关键词：ENCORE;动态同意；策略执行；信息共享；责任；技术架构；隐私；安全性
摘 要：This document is an official, public delivery of the UK collaborative project EnCoRe (Ensuring Consent and Revocation), coordinated by HP Labs. It describes the final EnCoRe Technical Architecture and solutions to support dynamic consent (whereby data subjects provide or amend informed consent - potentially in a fine- grained way - to govern access and use of their confidential and personal data), policy enforcement and controlled information sharing within and across organizational boundaries. It takes into account technical, legal, user and social requirements. This can include business-specific requirements, and education of end users about privacy risks. This work has been led by HP Labs. HP Labs designed and architected a technical solution to: enable end-users (data subjects) to have better control over their data when (and even after) disclosing this to service providers; enable organisations to enforce authorization and obligation policies when accessing, processing and disclosing data; enable the tracking of data whereabouts; support accountable information- sharing across organizations by means of sticky policy mechanisms and transparency (including notification mechanisms) to the data subject. The EnCoRe architecture and approach has been validated in three case studies. HP Labs has also built a reference implementation of the EnCoRe Architecture, referred to as the HPL EnCoRe Service Framework. This is a generic framework that can be easily configured to different business-specific scenarios. It uses state-of-the-art technology to provide the key EnCoRe capabilities by means of composable, secure services. A fully working prototype and a demonstrator are available. The EnCoRe Service Framework is also available for further exploitation opportunities by HP businesses, customers and business partners. We are currently exploring the opportunity to release a core subset of the EnCoRe Service Framework as Open Source software.