CNL4DSA Sample Clauses

CNL4DSA. In order to be able to express e-DSA rules in a processable but, at the same time, human readable way, work in [23] has introduced a controlled natural language for electronic DSA, named CNL4DSA. The CNL4DSA language has been thought to express Authorizations, Prohi- bitions, and Obligations policies referring to data and involving parties specified in the e-DSA. It expresses the rules in a way that is pretty understandable by humans, and, at the same time, it allows to derive a formal specification of the rules, that is the input for automatic analyzers. Rules (and set of rules, i.e., policies) are expressed in terms of subject, object (or resource), action, and environment. Notices that these concepts are inline with those shown in Figure 2: Subject, File, Operation, and Context (resp.). Similarly, the eXtensible Access Control Markup Language (XACML), the well known, de facto, standard for access control [27], relies on similar assumptions. We take advantage of this alignment to be able to enforce CNL clauses (in par- ticular, SDPL originated clauses) using XACML. Hence, we consider a e-DSA policy as a set of rules that are evaluated, for each access request, to decide whether a given subject is allowed to perform a given action on a given resource, in a given environment. The features of the four elements, i.e., subjects, ob- jects, actions, and environment, are expressed through attributes in XACML. Although, the enforcement of metamodel based policies would be probably dif- ferent in other settings. For each element, a (not exhaustive) list of attributes follows, especially re- ferring to a health care scenario. – IDs express unique identifiers of the subject, e.g., “abcde123”.