Home  |  IBM Research  |  IBM Switzerland  |  Zurich Research Laboratory

This page is no longer maintained and superseded by an new one. You will be automatically redirected to the new page at http://www.zurich.ibm.com/csc/cryptography/epa.html.

Enterprise Privacy Technologies

Enterprises use privacy statements to promise privacy to customers and to set up their internal policies for dealing with employee and other personal data. The focus of this work is a comprehensive methodology for managing and enforcing these promises throughout an enterprise.

This includes three main elements:

1. An overall architecture for enterprise privacy.
2. A formal language for formalizing privacy policies, together with suitable operations for typical usage.
3. An architecture for privacy enforcement throughout an enterprise.

We will now describe these building blocks in more detail.

The IBM Enterprise Privacy Architecture (EPA)

The IBM Enterprise Privacy Architecture is a methodology for enterprises to provide an enhanced and well-defined level of privacy to their customers. This includes privacy-friendly business processes, privacy-enabling security technology, and enterprise privacy management.

Privacy-friendly business process are derived from ordinary business processes by minimizing the data needed to provide the desired services. It may include switching to equivalent service alternatives that require less personal data. It may also utilize privacy-enabled security technology.

Even with privacy-friendly business processes and security technology, enterprises still collect a certain amount of personal data. In order to protect the privacy of the consumers, a privacy-enabled enterprise will promise fair information practices to its customers. These are stated in a privacy policy and can be formalized using P3P. Enterprise privacy management is a privacy-enabled way to manage the collected data of an enterprise while enforcing the privacy-promises that have been made.

The IBM Enterprise Privacy Authorization Language (EPAL)

One part of our research is a formal language for defining enterprise privacy practices. Enterprises promise a certain level of privacy to its customers using privacy statements or the Platform for Privacy Preferences (P3P). The formal language can then be used to formalize these promises. By automated enforcement of these enterprise-specific privacy practices, enterprises are enabled to comply with the promises made.

A privacy policy describes the privacy practices as well as the opt-in and opt-out choices of an individual. Policies are then associated with all data collected by an enterprise. This "sticky policy paradigm" mandates that policy sticks to the data, travels with it, and can be used to decide how the data can be used. By separating application- and enterprise-dependent deployment information from the actual policies, E-P3P policies can be used and controls the flow and usage of data inside and among enterprises.

The sticky policy paradigm necessitates certain operations on policies in an enterprise, e.g., comparing whether data can be forwarded to a second enterprise that has its own policy. We develop a toolbox of such operations.

A Component Architecture for Enforcing Privacy Policies

Another part of our research is to define an architecture that enforces policies throughout an enterprise. This includes a policy evaluation engine as well as privacy-enabled resource monitors that enforce the policy for a variety of resources.

Publications

1. M. Hondo, T. Nadalin, R. Nagaratnam, M. Kudo, G. Karjoth, B. Pfitzmann, M. Schunter: Position Paper: Privacy Policies as a Component of Policy-enabled Governance; W3C Workshop on Languages for Privacy Policy Negotiation and Semantics-Driven Enforcement, Oct. 2006, http://www.w3.org/2006/07/privacy-ws/.
2. Ch. Vanden Berghe, M. Schunter: Privacy Injector - Automated Privacy Enforcement Through Aspects; Privacy Enhancing Technologies 2006, 99-117.
3. M. Nelson, M. Schunter, M. McCullough, J. Bliss: Trust on Demand -- Enabling Privacy, Security, Transparency, and Accountability in Distributed Systems; 33rd Research Conference on Communication, Information and Internet Policy (TPRC), Sept. 2005, Arlington, USA.
4. M. Backes, M. Duermuth, R. Steinwandt: An Algebra for Composing Enterprise Privacy Policies, 9th European Symposium on Research in Computer Security (ESORICS 2004), LNCS 3193, Springer-Verlag, Berlin 2004, 33-52.
5. M. Backes, M. Duermuth, G. Karjoth: Unification in Privacy Policy Evaluation - Translating EPAL to Prolog. 5th IEEE Intern. Workshop on Policies for Distributed Systems and Networks (POLICY), 2004.
6. M. Backes, W. Bagga, G. Karjoth, M. Schunter: Efficient Comparison of Enterprise Privacy Policies, to appear 19th ACM Symposium on Applied Computing, Special Track "Security", Nicosia, Cyprus, March 2004.
7. M. Backes, B. Pfitzmann, M. Schunter: A Toolkit for Managing Enterprise Privacy Policies, 8th European Symposium on Research in Computer Security (ESORICS 2003), LNCS 2808, Springer-Verlag, Berlin 2003, 162-180. copyright Springer-Verlag, Berling Heidelberg 2003.
   Won Award for Outstanding Research in Privacy Enhancing Technologies 2004.
8. G. Karjoth, M. Schunter, E. Van Herreweghen, M. Waidner: Amending P3P for Clearer Privacy Promises; Trust and Privacy in Digital Business -- TrustBus 03. In 14th Intíl Workshop on Database and Expert Systems Applications (DEXA), IEEE Press, Prague, 2003, 445-449.
9. G. Karjoth, M. Schunter, E. Van Herreweghen: Enterprise Privacy Practices vs. Privacy Promises -- How to Promise What You Can Keep; 4th IEEE International Workshop on Policies for Distributed Systems and Networks (Policy ’03), 2003, 135-146.
10. P. Ashley, M. Schunter: The Platform for Enterprise Privacy Practices, Information Security Solutions Europe (ISSE), Paris, 2002.
11. P. Ashley, M. Schunter, C. Powers: From Privacy Promises to Privacy Management --- A New Approach for Enforcing Privacy Throughout an Enterprise, ACM New Security Paradigms Workshop (NSPW), Virginia Beach VA, 2002.
12. G. Karjoth, M. Schunter: A Privacy Policy Model for Enterprises, 15th IEEE Computer Security Foundations Workshop, Toronto, 2002.
13. G. Karjoth, M. Schunter, M. Waidner: Platform for Enterprise Privacy Practices, Privacy-enhancing Technologies (PET), San Francisco, 2002.
14. G. Karjoth, M. Schunter, M. Waidner: Privacy-enabled Services for Enterprises; Workshop on Trust and Privacy in e-Business (TrustBus), Aix-en-Provence, 2002.
15. G. Karjoth, M. Schunter, M. Waidner: Unternehmensweites Datenschutzmanagement; In "Datenschutz als Wettbewerbsvorteil", Vieweg, 2002.

Cooperations

• IBM IGS Security and Privacy Consulting Practice
• XML Access Control Team at the IBM Tokyo Research Lab.
• IBM Tivoli Privacy Manager Team

Links

• IBM Enterprise Privacy Architecture
• IBM Enterprise Privacy Authorization Language (EPAL) - Specification
• IBM Enterprise Privacy Authorization Language (EPAL) - XML Schema
• ODIS Privacy and Identity Management

Last Change: Jan 2007
$Id: index.html,v 1.9 2003/03/07 15:53:39 mts Exp $

About IBM  |  Privacy  |  Legal  |  Contact