IBM offers privacy language for ID management

IBM has unveiled an open-standard privacy language designed to provide the enterprise with a way to automate the enforcement of...

IBM has unveiled an open-standard privacy language designed to provide the enterprise with a way to automate the enforcement of privacy policies in both applications and systems.

The Enterprise Privacy Authorisation Language (EPAL) is a means to express data-handling policies inside the enterprise, said Paul Fritz, product manager at Tivoli Software and IBM.

EPAL goes one step further than the existing privacy specification called Platform for Privacy Preferences (P3P).

That specification was released by the World Wide Web Consortium (W3C) in April 2002 and was designed to communicate privacy policies from business applications to consumer applications.

"P3P is more concerned about advertising my policy to an individual... it’s not robust enough when used internally between applications inside an enterprise trying to implement a [privacy] policy," he said. "What was lacking was a language that the enterprise could use internally to express its policies."

The need for this type of language stems from the ever-changing rules and regulations associated with privacy issues and from the growing need for organisations to follow strict rules and guidelines when it comes to corporate information.

It also grows out of the need to build enforcement into enterprise applications so companies can automate management tasks.

At one point it was enough for a company to know who had access to specific information, but now those companies need to know more detailed facts such as business motivation behind employees accessing certain information, Fritz added.

EPAL is a way to automate the enforcement of privacy policies and to express those data handling policies.

IBM is also setting the stage to making EPAL legitimate and said it would submit EPAL for standardisation within the next few months.

Allison Taylor writes for



Enjoy the benefits of CW+ membership, learn more and join.

Read more on IT strategy



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:




  • Dissecting the Hack

    In this excerpt from chapter three of Dissecting the Hack: The V3RB0TEN Network, authors Jayson E. Street, Kristin Sims and Brian...

  • Digital Identity Management

    In this excerpt of Digital Identity Management, authors Maryline Laurent and Samia Bousefrane discuss principles of biometrics ...

  • Becoming a Global Chief Security Executive Officer

    In this excerpt of Becoming a Global Chief Security Executive Officer: A How to Guide for Next Generation Security Leaders, ...