Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Compliance Management for Federated Data Processing

Natallia Kokash, Adam Belloum, Paola Grosso

TL;DR

A framework for compliance-aware FDP that integrates policy-as-code, workflow orchestration, and large language model-assisted compliance management is presented and it is shown how legal and organizational requirements can be collected and translated into machine-actionable policies in FDP networks.

Abstract

Federated data processing (FDP) offers a promising approach for enabling collaborative analysis of sensitive data without centralizing raw datasets. However, real-world adoption remains limited due to the complexity of managing heterogeneous access policies, regulatory requirements, and long-running workflows across organizational boundaries. In this paper, we present a framework for compliance-aware FDP that integrates policy-as-code, workflow orchestration, and large language model (LLM)-assisted compliance management. Through the implemented prototype, we show how legal and organizational requirements can be collected and translated into machine-actionable policies in FDP networks.

Compliance Management for Federated Data Processing

TL;DR

A framework for compliance-aware FDP that integrates policy-as-code, workflow orchestration, and large language model-assisted compliance management is presented and it is shown how legal and organizational requirements can be collected and translated into machine-actionable policies in FDP networks.

Abstract

Federated data processing (FDP) offers a promising approach for enabling collaborative analysis of sensitive data without centralizing raw datasets. However, real-world adoption remains limited due to the complexity of managing heterogeneous access policies, regulatory requirements, and long-running workflows across organizational boundaries. In this paper, we present a framework for compliance-aware FDP that integrates policy-as-code, workflow orchestration, and large language model (LLM)-assisted compliance management. Through the implemented prototype, we show how legal and organizational requirements can be collected and translated into machine-actionable policies in FDP networks.
Paper Structure (19 sections, 11 equations, 6 figures, 7 tables)

This paper contains 19 sections, 11 equations, 6 figures, 7 tables.

Table of Contents

  1. Introduction
  2. Brane FDP Networks
  3. Running Scenario
  4. Implications for Software Infrastructure Requirements
  5. Overview of the FDP framework
  6. Management Portal and Project Setup
  7. LLM-assisted Policy Authoring
  8. Implementation
  9. Workflow specification and policy checkers
  10. From Regulatory to System Requirements
  11. Runtime Access Control Policies
  12. Spatio-Temporal Purpose-Aware RBAC Graph
  13. Discussion
  14. Related Work
  15. Compliance Challenges in Federated Platforms
  16. ...and 4 more sections

Figures (6)

  • Figure 1: Brane FDP network
  • Figure 2: Preserving data privacy through the processing cycle
  • Figure 3: Data-privacy protection via policy management in Brane-centered FDP
  • Figure 4: Dynamic FDP setup
  • Figure 5: BraneHub, a Web application to manage federated projects
  • ...and 1 more figures

Theorems & Definitions (5)

  • Definition 1: Region Compatibility
  • Definition 2: Purpose Limitation
  • Definition 3: Data Minimisation
  • Definition 4: Spatio-Temporal Purpose-Aware Authorization
  • Definition 5: Spatio-Temporal Privacy Compliance