W3C

W3C Team Project Review: Policy languages

Policies

Policy Language

Transposing to machine-processing...

Predicates, logic operators (at least Conjunction, Disjunction and Negation), comparison, sometimes matching, intersections, "negotiations"

More generally: a Policy refers to a set of rules

Thousands of applications

Each application often defines its own format, configuration mechanisms and processing of the rules - Issues in distributed environment

P3P

Web Services Policy

Web Services Policy 1.5 - Framework, W3C Rec (2007)

PLING

focus on policy languages that are already specified and broadly address the privacy, access control, and obligation management areas

may explore the use of relevant technologies toward delivering interoperability frameworks for policy languages.

PLING review

PrimeLife work

Application: essentially social Web

Based on XACML (OASIS specification for Access Control)

Adding credential-based AC

Modelling some enforcement, matching, negotiation workflows

More generic expression of policies?

Expression of Rules - could use RIF to improve interoperability

But Semantics needs to be known for each application

Dependency on application data models is very high: policy preferences and obligations should be defined for each data model

Open questions

... that the AC may be asking: