Collaborative research organized by engineers at IBM's Zurich Research Laboratory has led to the publication of an Enterprise Privacy Authorization Language (EPAL) specification. EPAL is "a formal language to specify fine-grained enterprise privacy policies. It concentrates on the core privacy authorization while abstracting from all deployment details such as data model or user-authentication." The IBM EPAL Working Group seeks to "develop a interoperability language for the representation of data handling policies and practices within and between privacy-enabled enterprise tools, which serve to (1) enable organizations to be demonstrably compliant with their stated policies; (2) reduce overhead and the cost of configuring and enforcing data handling policies; and (3) leverage existing standards and technologies. EPAL should provide the ability to encode an enterprise's privacy-related data-handling policies and practices and [constitute] a language that can be imported and enforced by a privacy-enforcement systems. An EPAL policy defines lists of hierarchies of data-categories, data-users, and purposes, and sets of (privacy) actions, obligations, and conditions. Data-users are the entities (users/groups) that use collected data (e.g., travel expense department or tax auditor). Data-categories define different categories of collected data that are handled differently from a privacy perspective (e.g., medical-record vs. contact-data). EPAL 'purposes' model the intended service for which data is used (e.g., processing a travel expense reimbursement or auditing purposes)." Day Three of an upcoming W3C P3P and Enterprise Privacy Policy Workshop 2003 "will explore various industry use case scenarios and regulatory templates for EPAL policies and enforcement scenarios."

EPAL Bibliographic Information

EPAL Version 1.74. Enterprise Privacy Authorization Language (EPAL). Edited by Matthias Schunter (IBM Zurich Research Laboratory, Switzerland). IBM Research Report. Date: 2003/05/05. Approximately 70 pages. Latest public version URL: http://www.zurich.ibm.com/security/enterprise-privacy/epal. Authors: Paul Ashley (IBM Tivoli Software), Satoshi Hada (IBM Research), Günter Karjoth (IBM Research), Calvin Powers (IBM Tivoli Software, USA), Matthias Schunter (IBM Research). Appendix 7 provides the complete XML Schema for EPAL.

Relationship of EPAL to Other Specifications

Appendix 6 of the [version 1.74] EPAL specification provides a "Technological Context of EPAL" with reference to W3C's P3P, CPExchange, and XACML. Excerpts:

1. A P3P policy may contain the purposes, the recipients, the retention period, and a textual explanation of why this data is needed. P3P defines standardized categories for each kind of information included in a policy. Unlike P3P, EPAL defines the privacy-practices that are implemented inside an enterprise. Since this depends on internal details of the enterprise, it results in much more detailed policies that can be enforced and audited automatically. However, the resulting privacy guarantees can sometimes be simplified as a P3P promise that is offered for the users of the services...

2. The Customer Profile Exchange Specification defines a data format for disclosing customer data from one party (customer/enterprise) to another... The main focus of CPExchange lies in standardizing the data exchange format. The privacy meta-information is less expressive than EPAL. Consequently, data disclosed using CPExchange may be controlled with EPAL policies instead of using their privacy meta-data.

3. XACML is a general purpose and extensible access control language. Access control is a tool to define and later decide whether a user U is allowed to perform an action A on an object O. XACML lacks the privacy-specific notion of purposes. Unlike XACML, EPAL has an explicit notion of purposes and a syntax that simplifies the formalization of privacy policies..." Note 2005-01: With the publication of XACML Version 2.0, there is a new Privacy Profile of XACML. See also "The Relationship Between XACML and P3P Privacy Policies."