Policies models and tools for collaborative applications

Abstract

Policies are at the heart of any assured information sharing infrastructure for collaborative applications and may include those for access control, trust and accountability. Policies can be a key component in deciding what and how much to reveal in the discovery stage for both information seekers and providers. Policies can also drive the process of negotiation in the acquisition and release stage. Policies are needed to monitor and enforce usage control as well as for auditing and accountability. Fine-grained policy integration algorithms are needed to support dynamic coalitions and virtual organizations that need to quickly share and integrate information. Policies must adapt, based on events and contexts, to support continuous access to critical information resources. Enforcement mechanisms are also needed to allow different parties to take joint decisions about data accesses. In this talk, we will first discuss the various policies that are relevant in the context of secure information sharing across collaborating organizations. We will then focus on tools for policy similarity analysis, focusing on the case of policies expressed in XACML, and then we will present a reference architecture for collaborative enforcement of access control policies.