W3C | Submissions

Submission request to W3C (W3C Team Comment)

Enterprise Privacy Authorization Language (EPAL)

Submission Request

We, the W3C member International Business Machines (IBM), Inc. hereby submit to the Consortium the following specification, comprising the following document attached hereto:

  1. Specification of an Enterprise Privacy Authorization Language (EPAL).

  2. The XML Schema of an Enterprise Privacy Authorization Language (EPAL)

which collectively are referred to as "the submission". We request the submission be known as the EPAL submission.


This is the Enterprise Privacy Authorization Language (EPAL) technical specification. EPAL is a formal language for writing enterprise privacy policies to govern data handling practices in IT systems according to fine-grained positive and negative authorization rights. It concentrates on the core privacy authorization while abstracting data models and user-authentication from all deployment details such as data model or user-authentication.

An EPAL policy defines lists of hierarchies of data-categories, user-categories, and purposes, and sets of (privacy) actions, obligations, and conditions. user-categories are the entities (users/groups) that use collected data (e.g., travel expense department or tax auditor). Data-categories define different categories of collected data that are handled differently from a privacy perspective (e.g., medical-record vs. contact-data). Purposes model the intended service for which data is used (e.g., processing a travel expense reimbursement or auditing purposes).

Actions model how the data is used (e.g., disclose vs. read). Obligations define actions that must be taken by the environment of EPAL (e.g., delete after 30 days or get consent). Conditions are Boolean expressions that evaluate the context (e.g., "the user-category must be an adult" or "the user-category must be the primary care physician of the data-subject").

These elements are then used to formulate privacy authorization rules that allow or deny actions on data-categories by user-categories for certain purposes under certain conditions while mandating certain obligations. In order to allow for general rules and exceptions, EPAL rules are sorted by descending precedence. E.g., a rule about a particular employee can be inserted before the rule about the department in order to implement an exception.

Intellectual property rights

In the event that this submission, or portions thereof, are included in the W3C Recommendation on an Enterprise Privacy Authorization Language (EPAL), and the Recommendation cannot be practiced without the use of one or more IBM patents, IBM agrees upon written request to grant a nonexclusive, royalty free license, with other reasonable terms and conditions, for patents issued to IBM, which contain claims that are essential to this specification as submitted and for which IBM is able to provide patent licenses, to all entities willing to grant IBM a reciprocal license.
IBM expressly disclaims any and all warranties regarding this submission including any warranty that this submission does not violate the rights of others or is fit for a particular purpose.

Trade and Service Marks

The following are registered marks refered to in this request or the submission:

IBM is a registered trademark of International Business Machines Corporation.


We hereby grant to the W3C, a perpetual, nonexclusive, royalty-free, world-wide right and license under any of our copyrights in this contribution to copy, publish and distribute the contribution as defined by the W3C Document License (see http://www.w3.org/Consortium/Legal/2002/copyright-documents-20021231)

Suggested action

We suggest that the W3C Consortium publish this document as a note in order to educate the WWW community.

Change control

Change control remains with the original authors.


Inquiries from the public or press about this submission should be directed to Steven Adler <adler1 (at) us.ibm.com>


10 November 2003
Arnaud Le Hors, IBM, lehors@us.ibm.com