The emerging research and application domains of the Internet-of-Things and Big Data, together with socio-technical phenomena such as social networking, as well as mobile phones (equipped with sensors, GPS, etc.) make us – companies, research centres, people in general – all (sometimes unwittingly, possibly unwillingly) producers and consumers of data. A sensitive issue for data providers concerns control over access, sharing, dissemination and use of data. By control, we mean placing limitations on who can access the data, when data can be accessed, how data can be accessed, and so on. We propose means to capture the expression of controls over data and to associate that indivisibly with the data via what we call “policy-carrying data” (PCD). The PCD establishes permissions for what the consumer may do to the data, but also – in a novel addition for such policies – establish what the consumer can/must do subsequently with the data. We formalise PCD and illustrate how it can meet potential stakeholder requirements.
- data access