A REVIEW OF TRUST MANAGEMENT, SECURITY AND PRIVACY POLICY LANGUAGES

Juri Luca De Coi, Daniel Olmedilla

Abstract

Policies are a well-known approach to protecting security and privacy of users as well as for flexible trust management in distributed environments. In the last years a number of policy languages were proposed to address different application scenarios. In order to help both developers and users in choosing the language best suiting her needs, policy language comparisons were proposed in the literature. Nevertheless available comparisons address only a small number of languages, are either out-of-date or too narrow in order to provide a broader picture of the research field. In this paper we consider twelve relevant policy languages and compare them on the strength of ten criteria which should be taken into account in designing every policy language. Some criteria are already known in the literature, others are introduced in our work for the first time. By comparing the choices designers made in addressing such criteria, useful conclusions can be drawn about strong points and weaknesses of each policy language.

References

  1. Anderson, A. H. (2004). An introduction to the web services policy language (wspl). In POLICY 2004. IEEE Computer Society.
  2. Anderson, A. H. (2006). A comparison of two privacy policy languages: Epal and xacml. In SWS 2004. ACM Press.
  3. Ashley, P., Hada, S., Karjoth, G., Powers, C., and Schunter, M. (2003). Enterprise privacy authorization language (epal 1.2). Technical report.
  4. Becker, M. Y. and Sewell, P. (2004). Cassandra: Distributed access control policies with tunable expressiveness. In POLICY 2004. IEEE Computer Society.
  5. Bonatti, P., Olmedilla, D., and Peer, J. (2006). Advanced policy explanations. In ECAI 2006. IOS Press.
  6. Bonatti, P. and Samarati, P. (2000). Regulating service access and information release on the web. In CCS 2000. ACM Press.
  7. Damianou, N., Dulay, N., Lupu, E., and Sloman, M. (2001). The ponder policy specification language. In POLICY 2001. Springer.
  8. Duma, C., Herzog, A., and Shahmehri, N. (2007). Privacy in the semantic web: What policy languages have to offer. In POLICY 2007. IEEE Computer Society.
  9. Gavriloaie, R., Nejdl, W., Olmedilla, D., Seamons, K. E., and Winslett, M. (2004). No registration needed: How to use declarative policies and negotiation to access sensitive resources on the semantic web. In ESWS 2004. Springer.
  10. Herzberg, A., Mass, Y., Michaeli, J., Ravid, Y., and Naor, D. (2000). Access control meets public key infrastructure, or: Assigning roles to strangers. In 2000 IEEE Symposium on Security and Privacy. IEEE Computer Society.
  11. Kagal, L., Finin, T. W., and Joshi, A. (2003). A policy language for a pervasive computing environment. In POLICY 2003. IEEE Computer Society.
  12. Li, N. and Mitchell, J. C. (2003). Rt: A role-based trustmanagement framework. In DISCEX III. IEEE Computer Society.
  13. Lorch, M., Proctor, S., Lepro, R., Kafura, D., and Shah, S. (2003). First experiences using xacml for access control in distributed systems. In XMLSEC 2003. ACM Press.
  14. Seamons, K. E., Winslett, M., Yu, T., Smith, B., Child, E., Jacobson, J., Mills, H., and Yu, L. (2002). Requirements for policy languages for trust negotiation. In POLICY 2002. IEEE Computer Society.
  15. Tonti, G., Bradshaw, J. M., Jeffers, R., Montanari, R., Suri, N., and Uszok, A. (2003). Semantic web languages for policy representation and reasoning: A comparison of kaos, rei, and ponder. In ISWC 2003. Springer.
  16. Uszok, A., Bradshaw, J. M., Jeffers, R., Suri, N., Hayes, P. J., Breedy, M. R., Bunch, L., Johnson, M., Kulkarni, S., and Lott, J. (2003). Kaos policy and domain services: Toward a description-logic approach to policy representation, deconfliction, and enforcement. In POLICY 2003. IEEE Computer Society.
Download


Paper Citation


in Harvard Style

Luca De Coi J. and Olmedilla D. (2008). A REVIEW OF TRUST MANAGEMENT, SECURITY AND PRIVACY POLICY LANGUAGES . In Proceedings of the International Conference on Security and Cryptography - Volume 1: Special Session on Trust in Pervasive Systems and Networks, (ICETE 2008) ISBN 978-989-8111-59-3, pages 483-490. DOI: 10.5220/0001921004830490


in Bibtex Style

@conference{special session on trust in pervasive systems and networks08,
author={Juri Luca De Coi and Daniel Olmedilla},
title={A REVIEW OF TRUST MANAGEMENT, SECURITY AND PRIVACY POLICY LANGUAGES},
booktitle={Proceedings of the International Conference on Security and Cryptography - Volume 1: Special Session on Trust in Pervasive Systems and Networks, (ICETE 2008)},
year={2008},
pages={483-490},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001921004830490},
isbn={978-989-8111-59-3},
}


in EndNote Style

TY - CONF
JO - Proceedings of the International Conference on Security and Cryptography - Volume 1: Special Session on Trust in Pervasive Systems and Networks, (ICETE 2008)
TI - A REVIEW OF TRUST MANAGEMENT, SECURITY AND PRIVACY POLICY LANGUAGES
SN - 978-989-8111-59-3
AU - Luca De Coi J.
AU - Olmedilla D.
PY - 2008
SP - 483
EP - 490
DO - 10.5220/0001921004830490