Privacy enhancements for flexible access control policies
Policies for access control systems enable the decoupling of the control of data and resource access from the business logic. In addition to the resulting flexibility, another advantage is that these policies can be created and maintained by domain experts without specific IT expertise. These policies typically define who has what permission to which resources. In addition to authorization, such policies can also define how users are authenticated. This can involve using existing systems such as eIDAS or enterprise systems, as well as newer models like self-sovereign identity (SSI).
One challenge in designing access control systems is preserving the privacy of users. To evaluate an access request against a policy, users often have to provide various (often personally identifiable) data. When these data are stored in digital documents, more data is often transmitted than necessary. To address this challenge, privacy-preserving technologies can be used. However, integrating these technologies into access control systems, especially existing ones, is often not straightforward.
Therefore, the goal of this project is to research the integration of privacy-preserving technologies into a policy system to further enhance user privacy.