Title: RE: wrt the term "meta-policy" Colleagues - I observe that the model upon which the proposal made by Entrust to XACML is based contains a policy authority. This authority makes policy statements concerning the circumstances under which entities may perform actions on resources. PDPs can trust every statement made by the authority. The authority makes policy statements at the request of policy administrators, and part of its function must be to ensure that the policy administrator has authority over the resource to which the statement applies. It is still possible for the policy authority to receive conflicting requests for policy statements. But, it has an opportunity to identify such conflicts and ensure that every statement it makes is correct and consistent with all others. It can even replace previously-issued statements in order to achieve this. This approach allows conflict resolution to take place at the time the policies are issued, rather than at the time they are used - surely a simpler problem to solve? I don't know the extent to which this characteristic solves, or merely obscures, the issue of conflicting policies. Interested in others' perspectives. Best regards. Tim. -----Original Message----- From: Jeff Hodges [ mailto:
jhodges@oblix.com ] Sent: Monday, July 30, 2001 8:38 PM To: oasis xacml Subject: wrt the term "meta-policy" This note is an attempt to clear up misconceptions about, and mis-use of, the term "meta-policy" that sprung up at XACML F2F #1 and have persisted afterwards. I had much to do with introducing that term into the discussion, so please allow me to try to clarify things. The executive summary is: Meta-policy, as described in [3, 4, 5], is *just one specific aspect* of the much larger overall class of issues of "conflict" or "interference" [2] in policy models and languages. We are trying to use it to describe the overall class of "conflict resolution" [1]. We should stop using "meta-policy" in this general sense. We should use "meta-policy" only when we are specifically discussing "policies about which policies can coexist in the system or what are permitted attribute values for a valid policy." (see section 1.1 of [5]). So we *shouldn't* use "meta-policy" to refer to the entire class of conflicts that arise in the implementation and use of policy models [I've attached -- at the end of this message -- some excerpts from [5] where it specifically describes "meta-policy"]. Rather, we should use terms like "conflict" [1] and/or "policy conflict" [3] to describe the overall class of issues. We should use the terms "conflict resolution" [1] and/or "conflict detection and resolution" [3, 4] to describe the overall class of remedial approaches. Individual policies and/or their components can thus be described, if generally appropriate, as "conflicting" [3]. In terms of specifics, [3, 4] go on to define terms for specific forms of concflict, e.g. "modality conflicts", "application-specific conflicts", which we may find useful recognize, understand, and use. JeffH [1] S. Jajodia, P. Samarati, M.L. Sapino, and V.S. Subrahmanian, ``Flexible Support for Multiple Access Control Policies,'' in ACM Transactions on Database Systems, to appear.
http://sansone.crema.unimi.it/~samarati/Papers/tods-logic.ps [2] P. Bonatti, S. De Capitani di Vimercati, and P. Samarati, ``An Algebra for Composing Access Control Policies,'' in ACM Transactions on Information and System Security, to appear.
http://sansone.crema.unimi.it/~samarati/Papers/tissec02.ps [3] E. Lupu and M. Sloman "Conflicts in Policy-based Distributed Systems Management" IEEE Transactions on Software Engineering - Special Issue on Inconsistency Management, Vol 25, No. 6 Nov. 1999, pp. 852-869.
http://www-dse.doc.ic.ac.uk/~mss/emil/tse.pdf [4] N. Damianou, N. Dulay, E. Lupu, M Sloman, The Ponder Specification Language. Workshop on Policies for Distributed Systems and Networks (Policy2001), HP Labs Bristol, 29-31 Jan 2001.
http://www.doc.ic.ac.uk/~mss/Papers/Ponder-Policy01V5.pdf [5] Ponder Language Specification v2.3
http://www-dse.doc.ic.ac.uk/Research/policies/files/PonderSpec.pdf ------------------------------------------------------------------------ specific descriptions of "meta-policy" given in [5]... section 1.1 Meta-policies are policies about which policies can coexist in the system or what are permitted attribute values for a valid policy. For example, a semantic conflict may arise if there are two policies which increase and decrease bandwidth allocation when the same event occurs, or a conflict of duty may arise if there is a policy permitting the same manager to both sign cheques and authorise payment. section 4.2.2 Note that allowing negative and positive policies can lead to conflicts and the need for precedence relationships between types of policies as discussed in (Lupu 1999). These issues are not part of the language although the policy precedence could be specified as a meta-policy. section 6 "Meta-policies" Meta-policies specify constraints, over a set of policies, on the permitted types of policies or their policy elements. --- end ------------------------------------------------------------------ To unsubscribe from this elist send a message with the single word "unsubscribe" in the body to:
xacml-request@lists.oasis-open.org