W3C Team Project Review: Policy languages

Policies

A course or principle of action adopted or proposed by a government, party, business or individual
Originally in natural language
Enforcement? Interpretation?

Transposing to machine-processing...

Predicates, logic operators (at least Conjunction, Disjunction and Negation), comparison, sometimes matching, intersections, "negotiations"

More generally: a Policy refers to a set of rules

Each application often defines its own format, configuration mechanisms and processing of the rules - Issues in distributed environment

Platform for Privacy Preferences
1.1 is a WG Note, extending the P3P 1.0 Rec
Expression of privacy practices of web sites: what they collect, for what purpose

Web Services Policy 1.5 - Framework, W3C Rec (2007)

focus on policy languages that are already specified and broadly address the privacy, access control, and obligation management areas

may explore the use of relevant technologies toward delivering interoperability frameworks for policy languages.

Application: essentially social Web

Based on XACML (OASIS specification for Access Control)

Adding credential-based AC

Modelling some enforcement, matching, negotiation workflows

Expression of Rules - could use RIF to improve interoperability

But Semantics needs to be known for each application

Dependency on application data models is very high: policy preferences and obligations should be defined for each data model

... that the AC may be asking:

PLING outcome?
Which areas in W3C may need a particular policy language? Social Web (Mobile or not), geolocation, ...
Do we want to design a particular policy languages for each? or subset/profile/bind existing solutions e.g. XACML?