On Usage Control in Relational Database Management Systems Obligations and Their Enforcement in Joining Datasets

When datasets are collected and accessed legitimately, they must still be used appropriately according to policies, guidelines, rules, laws, and/or the (current) preferences of data subjects. Any inconsistency between the data collection and data usage processes can conflict with many principles of privacy like the transparency principle, no secondary use principle, or intended purpose usage principle. In this contribution we show how the usage control for the inner join operation in vertically separated relational datasets can be characterized as pre and post obligations of the Usage Control (UCON) model. This type of obligations is defined not only by the state of the UCON object (i.e., a dataset) itself, but also with respect to the state of another dataset. Such dependency on two datasets/objects provides a new insight in UCON obligation constructs when applied to the join operation. We describe also a mechanism to realize the identified obligation in a database management system and present an example realization of the proposed mechanism. Furthermore, we enlist a number of methods to determine whether two given datasets can be joined.