The importance of the exchange of Electronic Health Records (EHRs) between hospitals has been recognized by governments and institutions. Due to the sensitivity of data exchanged, only mature standards and implementations can be chosen to operate. This exchange process is of course under the control of the patient, who decides who has the rights to access her personal healthcare data and who ha...

We introduce refinement checking for privacy policies expressed in P3P and XACML. Our method involves a translation of privacy policies to a set of process specifications in CSP, which describe how the privacy policy is enforced. The technique is described through an example involving medical data collected by a biobank.

We propose in this paper a policies similarity approach which is performed in three steps. The first step is concerned with the formalization of a XACML policy as a term in a boolean algebra while taking into account the policy and rule combining algorithms. This formalization is based on Security Policy Language (SePL) which was proposed in a previous work. In the second step, the SePL term is...

One of the most important features of XML-based Web services is that they can be easily accessed over the Internet, but this makes them vulnerable to a series of security threats. What makes security for web services so challenging is their distributed and heterogeneous nature. Access control policy specification for controlling access to Web services is then becoming an emergent research area ...

Internationally, the need for federated Identity & Access Management continues to grow, as it allows users to get Single Sign-On access to external resources (a.k.a. Service Providers) using their home account and some attributes that are being released securely by their home organization (a.k.a. Identity Providers). In other words, it solves the problem of service providers needing to create a...

In distributed computer systems, it is possible that the evaluation of an authorization policy may suffer unexpected failures, perhaps because a sub-policy cannot be evaluated or a sub-policy cannot be retrieved from some remote repository. Ideally, policy evaluation should be resilient to such failures and, at the very least, fail “gracefully” if no decision can be computed. We define syntax a...

The paper provides details of a home-networking architecture based on an enhanced residential gateway. Initially the need for mechanisms allowing user-dependent network behavior is described and afterwards details of an initial implementation are provided in terms of architectural description, enabling technical components and interaction. Keywordshome network, residential gateway, personalizat...