{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,6,10]],"date-time":"2026-06-10T03:29:20Z","timestamp":1781062160316,"version":"3.54.1"},"reference-count":52,"publisher":"Association for Computing Machinery (ACM)","issue":"1","license":[{"start":{"date-parts":[[2022,11,11]],"date-time":"2022-11-11T00:00:00Z","timestamp":1668124800000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"name":"HODEI-X","award":["KK-2021\/00049"],"award-info":[{"award-number":["KK-2021\/00049"]}]},{"name":"SPRI-Basque Government"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Priv. Secur."],"published-print":{"date-parts":[[2023,2,28]]},"abstract":"<jats:p>Data exchange between organizations is becoming an increasingly significant issue due to the great opportunities it presents. However, there is great reluctance to share if data sovereignty is not provided. Providing it calls for not only access control but also usage control implemented in distributed systems. Access control is a research field where there has been a great deal of work, but usage control, especially implemented in distributed systems as Distributed Usage Control (DUC), is a very new field of research that presents great challenges. Moreover, little is known about what challenges must really be faced and how they must be addressed. This is evidenced by the fact that existing research has focused non-specifically on different features of DUC, which are not formalized. Therefore, the path for the development of DUC solutions is unclear and it is difficult to analyze the scope of data sovereignty attained by the wide range of DUC solutions. In this context, this article is based on an initial in-depth analysis of DUC related work. In it, the challenges posed by DUC in terms of data sovereignty and the features that must be provided to address them are identified and analyzed for the first time. Based on these features, an initial DUC framework is proposed to assess in a practical and unified way the extent to which DUC solutions provide data sovereignty. Finally, the assessment framework is applied to compare the scopes of the most widespread DUC solutions and identify their limitations.<\/jats:p>","DOI":"10.1145\/3561511","type":"journal-article","created":{"date-parts":[[2022,9,9]],"date-time":"2022-09-09T13:31:30Z","timestamp":1662730290000},"page":"1-28","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":5,"title":["Assessment Framework for the Identification and Evaluation of Main Features for Distributed Usage Control Solutions"],"prefix":"10.1145","volume":"26","author":[{"ORCID":"https:\/\/orcid.org\/0000-0002-8988-4986","authenticated-orcid":false,"given":"Gonzalo","family":"Gil","sequence":"first","affiliation":[{"name":"TEKNIKER, Basque Research and Technology Alliance (BRTA), Eibar, Spain"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-9970-4803","authenticated-orcid":false,"given":"Aitor","family":"Arnaiz","sequence":"additional","affiliation":[{"name":"TEKNIKER, Basque Research and Technology Alliance (BRTA), Eibar, Spain"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-8451-556X","authenticated-orcid":false,"given":"Mariv\u00ed","family":"Higuero","sequence":"additional","affiliation":[{"name":"Escuela de Ingenier\u00eda de Bilbao (UPV\/EHU),  Bilbao, Spain"}],"role":[{"vocabulary":"crossref","role":"author"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-3854-7442","authenticated-orcid":false,"given":"Francisco Javier","family":"Diez","sequence":"additional","affiliation":[{"name":"TEKNIKER, Basque Research and Technology Alliance (BRTA), Eibar, Spain"}],"role":[{"vocabulary":"crossref","role":"author"}]}],"member":"320","published-online":{"date-parts":[[2022,11,11]]},"reference":[{"key":"e_1_3_2_2_2","doi-asserted-by":"publisher","DOI":"10.1145\/360303.360333"},{"key":"e_1_3_2_3_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSFW.1992.236780"},{"key":"e_1_3_2_4_2","doi-asserted-by":"publisher","DOI":"10.1007\/3-540-61770-1_28"},{"key":"e_1_3_2_5_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-0-387-34932-9_9"},{"key":"e_1_3_2_6_2","doi-asserted-by":"publisher","DOI":"10.1145\/286884.286893"},{"key":"e_1_3_2_7_2","volume-title":"Proceedings of INFOSECU99 International Conference on Information and SecurityU99","author":"Munawer Qamar","year":"1999","unstructured":"Qamar Munawer and Ravi Sandhu. 1999. Simulation of the augmented typed access matrix model (ATAM) using roles. In Proceedings of INFOSECU99 International Conference on Information and SecurityU99."},{"key":"e_1_3_2_8_2","doi-asserted-by":"publisher","DOI":"10.1145\/354876.354878"},{"key":"e_1_3_2_9_2","doi-asserted-by":"publisher","DOI":"10.1108\/02635570110386625"},{"key":"e_1_3_2_10_2","doi-asserted-by":"publisher","DOI":"10.1145\/507711.507722"},{"key":"e_1_3_2_11_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-45215-7_2"},{"key":"e_1_3_2_12_2","doi-asserted-by":"publisher","DOI":"10.1023\/A:1025711105609"},{"key":"e_1_3_2_13_2","doi-asserted-by":"publisher","DOI":"10.1145\/1066100.1066103"},{"key":"e_1_3_2_14_2","doi-asserted-by":"publisher","DOI":"10.1145\/1030083.1030093"},{"key":"e_1_3_2_15_2","doi-asserted-by":"publisher","DOI":"10.1007\/1-4020-8128-6_2"},{"key":"e_1_3_2_16_2","doi-asserted-by":"publisher","DOI":"10.1145\/984334.984339"},{"key":"e_1_3_2_17_2","doi-asserted-by":"publisher","DOI":"10.1145\/1108906.1108908"},{"key":"e_1_3_2_18_2","doi-asserted-by":"publisher","DOI":"10.1007\/11555827_7"},{"key":"e_1_3_2_19_2","doi-asserted-by":"publisher","DOI":"10.1145\/1145\/1151030.1151053"},{"key":"e_1_3_2_20_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-74835-9_35"},{"key":"e_1_3_2_21_2","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2007-15202"},{"key":"e_1_3_2_22_2","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377856"},{"key":"e_1_3_2_23_2","volume-title":"PrimeLife Policy Language","author":"Ardagna Claudio A.","year":"2009","unstructured":"Claudio A. Ardagna, Laurent Bussard, Sabrina de Capitani Di Vimercati, Gregory Neven, Stefano Paraboschi, Eros Pedrini, Franz-Stefan Preiss, Dave Raggett, Pierangela Samarati, Slim Trabelsi, and Mario Verdicchio. 2009. PrimeLife Policy Language. Retrieved June 15, 2022 from https:\/\/www.w3.org\/2009\/policy-ws\/papers\/Trabelisi.pdf."},{"key":"e_1_3_2_24_2","doi-asserted-by":"publisher","DOI":"10.1016\/j.cosrev.2010.02.002"},{"key":"e_1_3_2_25_2","doi-asserted-by":"publisher","DOI":"10.1109\/MC.2011.225"},{"key":"e_1_3_2_26_2","doi-asserted-by":"publisher","DOI":"10.1109\/POLICY.2011.24"},{"key":"e_1_3_2_27_2","doi-asserted-by":"publisher","DOI":"10.1145\/2462410.2462429"},{"key":"e_1_3_2_28_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2013.17"},{"key":"e_1_3_2_29_2","unstructured":"Organization for the Advancement of Structured Information Standards (OASIS). 2013. eXtensible Access Control Markup Language (XACML) Version 3.0. Retrieved June 15 2022 from http:\/\/docs.oasisopen.org\/xacml\/3.0\/xacml-3.0-core-spec-os-en.pdf."},{"key":"e_1_3_2_30_2","doi-asserted-by":"publisher","DOI":"10.1145\/2557547.2557566"},{"key":"e_1_3_2_31_2","doi-asserted-by":"publisher","DOI":"10.1145\/2613087.2613099"},{"key":"e_1_3_2_32_2","first-page":"211","volume-title":"Proceedings of the Informatik","author":"Jung Christian","year":"2014","unstructured":"Christian Jung, Andreas Eitel, and Reinhard Schwarz. 2014. Enhancing cloud security with context-aware usage control policies. In Proceedings of the Informatik. 211\u2013222."},{"key":"e_1_3_2_33_2","doi-asserted-by":"publisher","DOI":"10.1109\/CSF.2015.9"},{"key":"e_1_3_2_34_2","doi-asserted-by":"publisher","DOI":"10.1109\/TELERISE.2015.9"},{"key":"e_1_3_2_35_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-319-28166-7_20"},{"key":"e_1_3_2_36_2","doi-asserted-by":"publisher","DOI":"10.1109\/Trustcom\/BigDataSE\/ICESS.2017.352"},{"key":"e_1_3_2_37_2","doi-asserted-by":"publisher","DOI":"10.1145\/3183342"},{"key":"e_1_3_2_38_2","doi-asserted-by":"publisher","DOI":"10.2759\/354943"},{"key":"e_1_3_2_39_2","doi-asserted-by":"publisher","DOI":"10.1109\/TrustCom\/BigDataSE.2018.00052"},{"key":"e_1_3_2_40_2","doi-asserted-by":"publisher","DOI":"10.3390\/s18072226"},{"key":"e_1_3_2_41_2","doi-asserted-by":"publisher","DOI":"10.1145\/3209668"},{"key":"e_1_3_2_42_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-12330-7_6"},{"key":"e_1_3_2_43_2","doi-asserted-by":"publisher","DOI":"10.1007\/s12599-019-00614-2"},{"key":"e_1_3_2_44_2","unstructured":"Boris Otto et al. 2019. IDSA Reference Architecture Model. Retrieved June 15 2022 from https:\/\/internationaldataspaces.org\/\/wp-content\/uploads\/IDS-Reference-Architecture-Model-3.0-2019.pdf."},{"key":"e_1_3_2_45_2","doi-asserted-by":"publisher","DOI":"10.5220\/0008936003970405"},{"key":"e_1_3_2_46_2","unstructured":"Gonzalo Gil Aitor Arnaiz and Marivi Higuero. 2019. Theoretical assessment of existing frameworks for data usage control: Strength and limitations with respect to current application scenarios."},{"key":"e_1_3_2_47_2","doi-asserted-by":"publisher","DOI":"10.1145\/3295749"},{"key":"e_1_3_2_48_2","doi-asserted-by":"publisher","DOI":"10.1109\/GIOTS49054.2020.9119565"},{"key":"e_1_3_2_49_2","doi-asserted-by":"publisher","DOI":"10.3390\/su12093885"},{"key":"e_1_3_2_50_2","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-030-62466-8_12"},{"key":"e_1_3_2_51_2","unstructured":"European Commission. 2022. A European Strategy for data | Shaping Europe. Retrieved June 15 2022 from https:\/\/digital-strategy.ec.europa.eu\/en\/policies\/strategy-data."},{"key":"e_1_3_2_52_2","unstructured":"Internet Society. 2022. Concerns Over Privacy and Security Contribute to Consumer. Retrieved June 15 2022 from https:\/\/www.internetsociety.org\/news\/press-releases\/2019\/concerns-over-privacy-and-security-contribute-to-consumer-distrust-in-connected-devices\/."},{"key":"e_1_3_2_53_2","unstructured":"Renato Iannella. 2018. Open Digital Rights Language (ODRL) Version 2.2. Retrieved June 15 2022 from https:\/\/www.w3.org\/TR\/odrl-model\/(visitedon19\/05\/2022)."}],"container-title":["ACM Transactions on Privacy and Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3561511","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3561511","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,17]],"date-time":"2025-06-17T19:00:35Z","timestamp":1750186835000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3561511"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2022,11,11]]},"references-count":52,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2023,2,28]]}},"alternative-id":["10.1145\/3561511"],"URL":"https:\/\/doi.org\/10.1145\/3561511","relation":{},"ISSN":["2471-2566","2471-2574"],"issn-type":[{"value":"2471-2566","type":"print"},{"value":"2471-2574","type":"electronic"}],"subject":[],"published":{"date-parts":[[2022,11,11]]},"assertion":[{"value":"2021-04-28","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-08-17","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2022-11-11","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}