Legal compliance support with an ontology-based information system

The Internet and Information Systems evolution have dramatically increased the amount of information hold by governments and companies. This information can be very sensitive, specially regarding personal data, so governments and industries promote acts and guidelines in order to ensure privacy and data security. Thus, companies have to consider legal and Information Technology (IT) compliance. Nevertheless, compliance assessment is still a manual task performed by experts, but steps towards an automated compliance assessment, both in IT and legal, are in progress. In this paper we introduce the Neurona framework, a software application based on legal and security ontologies that aims at providing organizations with legal compliance support

Automatic Compliance of Privacy Policies in Federated Digital Identity Management

Privacy in the digital world is an important problem which is becoming even more pressing as new collaborative applications are developed. The lack of privacy preserving mechanisms is particularly problematic in federated identity management contexts. In such a context, users can seamlessly interact with a variety of federated web services, through theuse of single-sign-on mechanisms and the capability of sharing personal data among these web services. We argue that comprehensive privacy policies should be stated by federated service providers and proactively checked by these providers, before disclosing users’ data to federated partners. To address such requirements, we introduce mechanisms and algorithms for policy compliance checking between federated service providers, based on an innovative policy subsumption approach. We formally introduce and analyze our approach

Um modelo para extração de perfil de especialista aplicado às ferramentas de expertise location e apoio à Gestão do Conhecimento

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico, Programa de Pós-Graduação em Engenharia e Gestão do Conhecimento, Florianópolis, 2016.As ferramentas de Expertise Location podem ser utilizadas amplamente na Gestão do Conhecimento para apoiar a identificação e o compartilhamento do conhecimento. Porém, manter os dados dos colaboradores de uma organização atualizados nessas ferramentas pode ser desafiador. Muitas vezes, os colaboradores precisam preencher as mesmas informações em diversos sistemas. Como uma abordagem alternativa para simplificar esse processo de atualização dos dados, este trabalho propõe um modelo para a extração automática de perfis de especialistas a partir de seus documentos não estruturados. Assim, realizou-se uma pesquisa aplicada e exploratória com base em uma revisão integrativa da literatura, a qual resultou na identificação das abordagens atuais para a extração de perfil de especialista que permitisse a construção desse modelo. A partir dessas abordagens, foram elaborados um modelo conceitual e um protótipo baseados em Processamento de Linguagem Natural para a tarefa de extração de informações de perfil de especialistas que possam fornecer insumos para a identificação de seus conhecimentos e de suas áreas de interesse. A implementação do protótipo resultou também em uma ferramenta de código aberto. Tal ferramenta é disponibilizada em um site público, em conjunto com o seu código-fonte, e gera uma página de perfil com o uso de componentes de tag cloud e timeline. Com o intuito de verificar a viabilidade do modelo proposto, a partir de documentos de voluntários, foram executados testes comparando os perfis gerados pela ferramenta com os perfis presentes na rede social LinkedIn. Os resultados dos testes demonstraram que o modelo proposto pode representar uma alternativa viável para a geração de perfis de especialistas de forma automática com o objetivo de apoiar as ferramentas de Expertise Location em uma organização. Consequentemente, a adoção desse modelo pode reduzir a necessidade de atualizações constantes dos perfis de especialistas de forma manual.Abstract : The Expertise Location Tools can be widely used in Knowledge Management in order to support the identification and sharing of the knowledge. However, to keep the data of the employees of an organization updated in those tools can be challenging. From time to time, employees need to fill out the same data in different systems. As an alternative approach to simplify this process of updating the data, this paper proposes a model for the automatic extraction of expert profiles from their own non-structural documents. Thus, an applied and exploratory research based on an integrative literature review was carried out, resulting in the identification of the current approaches to the extraction of an expert profile that could allow the construction of this model. From these approaches were elaborated a conceptual model and a prototype based on Natural Language Processing for the task of extraction of information from expert profiles that could provide inputs to the identification of their expertise and their areas of interest. The prototype implementation has also resulted in an open source tool. This tool is available on a public website together with its source code and it generates a profile page using the tag cloud and timeline components. In order to verify the feasibility of the proposed model, tests from documents of volunteers were performed comparing the profiles generated by the tool with those profiles on LinkedIn social network. The test results demonstrated that the proposed model can represent a viable alternative to the generation of automatically expert profiles in order to support Expertise Location tools in an organization. Consequently, the adoption of this model can reduce the need for constant updates of the expert profiles

Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management

Digital identity is defined as the digital representation of the information known about a specific individual or organization. An emerging approach for protecting identities of individuals while at the same time enhancing user convenience is to focus on inter-organization management of identity information. This is referred to as federated identity management. In this paper we develop an approach to support privacy controlled sharing of identity attributes and harmonization of privacy policies in federated environments. Policy harmonizations mechanisms make it possible to determine whether or not the transfer of identity attributes from one entity to another violate the privacy policies stated by the former. We also provide mechanisms for tracing the release of user’s identity attributes within the federation. Such approach entails a form of accountability since an entity non-compliant with the users original privacy preferences can be identified. Finally, a comprehensive security analysis details security properties is also offered

Traceable and Automatic Compliance of Privacy Policies in Federated Digital Identity Management

Digital identity is defined as the digital representation of the information known about a specific individual or organization. An emerging approach for protecting identities of individuals while at the same time enhancing user convenience is to focus on inter-organization management of identity information. This is referred to as federated identity management. In this paper we develop an approach to support privacy controlled sharing of identity attributes and harmonization of privacy policies in federated environments. Policy harmonizations mechanisms make it possible to determine whether or not the transfer of identity attributes from one entity to another violate the privacy policies stated by the former. We also provide mechanisms for tracing the release of user’s identity attributes within the federation. Such approach entails a form of accountability since an entity non-compliant with the users original privacy preferences can be identified. Finally, a comprehensive security analysis details security properties is also offered.