Common use of CNL4DSA Clause in Contracts

CNL4DSA. In order to be able to express e-DSA rules in a processable but, at the same time, human readable way, work in [23] has introduced a controlled natural language for electronic DSA, named CNL4DSA. The CNL4DSA language has been thought to express Authorizations, Prohi- bitions, and Obligations policies referring to data and involving parties specified in the e-DSA. It expresses the rules in a way that is pretty understandable by humans, and, at the same time, it allows to derive a formal specification of the rules, that is the input for automatic analyzers. Rules (and set of rules, i.e., policies) are expressed in terms of subject, object (or resource), action, and environment. Notices that these concepts are inline with those shown in Figure 2: Subject, File, Operation, and Context (resp.). Similarly, the eXtensible Access Control Markup Language (XACML), the well known, de facto, standard for access control [27], relies on similar assumptions. We take advantage of this alignment to be able to enforce CNL clauses (in par- ticular, SDPL originated clauses) using XACML. Hence, we consider a e-DSA policy as a set of rules that are evaluated, for each access request, to decide whether a given subject is allowed to perform a given action on a given resource, in a given environment. The features of the four elements, i.e., subjects, ob- jects, actions, and environment, are expressed through attributes in XACML. Although, the enforcement of metamodel based policies would be probably dif- ferent in other settings. For each element, a (not exhaustive) list of attributes follows, especially re- ferring to a health care scenario. – IDs express unique identifiers of the subject, e.g., “abcde123”.

CNL4DSA. In order to be able to express e-DSA rules in a processable but, at the same time, human readable way, work in [23] has introduced a controlled natural language for electronic DSA, named CNL4DSA. The CNL4DSA language has been thought to express Authorizations, Prohi- bitions, and Obligations policies referring to data and involving parties specified specified in the e-DSA. It expresses the rules in a way that is pretty understandable by humans, and, at the same time, it allows to derive a formal specification specification of the rules, that is the input for automatic analyzers. Rules (and set of rules, i.e., policies) are expressed in terms of subject, object (or resource), action, and environment. Notices that these concepts are inline with those shown in Figure Fig. 2: Subject, File, Operation, and Context (resp.). Similarly, the eXtensible Access Control Markup Language (XACML), the well known, de facto, standard for access control [27], relies on similar assumptions. We take advantage of this alignment to be able to enforce CNL clauses (in par- ticularpartic- ular, SDPL originated clauses) using XACML. Hence, we consider a e-DSA policy pol- icy as a set of rules that are evaluated, for each access request, to decide whether a given subject is allowed to perform a given action on a given resource, in a given environment. The features of the four elements, i.e., subjects, ob- jectsobjects, actions, and environment, are expressed through attributes in XACML. Although, the enforcement of metamodel based policies would be probably dif- ferent different in other settings. For each element, a (not exhaustive) list of attributes follows, especially re- ferring refer- ring to a health care scenario. – IDs express unique identifiers identifiers of the subject, e.g., “abcde123”.. – Role specifies the functions and the capabilities of a subject in an orga- nization. According to her role, a subject has different access privileges in a system. For example: general view of the medical history of a patient;