Policy Workshop 1999

15-17 November 1999
The workshop has been extended to 17 November to allow more position papers and to permit extensive discussion without any parallel sessions

HP-Laboratories, Bristol, U.K.

There has been considerable work in the security community on specification and analysis of access control policy which has evolved into the work on Role-Based Access Control (RBAC). Policies are also used for the management of networks and distributed systems. Management policies have concentrated on authorisation policy to specify what a manager is permitted to do and obligation policies which specify what a manager must do. There are also policies related to allocation of resources within a network or system e.g., the recent interest, within the Internet community, in policies for bandwidth management. Although there are strong similarities in the concepts and techniques used by the different communities there is no commonly accepted notation for specifying policy.

There are also groups looking at high-level aspects of policy related to Enterprise Modelling. The ISO Open Distributed Processing working groups are defining Policy and Role concepts within the Enterprise Language. Roles are used to specify policies independent of the person or object assigned to the role and to group policies associated with a position in an organisation. There is a need to be able to analyse policies to determine inconsistencies and conflicts. Furthermore, policies may initially be specified at an abstract level and progressively refined into implementable specifications. Related work on Requirements Engineering addresses some of these issues providing tools and techniques for refining high-level goals (which are related to abstract policies) into behaviour specifications (c.f. implementable policies). Another related area is the specification of Service Level Agreements which may include aspects of Enterprise goals and policies.

The common concept of policy, within all this work, is that it defines a set of rules governing choices in the behaviour of the system. The motivation is to be able to modify policy in order to change system behaviour without having to reimplement the system, or restructure the requirements specification. The emphasis of this workshop will be on practical approaches to policy specification and tool support.

This workshop will bring together the various communities working on policy in order to exchange ideas and learn from each other's work.

The topics to be addressed include, but are not limited to:


Confirmation of intention to attend: 31 March 1999
Position Papers and Registration: 15 September 1999
Workshop: 15-17 November 1999

Organising Committee

Francisco Garcia HP Labs, Bristol
Peter Linington University of Kent
Emil Lupu Imperial College
Zoran Milosevic DSTC, Brisbane
Jonathan Moffett University of York
Morris Sloman Imperial College

Contact Information

Morris Sloman or Emil Lupu
Department of Computing, Imperial College
180 Queen's Gate London SW7 2BZ, UK

Email: policy-99@doc.ic.ac.uk

Phone: +44 171 594 8279 or 8249
Fax: +44 171 581 8024


Mailing List

To subscribe send an email to majordomo@doc.ic.ac.uk with
subscribe policy-sig your_email address
in the body of the message.

To unsubscribe send an email to majordomo@doc.ic.ac.uk with
unsubscribe policy-sig your_email address
in the body of the message.

Pages maintained by: Emil Lupu (e.c.lupu@doc.ic.ac.uk)