Enterprise Privacy Authorization Language (EPAL 1.2). W3C Member Submission 10-November-2003. Submitted: 10-November-2003. Authors: Paul Ashley (IBM Tivoli Software), Satoshi Hada (IBM Research), G|nter Karjoth (IBM Research), Calvin Powers (IBM Tivoli Software), Matthias Schunter (IBM Research). Edited by Calvin Powers (IBM Tivoli Software) and Matthias Schunter (IBM Research). Business Contact: Steve Adler (IBM Tivoli Software). Version URL: http://www.w3.org/Submission/2003/SUBM-EPAL-20031110/. Latest version URL: http://www.w3.org/Submission/EPAL/. Previous version: EPAL 1.0 published as IBM Research Report RZ 3485 (#93951), 03/03/2003.
"This document formally describes EPAL, including concepts, syntax, and semantics. To help readers understand the structure and capabilities of the language, it is presented in several forms. First, a brief overview of the language is given in Section 2 in textual form, explaining the major structures of the language and how they fit together. Secondly, the detailed syntax of the language will be specified in Sections 3 and 4 by parts of the EPAL schema along with some examples of EPAL. Thirdly, the semantics of an EPAL policy is described in Section 5. Data-types that are re-used in multiple places are defined in Section 6. The formal definition of the EPAL syntax is given by the XML Schema for EPAL as an appendix..."
- 1. Introduction
- 2 EPAL Overview and Example
- 2.1 Example of EPAL in Use
- 2.2 UML Overview on the EPAL Syntax
- 2.3 XML Schema of EPAL
- 3. EPAL Vocabularies
- 4. EPAL Policies
- 5. Privacy Authorization - Semantics of an EPAL Policy
- 6. EPAL Data Types
- Appendix 1. References (Normative)
- Appendix 2. References (Non-Normative)
- Appendix 3. Example Authorization Interface
- Appendix 4. Glossary
- Appendix 5: EPAL Functions and Predicates
- Appendix 6. Technological Context of EPAL
- Appendix 7. Complete XML Schema for EPAL
EPAL Specification Abstract
"The Enterprise Privacy Authorization Language (EPAL) technical specification is a formal language for writing enterprise privacy policies to govern data handling practices in IT systems according to fine-grained positive and negative authorization rights. It concentrates on the core privacy authorization while abstracting data models and user-authentication from all deployment details such as data model or user-authentication.
An EPAL policy defines lists of hierarchies of data-categories, user-categories, and purposes, and sets of (privacy) actions, obligations, and conditions. user-categories are the entities (users/groups) that use collected data (e.g., travel expense department or tax auditor). Data-categories define different categories of collected data that are handled differently from a privacy perspective (e.g., medical-record vs. contact-data). Purposes model the intended service for which data is used (e.g., processing a travel expense reimbursement or auditing purposes).
Actions model how the data is used (e.g.,, disclose vs. read). Obligations define actions that must be taken by the environment of EPAL (e.g.,, delete after 30 days or get consent). Conditions are Boolean expressions that evaluate the context (e.g., 'the user-category must be an adult' or 'the user-category must be the primary care physician of the data-subject').
These elements are then used to formulate privacy authorization rules that allow or deny actions on data-categories by user-categories for certain purposes under certain conditions while mandating certain obligations. In order to allow for general rules and exceptions, EPAL rules are sorted by descending precedence. E.g.,, a rule about a particular employee can be inserted before the rule about the department in order to implement an exception..." [v1.2 spec]
From the W3C Team Comment on the EPAL Submission
EPAL is designed to expand on the capability of P3P by adding privacy-related access control and authorization in the enterprise context. At the same time, EPAL is a new challenge in the area of privacy enhanced technologies. While P3P was designed to be interoperable across the Web, EPAL is more focused on the intra-enterprise world. If data has to travel over the edges of an enterprise, challenges on matching and mixing vocabularies from two different enterprises appear. Nevertheless, EPAL remains close to P3P. The separation of policy and rules also exists in P3P and its rule-language APPEL. The consent-choices present in EPAL are also under consideration for P3P Version 1.1.
Unlike P3P, the binding between policy and resource is not defined by a Policy Reference File. The fact that a certain data item falls into a certain data category triggers a certain rule. But it is not defined which data falls into a certain data category. This reflects the absence of a consistent system of unique resource identifiers inside a company where data can be stored on a Web-server (with URI) or simply in a SQL database (without URI). The absence of clear identifiers gives some flexibility but affects the semantics of such statements. In fact, the data stored must contain a reference to its data category to be useful. This is reflected by the paradigm of sticky policies described in the introduction. As such archiving can vary depending on the data archiving tools, this is not easy to define. Interoperability might require that the type of identifier used to make the policy stick with the data must be defined by EPAL. [see the complete text of the Team Comment]
IBM IPR Declaration
[In part:] "In the event that this submission, or portions thereof, are included in the W3C Recommendation on an Enterprise Privacy Authorization Language (EPAL), and the Recommendation cannot be practiced without the use of one or more IBM patents, IBM agrees upon written request to grant a nonexclusive, royalty free license, with other reasonable terms and conditions, for patents issued to IBM, which contain claims that are essential to this specification as submitted and for which IBM is able to provide patent licenses, to all entities willing to grant IBM a reciprocal license. IBM expressly disclaims any and all warranties regarding this submission including any warranty that this submission does not violate the rights of others or is fit for a particular purpose..."
About W3C Member Submissions
"The W3C Member Submission process allows Members to propose technology or other ideas for consideration by the Team. After review, the Team may publish the material at the W3C Web site. The formal process affords Members a record of their contribution and gives them a mechanism for disclosing the details of the transaction with the Team (including IPR claims). The Team also publishes review comments on the Submitted materials for W3C Members, the public, and the media...
The acknowledgment of a Submission request does not imply that any action will be taken by W3C. It does not imply an endorsement by W3C, including the W3C Team, any of the Members, or any of the Host Institutes. It merely records publicly that the Submission request has been made by the submitting Member. The specification may not be referred to as "work in process" of the W3C... The reader's attention is drawn to the statement of intellectual property that accompanies each Submission request as there is no implication of any openness or release of proprietary rights in any submitted technology..." [from the Index of Acknowledged Member Submissions to W3C]
- Enterprise Privacy Authorization Language (EPAL 1.2) W3C Member Submission 10-November-2003.
- EPAL XML Schema. Defines the structure of EPAL privacy policies.
- EPAL Submission Request
- Team Comment on the EPAL Submission. By Rigo Wenning, (W3C Privacy Activity Lead)
- IBM contact: Steven Adler or Arnaud Le Hors.
- Acknowledged Member Submissions to W3C
- Earlier EPAL news:
- "IBM Releases Updated Enterprise Privacy Authorization Language (EPAL) Specification." News story 2003-07-09.
- "IBM's Enterprise Privacy Authorization Language (EPAL)." News story 2003-05-09.
- See also W3C P3P:
- W3C Platform for Privacy Preferences (P3P) Project
- W3C Privacy Activity Statement
- Mail Archives for W3C list 'email@example.com'. For general privacy discussions and announcements concerning P3P.
- W3C Workshop on the Long Term Future of P3P and Enterprise Privacy Languages. Kiel (Schleswig-Holstein, Germany), June 19-20, 2003. See also the submitted position papers and Minutes of the P3P 2.0 Workshop.
- The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation 16-April-2002.
- "A P3P Preference Exchange Language 1.0 (APPEL1.0)." W3C Working Draft 15-April-2002.
- "Enterprise Privacy Authorization Language (EPAL)" - Main reference page.