@inbook{ca56ce559fec4e5ea17f91ef65fe7ec8,
title = "Authorising Contract Based Access to Personal Data in the Cloud",
abstract = "The emerging new EU data protection regulation requires that regardless of the location of the data centers a cloud service provider will have to comply with the EU data protection regulation if it provides services to EU citizens. Handling personal data in a legally compliant way is a very important factor for ensuring the trustworthiness of a cloud service provider. In this paper we present a software component called Contract Validation Service (ConVS) that validates digital contracts and helps to automate contract-based access to personal data. The paper then shows how an authorisation system can use the ConVS to automate legally compliant authorisation decisions from XACML format-ted EU Data Protection Derivative rules. Such automation in determining contract-based access decisions offers the potential to significantly reduce the effort of ensuring legal compliance of the cloud service providers.",
keywords = "authorisation systems, Contract validation, EU Data Protection Directive (EU DPD), Policy Decision Point (PDP), Policy Enforcement Point (PEP), XACML",
author = "Kaniz Fatema and Dave Lewis and Declan O'Sullivan and Morrison, \{John P.\} and Mazed, \{Abdullah Al\}",
note = "Publisher Copyright: {\textcopyright} 2015 IEEE.; 8th IEEE/ACM International Conference on Utility and Cloud Computing, UCC 2015 ; Conference date: 07-12-2015 Through 10-12-2015",
year = "2015",
doi = "10.1109/UCC.2015.99",
language = "English",
series = "Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015",
publisher = "Institute of Electrical and Electronics Engineers Inc.",
pages = "559--564",
editor = "Omer Rana and Rajkumar Buyya and Ioan Raicu",
booktitle = "Proceedings - 2015 IEEE/ACM 8th International Conference on Utility and Cloud Computing, UCC 2015",
address = "United States",
}