fischer-Hubner, S.: IT-security and privacy: design and use of privacy-enhancing security mechanisms. Springer, Heidelberg (2001)"},{"key":"6_CR9","series-title":"Lecture Notes in Computer Science","first-page":"196","volume-title":"Software Engineering Education in the Modern Age","author":"K. Fisler","year":"2006","unstructured":"Fisler, K., Krishnamurthi, S., Meyerovich, L.A., Tschantz, M.C.: Verification and change-impact analysis of access-control policies. In: Inverardi, P., Jazayeri, M. (eds.) ICSE 2005. LNCS, vol.\u00a04309, pp. 196\u2013205. Springer, Heidelberg (2006)"},{"key":"6_CR10","unstructured":"IBM Zurich Research Laboratory, Switzerland: The enterprise privacy authorization language (epal 1.1), available at \n \n http:\/\/www.zurich.ibm.com\/security\/enterprise-privacy\/epal\/"},{"key":"6_CR11","doi-asserted-by":"publisher","first-page":"134","DOI":"10.1145\/1180405.1180423","volume-title":"CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security","author":"K. Irwin","year":"2006","unstructured":"Irwin, K., Yu, T., Winsborough, W.H.: On the modeling and analysis of obligations. In: CCS 2006: Proceedings of the 13th ACM conference on Computer and communications security, pp. 134\u2013143. ACM Press, New York (2006)"},{"key":"6_CR12","doi-asserted-by":"publisher","first-page":"299","DOI":"10.1145\/298514.298582","volume-title":"PODS 1990: Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems","author":"P.C. Kanellakis","year":"1990","unstructured":"Kanellakis, P.C., Kuper, G.M., Revesz, P.Z.: Constraint query languages (preliminary report). In: PODS 1990: Proceedings of the ninth ACM SIGACT-SIGMOD-SIGART symposium on Principles of database systems, pp. 299\u2013313. ACM Press, New York (1990)"},{"key":"6_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"69","DOI":"10.1007\/3-540-36467-6_6","volume-title":"Privacy Enhancing Technologies","author":"G. Karjoth","year":"2003","unstructured":"Karjoth, G., Schunter, M., Waidner, M.: Platform for enterprise privacy practices: Privacy-enabled management of customer data. In: Dingledine, R., Syverson, P.F. (eds.) PET 2002. LNCS, vol.\u00a02482, pp. 69\u201384. Springer, Heidelberg (2003)"},{"key":"6_CR14","unstructured":"Kolovski, V., Hendler, J., Parsia, B.: Formalizing xacml using defeasible description logics, available at \n \n http:\/\/www.mindswap.org\/~kolovski\/xacml_tr.pdf"},{"key":"6_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"58","DOI":"10.1007\/3-540-36388-2_6","volume-title":"Practical Aspects of Declarative Languages","author":"N. Li","year":"2002","unstructured":"Li, N., Mitchell, J.C.: Datalog with constraints: A foundation for trust management languages. In: Dahl, V., Wadler, P. (eds.) PADL 2003. LNCS, vol.\u00a02562, pp. 58\u201373. Springer, Heidelberg (2002)"},{"key":"6_CR16","doi-asserted-by":"crossref","unstructured":"Mont, M.C., Beato, F.: On parametric obligation policies: Enabling privacy-aware information lifecycle management in enterprises. Tech. Report HPL-2007-7, Trusted Systems Laboratory, HP Laboratories Bristol, available at \n \n http:\/\/www.hpl.hp.com\/techreports\/2007\/HPL-2007-7.pdf","DOI":"10.1109\/POLICY.2007.30"},{"key":"6_CR17","volume-title":"SACMAT 2007","author":"Q. Ni","year":"2007","unstructured":"Ni, Q., Trombetta, A., Bertino, E., Lobo, J.: Privacy aware role based access control. In: SACMAT 2007. Proceedings of the 12th ACM symposium on Access control models and technologies, ACM Press, New York (2007)"},{"key":"6_CR18","unstructured":"OASIS: extensible access control markup language (xacml) 2.0, available at \n \n http:\/\/www.oasis-open.org\/"},{"key":"6_CR19","unstructured":"Organisation for Economic Co-operation and Development: Oecd guidelines on the protection of privacy and transborder flows of personal data of 1980, available at \n \n http:\/\/www.oecd.org\/"},{"key":"6_CR20","doi-asserted-by":"publisher","first-page":"13","DOI":"10.1109\/ISEC.2002.1166906","volume-title":"ISEC 2002: Proceedings of the Third International Symposium on Electronic Commerce","author":"C.S. Powers","year":"2002","unstructured":"Powers, C.S.: Privacy promises, access control, and privacy management. In: ISEC 2002: Proceedings of the Third International Symposium on Electronic Commerce, Washington, DC, USA, p. 13. IEEE Computer Society, Los Alamitos (2002)"},{"key":"6_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"209","DOI":"10.1007\/BFb0035010","volume-title":"Semantics in Databases","author":"P.Z. Revesz","year":"1998","unstructured":"Revesz, P.Z.: Constraint databases: A survey. In: Thalheim, B. (ed.) Semantics in Databases. LNCS, vol.\u00a01358, pp. 209\u2013246. Springer, Heidelberg (1998)"},{"key":"6_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"355","DOI":"10.1007\/3-540-49481-2_26","volume-title":"CP 1998","author":"P.Z. Revesz","year":"1998","unstructured":"Revesz, P.Z.: Safe datalog queries with linear constraints. In: Maher, M.J., Puget, J.-F. (eds.) CP 1998. LNCS, vol.\u00a01520, pp. 355\u2013369. Springer, Heidelberg (1998)"},{"issue":"2","key":"6_CR23","doi-asserted-by":"crossref","first-page":"38","DOI":"10.1109\/2.485845","volume":"29","author":"R.S. Sandhu","year":"1996","unstructured":"Sandhu, R.S., Coyne, E.J., Feinstein, H.L., Youman, C.E.: Role-based access control models. IEEE Computer\u00a029(2), 38\u201347 (1996)","journal-title":"IEEE Computer"},{"key":"6_CR24","doi-asserted-by":"crossref","unstructured":"Smith, S.W., Spafford, E.H.: Grand challenges in information security: Process and output. IEEE Security and Privacy, 69\u201371 (January 2004)","DOI":"10.1109\/MSECP.2004.1264859"},{"key":"6_CR25","unstructured":"TRUSTe.org: An independent, nonprofit enabling trust based on privacy for personal information on the internet, available at \n \n http:\/\/www.truste.org\/"},{"key":"6_CR26","unstructured":"Tschantz, M.C., Krishnamurthi, S.: Towards reasonability properties for access-control policy languages with extended xacml analysis. Tech. Report CS-06-04, CS, Brown University, available at \n \n http:\/\/www.cs.brown.edu\/publications\/techreports\/reports\/CS-06-04.html"},{"key":"6_CR27","unstructured":"United State Department of Health: Health insurance portability and accountability act of 1996, available at \n \n http:\/\/www.hhs.gov\/ocr\/hipaa\/"},{"key":"6_CR28","unstructured":"U.S. Senate Committee on Banking, Housing, and Urban Affairs: Information regarding the gramm-leach-bliley act of 1999, available at \n \n http:\/\/banking.senate.gov\/conf\/"},{"key":"6_CR29","unstructured":"W3C: Platform for privacy preferences (p3p) project, available at \n \n http:\/\/www.w3.org\/P3P"}],"container-title":["Lecture Notes in Computer Science","Computer Security \u2013 ESORICS 2007"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-74835-9_6","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,6,2]],"date-time":"2019-06-02T20:10:27Z","timestamp":1559506227000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-74835-9_6"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2007]]},"ISBN":["9783540748342","9783540748359"],"references-count":29,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-74835-9_6","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2007]]}}}