Edinburgh Napier University

  http://www.google.com/patents/US20140201804 The present disclosure relates to improved information sharing and in particular to formal representations of information sharing policies between organizations. An organization comprises various agents with different roles, which are represented by a form of organizational structure which may for example define a hierarchy of roles. Agents of an organization would normally be individual people although an agent may be a group of people, a software daemon, or a robot for example. Organizations hold various items of information for example relating to activities of the organization. For various reasons it is desirable for organizations to collaborate and share information. However, organizations will generally not wish to share the entire corpus of information that they hold with another organization because of concerns regarding confidentiality, commercial sensitivity or other policy considerations such as data protection and human rights. There is a tension between the need for efficient information sharing on the one hand versus respecting these obligations and restrictions on the other. An example of two organizations that have a need for efficient information sharing but in which there are sensitivities regarding the sharing of information would be a police department and a child protection department of a local city council. There is clearly a need in some cases for the police to have information about children under care so that various criminal investigations can be conducted. However, there is also a need from the perspective of a child protection department to ensure that their clients' confidentiality is maintained and that sensitive information is not given out to members of the police force who are not authorised or permitted to access the information. On the one hand, failure to share information could have serious consequences for the wellbeing of children under care and the protection of society but on the other hand sharing too much information could represent a serious civil abuse of confidentiality. Similar considerations may apply to the sharing of information between any two organizations, be they in the public or private sector. At present, policies for information sharing are based upon ill-defined permissions and rely upon subjective judgements being made by the owners of information as to whether a requestor has the appropriate authority to access the information they are requesting. Another problem comes when an owner of information faces requests from multiple different organizations. To use the example mentioned above, a child protection department may face requests for information from a variety of different police forces. However, the different police forces which request the information may have different organizational structures and/or use different job titles and/or have different rules associated with similar job titles. This makes it difficult for an owner of information to judge whether a specific request for information should be accepted or not.