Privacy preservation in a data-sharing computing environment is becoming a challenging problem. A purpose is defined as the intention of data accesses or usages and purpose-based access control (PBAC) has been proposed to extend traditional models for privacy-preserving. However, in existing research, the purpose is often to bind to data by using labeling schemes or building privacy metadata databases separately, which leads to redundancy of data tables and decreasing of query efficiency. Moreover, privacy policies involving purpose lack sufficient semantics. In this paper, we present a semantic model for the role-involved conditional purpose-based access control (RCPBAC) with ontology. Purpose, data, and role are represented by ontology and their relationships are described with object or data properties, which is based on Web Ontology Language (OWL). We use Semantic Web Rule Language (SWRL) to represent privacy policies for reasoning. This model can help data providers to define and share their own information more easily and securely.
展开▼
