Enterprise Privacy Authorization Language
Enterprise Privacy Authorization Language, in short: EPAL is a technical term from the field of information security. He describes an XML-based description language for business. It allows company-specific privacy policy ( English: privacy policies ) to be transmitted in a machine-readable rules. The focus is on personal data.
EPAL is understood as a further development of P3P. The fundamentally new aspect is the idea to formulate access rules enterprise centrally.
Details
With EPAL is an IBM-developed " general language for describing data protection rules" available, from products such as application programs to enforce: can be evaluated (english enforcement ) of the rules. The mechanisms of classical Zugriffssteuerungensmodelle ( as RBAC) has been extended: Now access rules can also be formulated from a description of the intended use of the data retained.
An EPAL user uses for its rules vocabulary: It defines elements that are based on the natural language expression of access rules. These are the affected users (or groups), the data categories, the actions to be undertaken, the intended use of the data, conditions of access ( for example, must be over 18 years old) and limitations of the data management ( delete after about 90 days ). These elements are combined into a rule that either allowed or denied access.
Example
The following rule specifies that a radiologist can see the X-ray data for diagnostic purposes by permission of the chief doctor and the patient, but which are not kept longer than five years.