Policy Decision Point (PDP),
Contract validation,
XACML,
EU Data Protection Directive (EU DPD),
authorisation systems,
Policy Enforcement Point (PEP)
The emerging new EU data protection regulation requires that regardless of the location of the data centers a cloud service provider will have to comply with the EU data protection regulation if it provides services to EU citizens. Handling personal data in a legally compliant way is a very important factor for ensuring the trustworthiness of a cloud service provider. In this paper we present a software component called Contract Valida-tion Service (ConVS) that validates digital contracts and helps to automate contract-based access to personal data. The paper then shows how an authorisation system can use the ConVS to auto-mate legally compliant authorisation decisions from XACML formatted EU Data Protection Derivative rules. Such automation in determining contract-based access decisions offers the potential to significantly reduce the effort of ensuring legal compliance of the cloud service providers.
Authorising contract based access to personal data in the cloud.