An Ontology-Based Approach for Managing and Maintaining Privacy in Information Systems

The use of ontologies in the fields of information retrieval and semantic web is well-known. Since long time researcher are trying to find ontological representations of the diverse laws to have a mechanism to retrieve fine granular legal information about diverse legal cases. However, one of the common problems software systems are faced with in constitutional states is the adapting of the diverse privacy directives. This is a very complex task due to lacks in current software solutions – especially from the architectural point of view. In fact, we miss software solutions that manage privacy directives in a central instance in a structured manner. Even more, such a solution should provide a fine granular access control mechanism on the data entities to ensure that every aspect of the privacy directives can be reflected. Moreover, the whole system should be transparent, comprehensible, and modifiable at runtime. This paper provides a novel solution for this by means of ontologies. The usage of ontologies in our approach differs from the conventional form in focusing on generating access control policies which are adapted from our software framework to provide fine granular access on the diverse data sources