{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:41:49Z","timestamp":1760197309507,"version":"build-2065373602"},"reference-count":25,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2018,4,20]],"date-time":"2018-04-20T00:00:00Z","timestamp":1524182400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Symmetry"],"abstract":"<jats:p>In order to be responsible stewards of other people\u2019s data, cloud providers must be accountable for their data handling practices. The potential long provider chains in cloud computing introduce additional accountability challenges, with many stakeholders involved. Symmetry is very important in any requirements\u2019 elicitation activity, since input from diverse stakeholders needs to be balanced. This article ventures to answer the question \u201cHow can one create an accountable cloud service?\u201d by examining requirements which must be fulfilled to achieve an accountability-based approach, based on interaction with over 300 stakeholders.<\/jats:p>","DOI":"10.3390\/sym10040124","type":"journal-article","created":{"date-parts":[[2018,4,23]],"date-time":"2018-04-23T04:29:17Z","timestamp":1524457757000},"page":"124","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":1,"title":["Accountability Requirements in the Cloud Provider Chain"],"prefix":"10.3390","volume":"10","author":[{"given":"Martin Gilje","family":"Jaatun","sequence":"first","affiliation":[{"name":"Department of Electrical and Computer Engineering, University of Stavanger, NO-4036 Stavanger, Norway"},{"name":"SINTEF Digital, NO-7465 Trondheim, Norway"}]},{"given":"Inger Anne","family":"T\u00f8ndel","sequence":"additional","affiliation":[{"name":"SINTEF Digital, NO-7465 Trondheim, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-2669-0778","authenticated-orcid":false,"given":"Nils Brede","family":"Moe","sequence":"additional","affiliation":[{"name":"SINTEF Digital, NO-7465 Trondheim, Norway"}]},{"given":"Daniela Soares","family":"Cruzes","sequence":"additional","affiliation":[{"name":"SINTEF Digital, NO-7465 Trondheim, Norway"}]},{"ORCID":"https:\/\/orcid.org\/0000-0001-9109-5401","authenticated-orcid":false,"given":"Karin","family":"Bernsmed","sequence":"additional","affiliation":[{"name":"SINTEF Digital, NO-7465 Trondheim, Norway"}]},{"given":"B\u00f8rge","family":"Haugset","sequence":"additional","affiliation":[{"name":"SINTEF Digital, NO-7465 Trondheim, Norway"}]}],"member":"1968","published-online":{"date-parts":[[2018,4,20]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Felici, M., Jaatun, M.G., Kosta, E., and Wainwright, N. (2013). Bringing accountability to the cloud: Addressing emerging threats and legal perspectives. Cyber Security and Privacy, Springer.","DOI":"10.1007\/978-3-642-41205-9_3"},{"key":"ref_2","unstructured":"Jaatun, M.G., Pearson, S., Gittler, F., Leenes, R., and Niezen, M. (2016). Enhancing Accountability in the Cloud. Int. J. Inf. Manag."},{"key":"ref_3","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., T\u00f8ndel, I.A., Moe, N.B., Cruzes, D.S., Bernsmed, K., and Haugset, B. (2017, January 11\u201314). Accountability Requirements for the Cloud. Proceedings of the 2017 IEEE International Conference on Cloud Computing Technology and Science (CloudCom), Hong Kong, China.","DOI":"10.1109\/CloudCom.2017.61"},{"key":"ref_4","first-page":"292","article-title":"NIST cloud computing reference architecture","volume":"500","author":"Liu","year":"2011","journal-title":"NIST Spec. Publ."},{"key":"ref_5","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., Zhao, G., and Rong, C. (2009). A Privacy Manager for Cloud Computing. Cloud Computing, Springer.","DOI":"10.1007\/978-3-642-10665-1"},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"64","DOI":"10.1109\/MIC.2011.98","article-title":"Toward Accountability in the Cloud","volume":"15","author":"Pearson","year":"2011","journal-title":"Int. Comput. IEEE"},{"key":"ref_7","doi-asserted-by":"crossref","first-page":"267","DOI":"10.1007\/s11227-010-0425-z","article-title":"Enhancing privacy in cloud computing via policy-based obfuscation","volume":"61","author":"Mowbray","year":"2012","journal-title":"J. Supercomput."},{"key":"ref_8","unstructured":"Felici, M., Pearson, S., Dziminski, B., Gittler, F., Koulouris, T., Leenes, R., Niezen, M., Nu\u00f1ez, D., Pannetrat, A., and Royer, J.C. (2014). Conceptual Framework, A4Cloud Project. Technical Report D:C-2.1."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Nuseibeh, B., and Easterbrook, S. (2000, January 4\u201311). Requirements engineering: A roadmap. Proceedings of the Conference on the Future of Software Engineering, Limerick, Ireland.","DOI":"10.1145\/336512.336523"},{"key":"ref_10","unstructured":"Gottesdiener, E. (2002). Requirements by Collaboration: Workshops for Defining Needs, Addison-Wesley Professional."},{"key":"ref_11","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., Pearson, S., Gittler, F., and Leenes, R. (2014, January 15\u201318). Towards Strong Accountability for Cloud Service Providers. Proceedings of the 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), Singapore.","DOI":"10.1109\/CloudCom.2014.123"},{"key":"ref_12","unstructured":"Owen, H. (2008). Open Space Technology: A User\u2019s Guide, Berrett-Koehler Publishers."},{"key":"ref_13","unstructured":"(2013, March 11). OpenSpaceWorld.ORG. Available online: http:\/\/openspaceworld.org\/."},{"key":"ref_14","unstructured":"(2013, March 11). World Caf\u00e9. Available online: http:\/\/www.theworldcafe.com\/."},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Morgan, D.L. (1996). Focus groups. Ann. Rev. Soc., 129\u2013152.","DOI":"10.1146\/annurev.soc.22.1.129"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Morgan, D.L. (1996). Focus Groups As Qualitative Research, Sage Publications.","DOI":"10.4135\/9781412984287"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Jaatun, M.G., Cruzes, D.S., Angulo, J., and Fischer-H\u00fcbner, S. (2016). Chapter: Accountability Through Transparency for Cloud Customers. Cloud Computing and Services, Springer International Publishing. Revised Selected Papers.","DOI":"10.1007\/978-3-319-29582-4_3"},{"key":"ref_18","doi-asserted-by":"crossref","first-page":"77","DOI":"10.1007\/978-3-642-55137-6_6","article-title":"How can Cloud Users be Supported in Deciding on, Tracking and Controlling How their Data are Used","volume":"Volume 421","author":"Hansen","year":"2014","journal-title":"Privacy and Identity Management for Emerging Services and Technologies"},{"key":"ref_19","doi-asserted-by":"crossref","unstructured":"Alnemr, R., Pearson, S., Leenes, R., and Mhungu, R. (2014, January 15\u201318). COAT: Cloud Offerings Advisory Tool. Proceedings of the 2014 IEEE 6th International Conference on Cloud Computing Technology and Science (CloudCom), Singapore.","DOI":"10.1109\/CloudCom.2014.100"},{"key":"ref_20","unstructured":"Jaatun, M.G., Cruzes, D.S., Felici, M., Haugset, B., Bernsmed, K., Gago, C.F., Reed, C., and Leenes, R. (2014). Requirements Report, A4Cloud Project. Technical Report D:B-2.4."},{"key":"ref_21","unstructured":"CSA (2011). Security Guidance for Critical Areas of Focus in Cloud Computing v3.0, Cloud Security Alliance. Technical Report."},{"key":"ref_22","doi-asserted-by":"crossref","unstructured":"Grobauer, B., and Schreck, T. (2010, January 8). Towards Incident Handling in the Cloud: Challenges and Approaches. Proceedings of the 2010 ACM Workshop on Cloud Computing Security, Chicago, IL, USA.","DOI":"10.1145\/1866835.1866850"},{"key":"ref_23","doi-asserted-by":"crossref","unstructured":"Cruzes, D.S., and Dyb\u00e5, T. (2011, January 22\u201323). Recommended Steps for Thematic Synthesis in Software Engineering. Proceedings of the 2011 International Symposium on Empirical Software Engineering and Measurement (ESEM), Banff, AB, Canada.","DOI":"10.1109\/ESEM.2011.36"},{"key":"ref_24","unstructured":"European Union (1995). 95\/46\/EC of the European Parliament and of the Council of 24 October 1995 on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data, EU."},{"key":"ref_25","unstructured":"European Union (2012). Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the Protection of Individuals with Regard to the Processing of Personal Data and on the Free Movement of Such Data (General Data Protection Regulation), EU."}],"container-title":["Symmetry"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2073-8994\/10\/4\/124\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T15:01:31Z","timestamp":1760194891000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2073-8994\/10\/4\/124"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,4,20]]},"references-count":25,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2018,4]]}},"alternative-id":["sym10040124"],"URL":"https:\/\/doi.org\/10.3390\/sym10040124","relation":{},"ISSN":["2073-8994"],"issn-type":[{"type":"electronic","value":"2073-8994"}],"subject":[],"published":{"date-parts":[[2018,4,20]]}}}