|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
Home | Research | Research Programs | Internet Logic |
Internet LogicPolicyValidator: Interactive creation of e-business policies in logicThe project started in 2002 and is expected to end in 2003. Policies often contain positive and negative conclusions, for describing situations where the policy is and is not applicable. For example, P3P's rule language, APPEL is (directly translated to) a clausal logic language, describing a user's preference for granting or denying a business partner's access to private information. (See http://www.w3.org/TR/P3P-preferences/.) Under some circumstances the outcome is negative and others positive. Thus it is highly possible that separate clauses will give different answers to the question of accessibility. Depending on the rule evaluation strategy and the situation at hand, this ambiguity may lead the APPEL inference engine to make a different decision than the user had in mind. APPEL's strategy is to give priority to rules appearing nearer the beginning of the file. We suggest a rule examination system that is given a set of clauses that embody a user's policy, and then finds descriptions of situations that will lead to conflicting outcomes. In the case of APPEL, the system would point out which requests for which private information in which situations would lead to conflicting policy outcomes. It may further offer to add conditions to the rule occurring second in the file so that its limited scope is clear to the user, and thus it allows the user to confirm that this limited scope is what he has in mind. In the longer term, we intend to also join this work to advances in the Policy RuleML project on complete knowledge and more expressive logics. An interactive system for capturing the person's intentions for his policy should do more than just check the consistency of the policy. The tool should also maintain a set of use-cases for regression testing of the evolving policy, as with any software development. Our research results could have an impact on the following sectors: Web services delivery, privacy protection, P3P APPEL inference engines, (Policy) RuleML inference engines. Research opportunities related to this project: we are looking for research collaborations with researchers interested in privacy control, P3P-APPEL research. Possible applications include: permissions and access control to secure and private systems. Research ContactDr. Bruce Spencer Business ContactMarc-Alain Mallet |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|