Authorising contract based access to personal data in the cloud

Kaniz Fatema, Dave Lewis, Declan O'Sullivan, John P. Morrison, Abdullah-Al Mazed

    Research output: Chapter in Book/Published conference outputConference publication

    Abstract

    The emerging new EU data protection regulation requires that regardless of the location of the data centers a cloud service provider will have to comply with the EU data protection regulation if it provides services to EU citizens. Handling personal data in a legally compliant way is a very important factor for ensuring the trustworthiness of a cloud service provider. In this paper we present a software component called Contract Validation Service (ConVS) that validates digital contracts and helps to automate contract-based access to personal data. The paper then shows how an authorisation system can use the ConVS to automate legally compliant authorisation decisions from XACML format-ted EU Data Protection Derivative rules. Such automation in determining contract-based access decisions offers the potential to significantly reduce the effort of ensuring legal compliance of the cloud service providers.
    Original languageEnglish
    Title of host publication2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing (UCC)
    PublisherIEEE
    ISBN (Electronic)978-0-7695-5697-0
    DOIs
    Publication statusPublished - 14 Mar 2016

    Fingerprint

    Dive into the research topics of 'Authorising contract based access to personal data in the cloud'. Together they form a unique fingerprint.

    Cite this