April 6 – 9 , 2010, Dagstuhl Seminar 10141

Distributed Usage Control


Sandro Etalle (TU Eindhoven, NL)
Alexander Pretschner (KIT – Karlsruher Institut für Technologie, DE)
Ravi S. Sandhu (The University of Texas – San Antonio, US)
Marianne Winslett (University of Illinois – Urbana-Champaign, US)

For support, please contact

Dagstuhl Service Team


Dagstuhl Seminar Proceedings DROPS
List of Participants
Dagstuhl Seminar Schedule [pdf]


In general, access control defines who may access which data, and under which circumstances. A good access control system is at the base of every process which handles confidential information. As an extension to access control, usage control is about defining and enforcing how data may or may not be handled after it has been accessed (e.g., "do not disseminate," "delete after thirty days," "notify me when accessed," “use only for scientific purposes.”) Usage control is particularly relevant when it comes to privacy, protection of trade secrets or intellectual property, digital rights management, and auditing/compliance in the context of regulatory frameworks. Usage control is hence both relevant for society and economics.

While there is a pressing need for usage control, existing solutions are partial – e.g., via access control mechanisms – and often specialized. The problem is particularly challenging in distributed environments where servers, which give away data, can neither see nor control what clients do with the data after their reception. In this setting, enforcement can be accomplished in one of two ways: by ensuring that policies are not violated, or by detecting and reporting violations, online or off-line. These two approaches apply in different technological environments, and they apply to different underlying trust and business models.

With about 50 attendants, the Dagstuhl seminar on Distributed Usage Control has had an overwhelming response to the invitations that were sent out. One noteworthy characteristics of the seminar was its multidisciplinary nature. Security is not only technical; it is a multidisciplinary field that has legal, regulatory and societal aspects too. This makes security research particularly challenging. This Dagstuhl seminar had a technical core, but sparked discussions also from neighboring fields, in particular a plethora of issues related to privacy. This gave rise to three days of lively discussion, with a regular interleaving of general agreements and disagreements.

In sum, the seminar enjoyed a somewhat unexpected focus on privacy-related issues and intense discussions on the general subject of security research and its connection or disconnection with real-world problems. To the surprise of some, there continues to be disagreement on whether 100% security is a desirable goal, even though it is unlikely to be reached, or if pragmatic considerations including cost, feasibility, usability, innovation and fun should rather lead to a risk-based approach that aims at imperfect security, and if the community shouldn’t strive to understand what the risks are, and what imperfect security really is.


  • Security / Cryptology
  • Software Engineering
  • Operating Systems


  • Data protection
  • Privacy
  • Access control
  • Usage control
  • Security policies
  • Trust
  • Trusted computing
  • Compliance
  • DRM
  • Information flow


In the series Dagstuhl Reports each Dagstuhl Seminar and Dagstuhl Perspectives Workshop is documented. The seminar organizers, in cooperation with the collector, prepare a report that includes contributions from the participants' talks together with a summary of the seminar.


Download overview leaflet (PDF).

Dagstuhl's Impact

Please inform us when a publication was published as a result from your seminar. These publications are listed in the category Dagstuhl's Impact and are presented on a special shelf on the ground floor of the library.


Furthermore, a comprehensive peer-reviewed collection of research papers can be published in the series Dagstuhl Follow-Ups.