Provisions and Obligations in Policy Rule Management

Policies in modern systems and applications play an essential role. We argue that decisions based on policy rules should take into account the possibility for the users to enable specific policy rules, by performing actions at the time when decisions are being rendered, and/or by promising to perform other actions in the future. Decisions should also consider preferences among different sets of actions enabling different rules. We adopt a formalism and mechanism devised for policy rule management in this context, and investigate in detail the notion of obligations, which are those actions users promise to perform in the future upon firing of a specific policy rule. We also investigate how obligations can be monitored and how the policy rules should be affected when obligations are either fulfilled or defaulted.

[1]  Rina Dechter,et al.  Temporal Constraint Networks , 1989, Artif. Intell..

[2]  Sven Ove Hansson,et al.  Review of Deontic Logic in Computer Science: Normative System Specification, John-Jules Ch. Meyer and Roel J. Wieringa (eds.), John Wiley & Sons, Chichester 1993 , 1994, Bull. IGPL.

[3]  Simon S. Lam,et al.  Authorizations in Distributed Systems: A New Approach , 1993, J. Comput. Secur..

[4]  Abe Lockman,et al.  Ensuring integrity by adding obligations to privileges , 1985, ICSE '85.

[5]  Victoria Ungureanu,et al.  Law-governed interaction: a coordination and control mechanism for heterogeneous distributed systems , 2000, TSEM.

[6]  Terry Winograd,et al.  A communication agreement framework for access/action control , 1996, Proceedings 1996 IEEE Symposium on Security and Privacy.

[7]  Roel Wieringa,et al.  Applications of deontic logic in computer science: a concise overview , 1994 .

[8]  Marek J. Sergot,et al.  The British Nationality Act as a logic program , 1986, CACM.

[9]  Emil C. Lupu,et al.  The Ponder Policy Specification Language , 2001, POLICY.

[10]  Sushil Jajodia,et al.  Provisional Authorizations , 2001, E-Commerce Security and Privacy.

[11]  Stuart Kent,et al.  Formally specifying temporal constraints and error recovery , 1993, [1993] Proceedings of the IEEE International Symposium on Requirements Engineering.

[12]  Michiharu Kudo,et al.  XML document security based on provisional authorization , 2000, CCS.

[13]  Jorge Lobo,et al.  A Policy Description Language , 1999, AAAI/IAAI.

[14]  Elisa Bertino,et al.  An access control model supporting periodicity constraints and temporal reasoning , 1998, TODS.

[15]  Sushil Jajodia,et al.  Solving multi-granularity temporal constraint networks , 2002, Artif. Intell..

[16]  Sushil Jajodia,et al.  Flexible support for multiple access control policies , 2001, TODS.

[17]  Sushil Jajodia,et al.  Time Granularities in Databases, Data Mining, and Temporal Reasoning , 2000, Springer Berlin Heidelberg.

[18]  Michael Gelfond,et al.  Representing Action and Change by Logic Programs , 1993, J. Log. Program..

[19]  Sushil Jajodia,et al.  Provisions and Obligations in Policy Management and Security Applications , 2002, VLDB.

[20]  Jorge Lobo,et al.  Monitors for History-Based Policies , 2001, POLICY.

[21]  Martin S. Feather An implementation of bounded obligations , 1993, Proceedings of 8th Knowledge-Based Software Engineering Conference.