Keynote
Policy exists as a social concept. Real world policies are largely represented in natural languages on paper. Implementation of policy depends on human interpretation and application. Most, if not all, policy work that has gone on in both academia and industry tries to turn this into a mechanized process using computing technology. Yet, the process of automating high-level policy specification and translation into operative control structures has only yielded limited success. Practical policy work is done in narrowly focused areas such as network QoS or IPSec while most academic proposals apply to no more than toy examples. So, is an all encompassing mechanized policy for our world an attainable future, or a figment of our imagination?
Invited Talks
This will provide a brief overview of the underlying theory of the IETF Policy work, concentrating on the Policy Core Information Model and the Policy QoS Information Model. It will include a brief overview detailing the underlying assumptions and goals that led to this model, an overview of the model itself, and a detailed example of how the model can be used in practice.
The first generation of policy-based management (PBM) products focuses largely on enterprise QoS. This market segment is rapidly being overshadowed by the demand from service providers to use policy-based management within service provisioning solutions. The rise of service providers, the advent of broadband access to businesses and consumers, and the growing reliance on outsourcing require a next-generation provisioning solution with policy management at its core.
Configuring a provider's large scale, heterogeneous environment for its variety of services requires the automation and abstraction that PBM provides. Both ISPs (network focused) and ASPs (application focused) need a scalable, extensible, and highly integrated solution to allow them to deliver the services they will offer to their customers.
This presentation describes a how HP is transforming the OpenView PolicyXpert to focus on service activation. Using XML and a directory-enabled configuration management database (CMDB), the solution integrates our policy manager with enforcement, discovery, analysis, and data access components. It will allow providers to base their IP service provisioning solutions on PolicyXpert.
This talk will discuss how the field of trust management, which is concerned with describing trust relationships and evaluation actions based on them, provides an excellent framework for the specification and enforcement of security policies. We will describe several practical examples of the use of trust management systems for managing policy in network security (IPSEC), digital rights management, and electronic payment systems.
The notion of negotiation has been used extensively in secure communication protocols (e.g., to establish common keying states, protocol modes and services). However, this notion is only now emerging in the area of access control policies. In this paper, we review the motivation for policy negotiation and provide some examples of use in practice. In particular, we illustrate the meaning, the types, and the process of negotiation for establishing "ad-hoc'' networks and large-scale, access control services in the internet.