Overview
Topic status: We're looking for students to study this topic.
This project will investigate how authorisation policy languages such as XACML can be used to automatically enforce privacy constraints over usage and dissemination of personal information in federated systems based on Web services standards. To comply with privacy legislation, organizations that collect personal information must ensure that subsequent uses and disclosures of the information are consistent with the purpose notified to the individual when the information was collected. Since the amount of personal information that is stored, processed and shared electronically is rapidly increasing, the task of ensuring that data is handled in a manner consistent with the disclosed purpose is becoming ever more difficult. In order to automate this process, systems need to be developed to tag personal information with privacy relevant metadata (disclosed purpose of collection, retention period etc.) so that access control systems can evaluate requests to determine whether they are consistent with privacy constraints. This project will also investigate methods for determining the likely purpose of a user who is requesting access to personal information based on contextual information such as job function, past access patterns, workflow progress etc.
- Study level
- Honours
- Supervisors
- QUT
- Organisational unit
Science and Engineering Faculty
- Research area
- Contact
-
Please contact the supervisor.
