15-17 November 1999
The workshop has been extended to 17 November to allow more
position papers and to permit extensive discussion without any parallel sessions
HP-Laboratories, Bristol, U.K.
There has been considerable work in the security community on specification and analysis of access control policy which has evolved into the work on Role-Based Access Control (RBAC). Policies are also used for the management of networks and distributed systems. Management policies have concentrated on authorisation policy to specify what a manager is permitted to do and obligation policies which specify what a manager must do. There are also policies related to allocation of resources within a network or system e.g., the recent interest, within the Internet community, in policies for bandwidth management. Although there are strong similarities in the concepts and techniques used by the different communities there is no commonly accepted notation for specifying policy.
There are also groups looking at high-level aspects of policy related to Enterprise Modelling. The ISO Open Distributed Processing working groups are defining Policy and Role concepts within the Enterprise Language. Roles are used to specify policies independent of the person or object assigned to the role and to group policies associated with a position in an organisation. There is a need to be able to analyse policies to determine inconsistencies and conflicts. Furthermore, policies may initially be specified at an abstract level and progressively refined into implementable specifications. Related work on Requirements Engineering addresses some of these issues providing tools and techniques for refining high-level goals (which are related to abstract policies) into behaviour specifications (c.f. implementable policies). Another related area is the specification of Service Level Agreements which may include aspects of Enterprise goals and policies.
The common concept of policy, within all this work, is that it defines a set of rules governing choices in the behaviour of the system. The motivation is to be able to modify policy in order to change system behaviour without having to reimplement the system, or restructure the requirements specification. The emphasis of this workshop will be on practical approaches to policy specification and tool support.
This workshop will bring together the various communities working on policy in order to exchange ideas and learn from each other's work.
The topics to be addressed include, but are not limited to:
| Confirmation of intention to attend: | 31 March 1999 |
| Position Papers and Registration: | 15 September 1999 |
| Workshop: | 15-17 November 1999 |
| Francisco Garcia | HP Labs, Bristol |
| Peter Linington | University of Kent |
| Emil Lupu | Imperial College |
| Zoran Milosevic | DSTC, Brisbane |
| Jonathan Moffett | University of York |
| Morris Sloman | Imperial College |
Morris Sloman or Emil Lupu
Department of Computing, Imperial College
180 Queen's Gate London SW7 2BZ, UK
Email: policy-99@doc.ic.ac.uk
Phone: +44 171 594 8279 or 8249
Fax: +44 171 581 8024
To subscribe send an email to majordomo@doc.ic.ac.uk with
subscribe policy-sig your_email address
in the body of the message.
To unsubscribe send an email to majordomo@doc.ic.ac.uk with
unsubscribe policy-sig your_email address
in the body of the message.
Pages maintained by: Emil Lupu (e.c.lupu@doc.ic.ac.uk)