Policy-Based Data Downgrading: Toward a Semantic Framework and Automated Tools to Balance Need-to-Protect and Need-to-Share Policies
The authors describe a new paradigm for articulating need-to-protect and need-to-share policies that shows promise for enabling automated derivation of the downgrading rule-sets needed to comply with these policies in systems that share data. This new paradigm is based on fine-grained semantic policy specifications in terms of context, content, Purpose, and Anti-purpose that are expressed in a machine-understandable language. Their approach is based on an existing reasoning capability that can handle simple downgrading cases. Extensions to handle more complex cases are discussed. Although not yet a complete, turnkey solution to the overall data sharing and privacy problem, they posit that their approach provides an auspicious research vector for future work towards achieving that goal.