Warning:
This wiki has been archived and is now read-only.
PolicyLangReview
From Policy Languages Interest Group
Contents
- 1 Review of Policy Languages and Frameworks
- 1.1 Platform for Privacy Preferences Project (P3P)
- 1.2 Open Digital Rights Language (ODRL)
- 1.3 Creative Commons (CC)
- 1.4 eXtensible Access Control Markup Language (XACML)
- 1.5 Geospatial eXtensible Access Control Markup Language (GeoXACML)
- 1.6 A P3P Preference Exchange Language (APPEL)
- 1.7 MPEG-21 Part 5: Rights Expression Language
- 1.8 MPEG-21 Part 6: Rights Data Dictionary
- 1.9 Web Services Policy Framework
- 1.10 Common Policy
- 1.11 SCA Policy Framework
- 1.12 SAML
- 1.13 PERMIS
- 1.14 Ponder
- 1.15 Ponder2
- 1.16 ACPL
- 1.17 AIR
- 1.18 WIQA-PL
- 1.19 Web Services Policy Language - WS-XACML
- 1.20 UDDI
- 1.21 Access Control for Cross-site Requests
- 1.22 Rei
- 1.23 PRIME Languages
- 1.24 Protune
- 1.25 PLUS
Review of Policy Languages and Frameworks
The following is a non-exhaustive list of Policy languages and frameworks.
Platform for Privacy Preferences Project (P3P) | |
Summary | P3P enables Websites to express their privacy practices in a standard format that can be retrieved automatically and interpreted by user agents |
---|---|
Type/Scope | Privacy |
Responsible | W3C P3P Specification Working Group |
Specification | P3P 1.0 Recommendation |
Representation | XML Schema |
Open Digital Rights Language (ODRL) | |
Summary | ODRL is intended to provide flexible and interoperable mechanisms to support transparent and innovative use of digital content in publishing, distributing and consuming of digital media across all sectors and communities |
---|---|
Type/Scope | Rights |
Responsible | ODRL Initiative |
Specification | Version 1.1 (PDF) (HTML) |
Representation | XML Schema |
Comments | A proposal to represent ODRL in Microformats has been made and is under development |
Creative Commons (CC) | |
Summary | Creative Commons is a rights description language for content on the net. It has a human readable contract, a short form and a RDF encoding
for the expressed metadata |
---|---|
Type/Scope | Rights |
Responsible | Creative Commons |
Specification | Version 3.0 Overview of the different parts |
Representation | RDF |
eXtensible Access Control Markup Language (XACML) | |
Summary | XACML aim is to express well-established ideas in the field of access-control policy using an extension language of XML |
---|---|
Type/Scope | Access Control |
Responsible | OASIS XACML Technical Committee |
Specification | Version 2.0 (zip) |
Representation | XML Schema |
Geospatial eXtensible Access Control Markup Language (GeoXACML) | |
Summary | GeoXACML extends XACML 2.0 by defining the data type "Geometry" and geo-specific functions to declare and enforce access restrictions based on geometric and topological characteristics of the protected resources. GeoXACML supports GML2 and GML3 encoding of geometries. |
---|---|
Type/Scope | Access Control |
Responsible | Open Geospatial Consortium, Inc (OGC) |
Implemenation Specification | Version 1.0 |
Representation | XML Schema (same as XACML 2.0) |
A P3P Preference Exchange Language (APPEL) | |
Summary | a language for describing collections of preferences regarding P3P policies between P3P agents. |
---|---|
Type/Scope | Privacy Preferences |
Responsible | W3C P3P Specification Working Group |
Specification | A P3P Preference Exchange Language 1.0 (APPEL1.0) |
Representation | XML Schema |
MPEG-21 Part 5: Rights Expression Language | |
Summary | ISO/IEC 21000-5:2004 defines an authorization model to specify whether the semantics of a set of Rights Expressions permit a given Principal to perform a given Right upon a given optional Resource during a given time interval based on a given authorization context |
---|---|
Type/Scope | Rights |
Responsible | MPEG-21 Working Group |
Specification | (Link to Purchase) |
Representation | XML Schema |
MPEG-21 Part 6: Rights Data Dictionary | |
Summary | ISO/IEC 21000-6:2004 describes a Rights Data Dictionary which comprises a set of clear, consistent, structured, integrated and uniquely identified terms to support the MPEG-21 Rights Expression Language (REL) |
---|---|
Type/Scope | Rights |
Responsible | MPEG-21 Working Group |
Specification | (Link to Purchase) |
Representation | XML Schema |
Web Services Policy Framework | |
Summary | The Web Services Policy Framework provides a general purpose model and corresponding syntax to describe the policies of entities in a Web services-based system |
---|---|
Type/Scope | Web Services |
Responsible | W3C Web Services Policy Working Group |
Specification | WS Policy 1.5 W3C Recommendation |
Representation | XML Schema |
Issues |
|
Common Policy | |
Summary | Common Policy defines a framework for authorization policies controlling access to application-specific data |
---|---|
Type/Scope | Access Control |
Responsible | IETF Geopriv Working Group |
Specification | RFC4745 |
Representation | XML Schema |
SCA Policy Framework | |
Summary | The Service Component Architecture (SCA) Policy Framework allows policies and policy subjects specified using WS-Policy, as well as with other policy languages, to be associated with SCA components |
---|---|
Type/Scope | Web Services |
Responsible | Open Service Oriented Architecture |
Specification | SCA Policy Framework V1.00 |
Representation | XML Schema |
SAML | |
Summary | The Security Assertion Markup Language (SAML) is an XML-based framework for communicating user authentication, entitlement, and attribute information |
---|---|
Type/Scope | Access Control |
Responsible | OASIS Security Services Technical Committee |
Specification | Version 2.0 (zip) |
Representation | XML Schema |
PERMIS | |
Summary | Permis is a language for specifying role based authorisation control policies for distributed systems. |
---|---|
Type/Scope | Role based authorisation control policies |
Responsible | David Chadwick, Department of Computing, University of Kent, UK |
Specification | PERMIS template |
Representation | XML Schema |
Ponder | |
Summary | Ponder is a language for specifying management and security policies for distributed systems. |
---|---|
Type/Scope | management and security policies (incl. access control) |
Responsible | Policy Group, Department of Computing, Imperial College London, UK |
Specification | Version 2.3 (pdf) |
Representation | EBNF, compiles into XML |
Ponder2 | |
Summary | Ponder2 is a significant re-design and re-implementation of the Ponder framework for policy-based management. This revised version re-focusses the target application domain of the framework to self-management. The specification language used by the framework draws on SmallTalk syntax and is called PonderTalk. |
---|---|
Type/Scope | management and security policies (incl. access control) for self-managing systems |
Responsible | Policy Group, Department of Computing, Imperial College London, UK |
Specification | PonderTalk |
Representation | EBNF, compiles into XML |
ACPL | |
Summary | Autonomic Computing Policy Language (ACPL) is an XML-based language that provides the basis for writing and storing policies for Policy Management for Autonomic Computing (PMAC). ACPL uses the Autonomic Computing Expression Language (ACEL), which facilitates writing policy rules. |
---|---|
Type/Scope | policies for Policy Management for Autonomic Computing |
Responsible | IBM |
Specification | Version 1 (pdf) |
Representation | XML Schema |
AIR | |
Summary | Accountability in RDF (AIR) is a policy language, represented in Turtle + N3-like quoting, which employs dependency tracking to provide automated explanation generation for policy decisions. It is integrated with the Tabulator extension and has a customized interface for exploring explanations. |
---|---|
Type/Scope | privacy and accountability policies |
Responsible | Decentralized Information Group |
Specification | Version 1 (html) |
Representation | Turtle |
WIQA-PL | |
Summary | Web Information Quality Assessment Policy Language (WIQA-PL) allows the description of policies about the quality of information available on the web to be accessed by capturing measures of the quality of the information. |
---|---|
Type/Scope | information quality policies |
Responsible | Freie Universität Berlin |
Specification | Version 1 |
Representation | RDF |
Web Services Policy Language - WS-XACML | |
Summary | WSPL/WS-XACML is a popular contender for specifying policies about web services. The syntax is a strict subset of XACML. |
---|---|
Type/Scope | WSPL/WS-XACML is suitable for specifying a wide range of policies, including authorization, quality-of-service, quality-ofprotection, reliable messaging, privacy, and application-specific service options. |
Responsible | OASIS Extensible Access Control Markup Language TC |
Specification | V1 Dec 2006 |
Representation | XML Schema |
UDDI | |
Summary | UDDI v3.0.2 discusses policies for a registry.
There is also an XML Schema, which can be used to store the policies. The actual policy description is just text. Section K.2.2 has an example policy. A template to help define your own registry policy is also available. |
---|---|
Type/Scope | registry policies |
Responsible | OASIS UDDI Spec TC (no longer active) |
Specification | UDDI v3.0.2 (html) |
Representation | XML Schema |
Access Control for Cross-site Requests | |
Summary | This document defines a mechanism to express policies that enable client-side cross-site requests. |
---|---|
Type/Scope | cross-site access control policies |
Responsible | Web Application Formats (WAF) Working Group |
Specification | W3C Editor's Draft |
Representation | HTTP headers, XML Processing Instructions |
Rei | |
Summary | Rei is a policy language based in OWL-Lite that allows policies to be specified as constraints over allowable and obligated actions on resources in the environment. |
---|---|
Type/Scope | Rei includes meta policy specifications for conflict resolution, speech acts for remote policy management and policy analysis specifications like what-if analysis and use-case management making it a suitable candidate for adaptable security in the environments under consideration. The Rei engine, developed in XSB, reasons over Rei policies and domain knowledge in RDF and OWL to provide answers about the current permissions and obligations of an entity, which are used to guide the entity's behavior. |
Responsible | UMBC ebiquity research group |
Specification | V2.0 Ontology Specification |
Representation | OWL-Lite |
PRIME Languages | |
Summary | The EU PRIME Project has developed a privacy-aware access control policy language and a data handling policy language, comprehensive of privacy obligation policies. This R&D work is in progress. Documentation is available online, about the overall PRIME approach and philosophy. The aim has primarily been to deal with privacy management both at the user and enterprise/organisational sides. PRIME R&D work factors in "privacy elements" into policies, including users's preferences and organisational privacy constraints and automates policy decision and enforcement steps. PRIME recognises that different types of policies and languages are required in the privacy management space, given its complexity and variety of needs and requirements. |
---|---|
Type/Scope | Privacy-aware access control and data handling policies, comprehensive of privacy obligation policies. |
Responsible | Privacy and Identity Management for Europe (PRIME) project |
Specification | Project Specification |
Representation | XML-Schema |
Documents | Overview of PRIME privacy-aware access control policies: http://www.w3.org/Policy/pling/wiki/images/e/e0/PRIME-privacyaware_accesscontrol_policies.pdf |
Protune | |
Summary | Protune (PROvisional TrUst NEgotiation) is a policy framework meant to support the creation of policies and advanced policy enforcement points, supporting not only traditional access control but also trust negotiation (to automate security checks and privacy-aware information release) and second generation explanation facilities (to improve user awareness about -and control on- policies). |
---|---|
Type/Scope | Privacy-aware access control and trust management. |
Responsible | Daniel Olmedilla, L3S Research Center, Germany and Piero Bonatti, Naples University, Italy |
Specification | Project Documentation |
Representation | EBNF |
PLUS | |
Summary | PLUS License Data Format ("LDF"): The LDF is an ordered group of fields available for optional use in embedding and reading image license metadata in digital files and other documents. The LDF only contains information essential to the understanding of an image license |
---|---|
Type/Scope | Rights information for images. |
Responsible | The PLUS Coalition |
Specification | License Data Format |
Representation | XML/RDF with Adobe XMP |
- TODO LIST
- 3GPP2 IMS (PDF, RCAF, etc.)
- PECAN
- OGF WS-Agreement may be out of scope
- IBM EPAL
- Oracle AAPML and it's potential successor as part of Liberty Alliance's IGF work
- Oracle CARML and it's potential successor as part of Liberty Alliance's IGF work
- A Presence-based GEOPRIV Location Object Format (RFC 4119) and potentially other items from the GeoPriv working group
- SecPAL [1]