🤖 AI Summary
Policy-Based Access Control (PBAC) faces significant challenges in unified modeling and dynamic compliance assessment across multiple regulatory frameworks (e.g., GDPR, HIPAA, CCPA). Method: This paper proposes a semantic rule framework grounded in RDF/SPARQL, featuring an extensible compliance metamodel and domain ontology to enable structured representation of cross-regulatory provisions, context-aware policy reasoning, and automated compliance alignment. It integrates Semantic Web technologies—including RDF knowledge representation, SPARQL querying, and SWRL rule-based inference—with a lightweight reasoning engine to support formal policy specification, real-time enforcement, continuous monitoring, sensitive data discovery, and quantitative risk assessment. Contribution/Results: Experimental evaluation demonstrates that the framework substantially improves accuracy, interpretability, and maintainability of compliance assessments in multi-framework coordination scenarios, while enabling scalable, semantically rigorous, and operationally actionable governance.
📝 Abstract
Motivated by the challenges of implementing policy-based data access control (PBAC) under multiple simultaneously applicable compliance frameworks, we present Parajudica, an open, modular, and extensible RDF/SPARQL-based rule system for evaluating context-dependent data compliance status. We demonstrate the utility of this resource and accompanying metamodel through application to existing legal frameworks and industry standards, offering insights for comparative framework analysis. Applications include compliance policy enforcement, compliance monitoring, data discovery, and risk assessment.